Legal
Privacy Policy
Effective date: April 1, 2026 · Last updated: April 1, 2026
This Privacy Policy describes how Blackfyre LLC ("Blackfyre," "we," "us") collects, uses, and protects information when you use the Blackfyre GovCon AI service. By using the service, you agree to the practices described here.
1. Data We Collect
We collect the following categories of data:
- Account data: Email address, name, and authentication details provided at signup via Google OAuth or email/password
- Company profile: Agent name, company name, UEI, NAICS codes, set-aside certifications, target agencies, core capabilities — all provided voluntarily by you
- Conversation data: Messages you send to your agent and the responses generated
- Uploaded files: PDFs you upload for solicitation parsing, stored in Supabase Storage
- Usage metrics: Token consumption, session counts, feature usage — used to enforce plan limits and improve the service
- Billing data: Handled entirely by Stripe; we do not store card numbers or payment credentials
- Technical data: IP address, browser type, and request logs for security and debugging purposes
2. How We Use Your Data
- To operate and personalize your agent — your profile drives opportunity scoring, drafting, and context
- To process your messages and generate responses via the Anthropic Claude API
- To query third-party procurement data sources on your behalf
- To enforce subscription limits and manage billing
- To send transactional emails (account setup, subscription receipts, cancellation confirmations)
- To detect and prevent abuse, fraud, and security incidents
We do not sell your data. We do not use your data for advertising. We do not share your data with third parties except as described in this policy.
3. Third-Party APIs and Data Sources
To provide procurement intelligence, your agent queries the following external services. When you ask for opportunity data, relevant search queries are sent to these services:
SAM.gov
USASpending
HigherGov
Tango
Queries sent to these services may include your NAICS codes, target agencies, and search terms you provide. They do not receive your full company profile, conversation history, or personal account details. Each service operates under its own privacy policy.
4. AI Processing — Anthropic Claude API
Your conversations are sent to Anthropic's Claude API for response generation. Anthropic does not use your conversations to train its models. Blackfyre operates under Anthropic's zero data retention configuration for API usage.
Messages you send and the agent's responses are transmitted to Anthropic's infrastructure to generate replies. This is a necessary part of how the service works. Anthropic's Privacy Policy governs their handling of API data. For more detail, see anthropic.com/privacy.
5. Data Storage and Security
- Database: Supabase (hosted on AWS). Row-level security (RLS) ensures each user's data is isolated — no other subscriber can read your data
- File storage: Supabase Storage (AWS S3-backed). Uploaded PDFs are scoped to your user ID
- Encryption: All data is encrypted at rest and in transit (TLS 1.2+)
- Authentication: Managed by Supabase Auth with JWT tokens. Passwords are hashed and never stored in plaintext
- Access controls: Blackfyre staff access to production data is limited and logged
6. Data Retention
- Active accounts: Data is retained while your subscription is active
- After cancellation: Your data is retained for 30 days after account deletion to allow for recovery if requested, then permanently deleted
- Conversation history: Retained for the lifetime of your account unless you request deletion
- Uploaded files: Retained until you delete them or your account is deleted
- Billing records: Retained as required by Stripe and applicable tax law
7. Your Rights
You have the following rights regarding your personal data:
- Access: Request a copy of all data we hold about you
- Correction: Update your profile data at any time from the agent settings
- Deletion: Request deletion of your account and all associated data. We will process deletion within 7 business days
- Export: Request an export of your conversation history and profile data in JSON format
- Portability: Your data is yours. We will not hold it hostage
To exercise any of these rights, email hello@blackfyre.ai with the subject line "Data Request."
8. No PII in Vector Store
The agent uses a vector store for semantic memory. Only data you explicitly provide in your company profile is stored there — we do not automatically extract or store personally identifiable information from your conversations into the vector store. You control what goes into your agent's persistent memory.
9. Cookies and Tracking
We use session cookies required for authentication (managed by Supabase). We do not use advertising cookies, third-party tracking pixels, or analytics tools that share your data with third parties. We may use privacy-respecting, self-hosted analytics (aggregate page views only) in the future.
10. Children's Privacy
The service is intended for business use by adults. We do not knowingly collect data from individuals under 18. If you believe a minor has created an account, contact us and we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy. Material changes will be communicated by email to active subscribers at least 14 days before they take effect.
12. Contact
Questions about your data or this policy? Email hello@blackfyre.ai.
Blackfyre LLC · GSA MAS 47QTCA26D002F · Washington, DC