Privacy Policy
Last updated: March 5, 2026 • Version 1.0
AllTracts ("we," "us," or "our") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our government contract search service.
1. Introduction
AllTracts provides a platform for contractors to discover government procurement opportunities across the United States and Europe. We process minimal personal data necessary to provide this service and comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
Data Controller: AllTracts
Contact: privacy@alltracts.com
2. What Data We Collect
2.1 Account Information (Provided by You)
- Email address - Required for account creation and communication
- Password - Stored securely using bcrypt hashing
- Name - Optional, for personalization
- Company name - Optional, for basic identification
- Language preference - For interface localization
2.2 Voluntary Profile Information
You may optionally provide additional information to enhance your search experience. This information is not required to use the basic search features.
- Company profile - UEI number, NAICS codes, certifications, service areas
- Search preferences - Keywords, location filters, industry codes
- Alert settings - Email notification preferences, federal portal selections
- Tracked contracts - Contracts you save for later review
- Team information - If you join a company team
2.3 Usage Data (Automatically Collected)
- Login history - IP addresses, timestamps, user agents (for security only)
- Search queries - To provide personalized recommendations
- Contract interactions - Contracts viewed, saved, or dismissed
2.4 Technical Data
- Cookies - Authentication token, language preference, cache version
- Browser information - For compatibility and security
3. How We Use Your Data
We process your personal data for the following purposes:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Provide contract search service | Contract performance (Art. 6(1)(b)) |
| Send daily alert emails | Contract performance (Art. 6(1)(b)) |
| Personalized recommendations | Legitimate interest (Art. 6(1)(f)) |
| Process subscription payments | Contract performance (Art. 6(1)(b)) |
| Security and fraud prevention | Legitimate interest (Art. 6(1)(f)) |
| Login history monitoring | Legitimate interest (Art. 6(1)(f)) |
| Compliance with legal obligations | Legal obligation (Art. 6(1)(c)) |
We do not:
- Sell your personal data to third parties
- Use your data for advertising or marketing without consent
- Track you across other websites
- Share your searches with competitors
4. Data Retention
4.1 Active Accounts
We retain your data while your account is active to provide continuous service.
4.2 Deleted Accounts
When you delete your account:
- Immediate deletion: Profile, preferences, tracked contracts, searches, company data
- Retained until December 31 (Austrian fiscal year end): Subscription tier, subscription dates, payment amounts (for tax reporting as required by Austrian law)
- Retained for 2 years: Security audit logs (login history for fraud prevention)
4.3 Inactive Accounts
We may delete accounts inactive for 3+ years after providing 90 days notice.
5. Your GDPR Rights
Under GDPR, you have the following rights:
5.1 Right to Access
Download all your data in JSON or CSV format from your account settings.
5.2 Right to Rectification
Update your information anytime in account settings.
5.3 Right to Erasure ("Right to be Forgotten")
Delete your account with options for immediate or scheduled deletion (7, 14, or 30 days grace period).
5.4 Right to Data Portability
Export your data in machine-readable JSON format.
5.5 Right to Object
Disable email alerts, personalization, or specific features.
5.6 Right to Restrict Processing
Contact privacy@alltracts.com to request temporary processing restrictions.
5.7 Right to Withdraw Consent
Change cookie preferences or alert settings anytime.
6. Third-Party Services
We use the following third-party processors who comply with GDPR:
6.1 Stripe (Payment Processing)
Stripe processes subscription payments. We do not store your credit card information. Stripe's privacy policy: stripe.com/privacy
6.2 Resend (Email Delivery)
Resend delivers alert emails and system notifications. Resend's privacy policy: resend.com/legal/privacy-policy
6.3 Sentry (Error Tracking)
Sentry helps us fix bugs and improve service reliability. Only error logs are sent, not personal data. Sentry's privacy policy: sentry.io/privacy
Data Processing Agreements: We have GDPR-compliant Data Processing Agreements (DPAs) with all third-party processors.
7. International Data Transfers
Your data may be processed in:
- European Union - Primary data storage
- United States - Some third-party processors (Stripe, Resend, Sentry)
All international transfers are protected by:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- GDPR-compliant Data Processing Agreements
- Adequate safeguards as required by GDPR Article 46
8. Data Security
We implement industry-standard security measures:
- Encryption: HTTPS/TLS for all connections
- Password security: Bcrypt hashing with salt
- Access controls: Role-based permissions, admin-only features
- Authentication: JWT tokens with HTTP-only cookies
- Monitoring: Security audit logs, intrusion detection
- Rate limiting: Protection against brute force attacks
9. Cookies
We use the following cookies:
| Cookie | Purpose | Duration | Required? |
|---|---|---|---|
| auth_token | Keep you logged in | 7 days | Yes (strictly necessary) |
| lang | Remember language preference | 1 year | No |
| _cv | Cache version for updates | 1 year | No |
| cookie_consent | Remember your cookie choice | 1 year | No |
You can manage cookie preferences via the banner on your first visit or in your browser settings.
10. Public Contract Data
Important: AllTracts aggregates publicly available government procurement data from:
- SAM.gov (United States)
- TED (Tenders Electronic Daily, EU)
- National procurement portals
This contract data (titles, descriptions, agency names, contact information) is already public and not subject to GDPR personal data protections. We simply aggregate and present it in a searchable format.
Your searches and preferences are private and never shared with other users or government agencies.
11. Children's Privacy
AllTracts is a B2B service for contractors and businesses. We do not knowingly collect data from individuals under 16 years of age.
12. Changes to This Policy
We may update this privacy policy to reflect changes in our practices or legal requirements. Material changes will be communicated via:
- Email notification to registered users
- Prominent notice on the website
- Version number and "Last updated" date at the top of this page
Continued use after changes constitutes acceptance of the updated policy.
13. Contact Us
For privacy-related questions, data access requests, or to exercise your GDPR rights:
Email: privacy@alltracts.com
Response time: Within 30 days (as required by GDPR)
14. Supervisory Authority
If you believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection authority:
- Austria: Österreichische Datenschutzbehörde (DSB) - dsb.gv.at
- EU/EEA: Find your authority at edpb.europa.eu