Privacy Policy
Last updated: April 9, 2026
1. What we collect
When you sign up for ManageMyGov, we collect: your work email address, a password (stored hashed in AWS Cognito), the company name you provide, and any contract documents you upload (typically SF1449 PDFs). We also collect technical information automatically including your IP address, browser type, pages visited, and timestamps.
2. How we use your data
We use your data to provide the platform: to authenticate you, to extract structured fields from contracts you upload using our AI agents, to render your dashboard, and to send you operational emails. We do not sell, share, or rent your data to any third party. We do not use your contract data to train AI models — our Anthropic API integration is configured with the no-training opt-out.
3. Where data lives
All customer data resides in AWS US East 2 (Ohio). Database storage is encrypted at rest with 256-bit AES. File uploads are stored in S3 with server-side encryption. Data in transit uses TLS 1.3. We do not transfer customer data outside the United States.
4. Subprocessors
We rely on the following subprocessors: Amazon Web Services (hosting, database, storage, authentication, email, error monitoring via CloudWatch and CloudWatch RUM), Anthropic PBC (AI inference for SF1449 extraction and skill agents), and Stripe, Inc. (subscription billing and payment processing). All subprocessors operate under SOC 2 controls or equivalent.
5. Payment processing
Paid subscriptions are processed by Stripe, Inc., our payment processor. We do not collect or store your full payment card number; card details are entered directly with Stripe and held under Stripe’s privacy and security terms. We receive only the limited billing metadata needed to manage your account — such as subscription status, plan, card brand and last four digits, and expiry date. Stripe is PCI-DSS Level 1 certified.
6. Your rights
You can request a copy of your data, request deletion of your data, or close your account at any time by emailing privacy@managemygov.org. We will respond within 30 days. Account deletion permanently removes your data within 30 days of request, except where retention is required by law.
7. Regulated data limitations
ManageMyGov is not yet authorized for Controlled Unclassified Information (CUI), classified material, ITAR-controlled data, or any other regulated information. You must not upload such data. Use sample or fictional contract data only until the platform completes its CUI authorization (GovCloud + CMMC).
8. Cookies & tracking
We use a small number of cookies. Essential cookies are required to keep you signed in and operate the app (session, CSRF, preferences). These are always on. Analytics cookies (AWS CloudWatch RUM) measure page performance and capture JavaScript errors so we can fix bugs. These are off by default until you accept via the consent banner on first visit. We do not use advertising, marketing, or third-party tracking cookies.
You can change or revoke your cookie choice at any time by clearing your consent: . This will re-display the banner on your next page load.
9. Contact
Questions: privacy@managemygov.org