Privacy Policy

Last updated: February 28, 2026

ContractRadar (“we”, “us”, or “our”) operates ContractRadar.io (the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Service. Please read this policy carefully. If you disagree with its terms, please discontinue use of the Service.

1. Information We Collect

Information You Provide

When you register and use the Service, we collect:

• Account information: Email address and password (passwords are managed by AWS Cognito and never stored in plaintext by us).
• Business profile: Company description, geographic service areas (states), NAICS codes, and business classifications (e.g., small business, women-owned, veteran-owned).
• Notification preferences: Your choice to enable or disable email alerts.
• Payment information: Billing details processed by Stripe. We do not store your full card number; Stripe handles PCI-compliant storage.

Information Collected Automatically

When you access the Service, we may automatically collect:

• Log data: IP address, browser type, pages visited, time and date of access, and referring URL.
• Device information: Hardware model, operating system, and unique device identifiers.
• Usage data: How you interact with the Service, including features used and search queries.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service.
• Match your business profile against government contract opportunities.
• Send you contract match notifications by email based on your preferences.
• Process subscription payments and manage your account.
• Send transactional communications (receipts, subscription updates, security alerts).
• Improve, personalize, and expand the Service.
• Monitor usage patterns and analyze trends to enhance user experience.
• Detect and prevent fraudulent or unauthorized activity.
• Comply with legal obligations.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area, our legal basis for collecting and using your personal information depends on the data concerned:

• Contract performance: Processing necessary to provide the Service you subscribed to.
• Legitimate interests: Improving the Service, preventing fraud, and ensuring security.
• Consent: Where you have given explicit consent (e.g., marketing communications).
• Legal obligation: Where processing is required by applicable law.

4. Sharing Your Information

We do not sell, trade, or rent your personal information to third parties. We may share information in the following limited circumstances:

• Service providers: Trusted third parties that assist us in operating the Service, including AWS (hosting, email), Stripe (payments), and Google (AI matching features). These parties are contractually obligated to keep your information confidential and use it only as directed by us.
• Legal requirements: If required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).
• Business transfers: In connection with a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as a business asset.
• Protection of rights: To protect the rights, property, or safety of ContractRadar, our users, or the public.

5. Notifications and Communications

When you opt in to email notifications, we will send you contract match alerts and transactional messages related to your account. You can manage your notification preferences from your profile page at any time. You may also unsubscribe via the unsubscribe link included in each email. Opting out does not affect your ability to use the Service, but you will no longer receive contract match alerts until you re-enable them.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. If you cancel your account, we will delete or anonymize your personal information within 90 days, except where we are required to retain it for legal, tax, or regulatory purposes. Aggregated, anonymized usage data may be retained indefinitely.

7. Data Security

We implement industry-standard technical and organizational security measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These include encryption in transit (TLS), encrypted storage, access controls, and regular security reviews. Authentication is handled by AWS Cognito. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal information (subject to legal retention obligations).
• Portability: Request your data in a structured, machine-readable format.
• Objection: Object to processing based on legitimate interests.
• Restriction: Request restriction of processing in certain circumstances.
• Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at privacy@contractradar.io. We will respond within 30 days.

9. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and how it is used, the right to delete your personal information, and the right to opt out of the sale of your personal information. We do not sell personal information. To exercise your CCPA rights, contact us at privacy@contractradar.io.

10. Cookies and Tracking

We use session cookies and similar technologies to maintain your authenticated session and remember your preferences. We do not use tracking cookies for advertising purposes. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. If you disable cookies, some parts of the Service may not function correctly.

11. Children’s Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us immediately and we will take steps to delete such information.

12. Third-Party Links

The Service may contain links to third-party websites, including SAM.gov and Stripe. This Privacy Policy does not apply to those sites. We encourage you to review the privacy policies of any third-party sites you visit.

13. International Transfers

Your information may be transferred to and maintained on servers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ. By using the Service, you consent to such transfers. We take appropriate safeguards to ensure your data is treated securely in accordance with this Privacy Policy.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date. For significant changes, we may also notify you by email. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

15. Contact

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at privacy@contractradar.io.