FY2026 YTDDOD: $842.3B (+2.4% YoY)HHS: $156.7B (-1.2% YoY)DHS: $68.4B (+5.1% YoY)NASA: $25.8B (+3.7% YoY)DOE: $48.2B (-0.8% YoY)VA: $301.4B (+8.2% YoY)|Active Opportunities: 47,832Expiring 7d: 2,341|Data via USASpending.gov
Fed-Spend
Intelligence Terminal
DashboardSearch
AlertsPricingBlog

Privacy Policy

Last updated: January 29, 2026

Fed-Spend Intelligence ("Fed-Spend," "we," "us," or "our") is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your information in compliance with GDPR, CCPA/CPRA, and the Colorado Privacy Act (CPA).

Quick Links

Data We Collect Data Retention Policy Your Privacy Rights Contact Us

1. Information We Collect

Account Information

  • Name and email address (from OAuth provider)
  • Profile picture (if provided by OAuth)
  • OAuth provider ID (Google, GitHub)

Usage Data

  • Search queries and saved searches
  • Alert configurations and delivery history
  • API usage and access logs
  • Feature usage and interaction patterns

Technical Data

  • IP address and approximate location
  • Browser type and device information
  • Cookies and similar tracking technologies

Payment Information

Payment processing is handled by Stripe. We do not store credit card numbers. We retain:

  • Stripe customer ID
  • Subscription status and plan
  • Invoice history and amounts

2. Data Retention Policy

We retain your data only as long as necessary for the purposes outlined in this policy. Below are our specific retention periods:

Data TypeRetention PeriodBasis
Account dataUntil account deletion + 30 daysContract performance
Search history90 daysLegitimate interest
Saved searches & alertsUntil deleted by user or account deletionContract performance
API logs30 daysSecurity & debugging
Payment records7 yearsLegal obligation (tax)
Analytics data26 monthsLegitimate interest
Security logs1 yearLegal obligation
Newsletter subscriptionsUntil unsubscribe + 30 daysConsent

Automated Deletion: Data is automatically purged after the retention period expires through scheduled database maintenance.

3. How We Use Your Information

  • Service Delivery: Provide federal contract search, alerts, and intelligence features
  • Personalization: Customize search results and recommendations based on your activity
  • Communication: Send alerts, newsletters, and service updates
  • Security: Detect fraud, abuse, and unauthorized access
  • Improvement: Analyze usage patterns to improve our services
  • Legal Compliance: Meet regulatory and legal obligations

4. Your Privacy Rights

Depending on your location, you have the following rights under GDPR, CCPA/CPRA, and/or the Colorado Privacy Act:

Right to Access

Request a copy of all personal data we hold about you

Right to Deletion

Request deletion of your personal data (with exceptions)

Right to Correction

Request correction of inaccurate personal data

Right to Portability

Receive your data in a portable format (JSON/CSV)

Right to Opt-Out

Opt out of sale/sharing of personal information (we don't sell data)

Right to Appeal

Appeal any denial of your privacy request

Exercise Your Rights

Submit a Data Subject Access Request (DSAR) to exercise any of these rights. We will respond within 45 days (or 30 days for GDPR requests).

Submit DSAR Request

5. Data Security

We implement industry-standard security measures including:

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for sensitive data at rest
  • OAuth 2.0 authentication (no password storage)
  • Regular security audits and penetration testing
  • SOC 2 Type II compliance (in progress)
  • Cloudflare WAF and DDoS protection

6. Cookies & Tracking

We use the following types of cookies:

  • Essential Cookies: Required for authentication and core functionality
  • Analytics Cookies: PostHog analytics to understand usage (opt-out available)
  • Preference Cookies: Remember your settings and preferences

We do not use third-party advertising cookies or sell data to advertisers.

7. Third-Party Services

We share data with the following service providers:

  • Stripe: Payment processing (PCI-DSS compliant)
  • PostHog: Product analytics (EU-hosted option available)
  • Resend: Email delivery
  • Cloudflare: CDN, security, and DNS
  • Google/GitHub: OAuth authentication

All third-party providers are contractually bound to protect your data and comply with applicable privacy laws.

8. International Data Transfers

Fed-Spend is based in the United States. If you access our services from outside the US, your data will be transferred to and processed in the US. We rely on Standard Contractual Clauses (SCCs) for transfers from the EEA/UK where required.

9. Children's Privacy

Fed-Spend is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we learn we have collected such information, we will delete it promptly.

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes via email or a prominent notice on our website at least 30 days before they take effect.

11. Contact Us

For privacy inquiries or to exercise your rights:

Email: [email protected]

DSAR Portal: fed-spend.com/dsar

Address: Fed-Spend Intelligence, Denver, CO 80202, USA

For Colorado residents: You may contact the Colorado Attorney General at coag.gov if you believe your privacy rights have been violated.

Effective Date: January 29, 2026

© 2026 Fed-Spend Intelligence. All rights reserved.