Privacy Policy

Effective Date: March 1, 2026Last Updated: March 1, 2026

1. Information We Collect

Account Information

Name, email address, organization name, and role provided during registration. Authentication credentials are managed through our identity provider and are not stored directly by Pursuit.

Company Profile Data

SAM.gov entity data including UEI, CAGE code, NAICS codes, PSC codes, and contract award history. This data is sourced from publicly available federal databases with your authorization.

Uploaded Documents

Past performance narratives, certifications, capability statements, and proposal drafts uploaded to Vault. Documents are stored encrypted and are accessible only to authorized members of your organization.

Usage & Log Data

Browser type, IP address, page views, feature interactions, and session duration. This data is collected to maintain service reliability and identify performance issues.

API Activity

Request endpoints, timestamps, response codes, and payload sizes for API calls made through your account. Payload contents are not logged.

2. How We Use Information

Service DeliveryProvide and maintain core platform functionality including opportunity scoring, document management, and compliance tracking.

Solicitation ProcessingProcess SAM.gov solicitations and attachments to generate opportunity recommendations and amendment alerts.

PerformanceMonitor system health, optimize query performance, and improve response times across platform services.

SecurityDetect unauthorized access attempts, monitor for anomalous behavior, and maintain audit trails.

Legal ComplianceMeet regulatory obligations, respond to lawful requests, and enforce our Terms of Service.

3. Data Storage & Security

Encryption at Rest

AES-256 encryption applied to all stored data including documents, database records, and backups.

Encryption in Transit

TLS 1.3 enforced on all connections. Certificate pinning implemented for critical service-to-service communication.

Access Controls

Role-based access with organization-level isolation. Internal access restricted to authorized personnel with audited credentials.

Audit Logging

All data access, modifications, and deletions are logged with timestamps, actor identity, and before/after state.

Hosting Region

US-East and US-West multi-region deployment. All customer data remains within United States boundaries.

Retention

Active account data retained for the duration of service. Data deleted within 30 days of account closure or deletion request. Encrypted backups retained for 90 days.

4. Data Sharing

We do not sell customer data.

Infrastructure Providers

We use limited infrastructure providers for hosting, authentication, and transactional email. These providers process data solely on our behalf under contractual data protection obligations.

Legal Obligations

We may disclose data when required by law, subpoena, or court order. We will notify affected customers of such requests unless legally prohibited from doing so.

Service Integrations

Data exchanged with SAM.gov and USASpending.gov is limited to publicly available federal records. No customer-uploaded content is transmitted to third-party services without explicit authorization.

5. Customer Rights

Access

Request a copy of all personal and organizational data associated with your account.

Correction

Request correction of inaccurate or incomplete data held in your account profile or organization record.

Deletion

Request deletion of your account and all associated data. Processing completes within 30 days.

Data Export

Request a machine-readable export of your organization's data including documents, pursuit records, and pipeline history.

6. Contact

For privacy inquiries, data requests, or questions about this policy:

privacy@pursuit.dev

We will respond to all requests within 30 days.