Privacy Policy

Effective February 20, 2026 · Last updated February 20, 2026

1. Introduction

ReconWerx (“we,” “us,” or “our”) operates the reconwerx.io platform, a defense acquisition intelligence service. This Privacy Policy explains how we collect, use, store, and protect your information when you use our platform.

By creating an account or using ReconWerx, you agree to the practices described in this policy. If you do not agree, please do not use the platform.

2. Information We Collect

2.1 Account Information

When you sign up, we collect your name, email address, and password (stored as a cryptographic hash — we never store plaintext passwords). We also collect the persona preference you select during onboarding.

2.2 Organization Information

To provide relevant intelligence, we collect information about your organization including: company name, CAGE code, UEI, SAM registration status, NAICS codes, set-aside designations, size standard, and a brief company description. You may also create technology profiles that include technology names, descriptions, TRL estimates, domain tags, and DoD relationship history.

2.3 Pipeline and Pursuit Data

When you use the Pipeline module, we store your pursuit records, bid/no-bid scorecards, milestone dates, uploaded documents, notes, and competitive assessments. This is your proprietary business data. We never share it with other users, organizations, or third parties.

2.4 Usage Data

We collect standard usage data including pages visited, features used, search queries, API request logs, and session information. This helps us improve the platform and troubleshoot issues.

2.5 Notification Preferences

We store your notification settings including alert frequency, digest preferences, and snooze configurations.

3. How We Use Your Information

We use your information to:

• Provide the service: Match opportunities to your organization profile, surface relevant intelligence, and power your pipeline management workflow.
• AI-powered features: We use artificial intelligence to match opportunities to your profile, extract signals from budget narratives, expand search queries, and generate intelligence briefs. Your Pipeline data is never used as input to AI models.
• Send notifications: Deliver opportunity alerts, deadline reminders, and digest emails based on your preferences.
• Improve the platform: Analyze aggregate usage patterns to improve features, fix bugs, and prioritize development.
• Maintain security: Detect unauthorized access, enforce multi-tenant data isolation, and maintain audit logs.

4. AI and Data Processing

ReconWerx uses AI models provided by third-party services (including Microsoft Azure AI and Google AI) to power platform features. When AI processes your data:

• Organization profile information and search queries may be sent to AI providers to generate matches and intelligence.
• AI providers process this data according to their enterprise service agreements, which prohibit them from using your data to train their models.
• All AI interactions are logged for cost monitoring and quality assurance. These logs do not contain your proprietary Pipeline data.
• Your pursuit strategies, bid/no-bid decisions, uploaded documents, and competitive assessments are never sent to AI providers.

5. Government Data Sources

Much of the intelligence on our platform comes from publicly available U.S. government data sources including SAM.gov, USAspending.gov, SBIR.gov, and published DoD budget exhibits. This data is public record. We aggregate, structure, and enrich it to make it useful, but we do not claim ownership of government data.

6. Data Sharing

We do not sell your data. We share information only in these limited circumstances:

• AI service providers: As described in Section 4, limited data is processed by AI providers under enterprise agreements.
• Infrastructure providers: Our platform runs on third-party infrastructure (including Vercel, Supabase, and Render). These providers host and process data under their standard data processing agreements.
• Legal requirements: We may disclose information if required by law, subpoena, or legal process.
• Business transfer: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity. We will notify you before this occurs.

We will never share your Pipeline data with other ReconWerx customers or any third party, except as required by law.

7. Data Security

We implement the following security measures:

• Multi-tenant isolation: Row Level Security (RLS) at the database level ensures your organization's data is inaccessible to other organizations.
• Encryption: Data is encrypted at rest and in transit (TLS).
• Authentication: Accounts are protected by email/password authentication.
• Audit logging: All data mutations are logged with user identity, timestamp, and action taken.
• Access control: Organization membership controls who can access your organization's data.

No system is perfectly secure. While we take reasonable measures to protect your data, we cannot guarantee absolute security.

8. Data Retention

• Account data: Retained for the duration of your account. Upon account closure, we delete your account data within 30 days.
• Organization and Pipeline data: Retained for the duration of your organization's subscription. Upon cancellation, you may request a full data export. Data is deleted within 30 days of the request.
• Usage and audit logs: Retained for up to 12 months, then deleted.
• AI call logs: Retained for up to 12 months, then deleted.

9. Your Rights

You have the right to:

• Access the personal information we hold about you.
• Export your Pipeline data in CSV format at any time.
• Correct inaccurate information in your account or organization profile.
• Delete your account and associated data by contacting us.
• Opt out of non-essential email communications at any time.

To exercise these rights, contact us at privacy@reconwerx.io.

10. Cookies and Tracking

We use essential cookies for authentication and session management. We do not use third-party advertising trackers. We may use basic analytics to understand aggregate platform usage.

11. Children's Privacy

ReconWerx is a business-to-business platform. We do not knowingly collect information from anyone under the age of 18. If we learn that we have collected information from a minor, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through an in-app notification. The “Last Updated” date at the top of this page reflects the most recent revision.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at privacy@reconwerx.io.