GovCon API

Privacy Policy

What we collect, what we don't, who we share it with, and how to make us delete it.

Effective Date: May 15, 2026 · Last updated: May 15, 2026

Plain-English Summary

We collect the minimum to bill you, prevent abuse, and answer support questions. We don't sell your data. We don't track what your end-users do with your product. You can request deletion of your account and associated data anytime by emailing [email protected].

The rest of this page is the detail behind those statements.

What We Collect

  • Account email. Provided when you request an API key. Used to deliver the key and for transactional email (billing receipts, service notices, account communication).
  • API usage logs. Per request, we log timestamp, endpoint, query parameters, response status code, response time, and the requesting API key. Used for billing, rate-limit enforcement, abuse detection, and customer support. We do NOT log response bodies.
  • Billing information (via Stripe). If you subscribe to a paid plan, Stripe handles payment processing and stores card details on its own infrastructure. We receive only a Stripe customer ID, subscription status, and the email you signed up with. We never see or store your full card number.
  • Chat transcripts. If you start a chat through the widget on our docs pages, your messages and our replies are stored by tawk.to (our chat provider) so we can follow up.
  • Web analytics. Anonymous page-view data via Google Analytics and Google Ads conversion tracking. IP-based country and device-type aggregates; no individual user profiling.
  • Edge logs (Cloudflare). Our CDN logs request metadata (IP, user agent, country) for DDoS mitigation and security. Cloudflare's retention policy applies; we do not maintain a separate copy.

What We Don't Collect

  • End-user data from your product. If you build an application on top of our API, we don't see who your customers are or what they search for. We only see the API requests your server makes to us.
  • Response bodies. We log that a request happened and what status it returned, not the contents of the response.
  • Card numbers, CVV, or banking details. Stripe handles all of that on its own infrastructure.
  • Sensitive personal data we don't need. We don't ask for it and we don't store it.

Third Parties We Use

These are the services that touch your data in order for GovCon API to work. Each is bound by its own privacy policy.

We do not sell your data to third parties. The services above are processors acting on our behalf, not buyers of your information.

How Long We Keep It

  • Account email and key metadata: as long as your account exists, or until you request deletion.
  • Billing records: retained indefinitely as required by applicable tax and financial regulations. Held by Stripe and in our subscription records.
  • API usage logs: retained for 90 days for billing, abuse detection, and capacity planning, then aggregated into anonymous statistics.
  • Chat transcripts: retained per tawk.to's default policy (currently indefinite within the dashboard); we can delete on request.
  • Web analytics: retained per Google Analytics defaults (currently 14 months).
  • Edge logs: retained per Cloudflare's defaults; we don't maintain a separate copy.

Your Rights

Whatever jurisdiction you're in, you can ask us to:

  • Show you the data we have on you. Email and we'll send what's on file.
  • Delete your account and associated data. Email us and we'll deactivate your keys, anonymize your usage logs, and remove your account record. Billing records that we are legally required to retain stay, but we can confirm in writing what's kept and why.
  • Export your data. Email and we'll send a copy of your account record and recent usage logs.
  • Correct anything that's wrong. Same email.

For any of the above, email [email protected]. We respond within 5 business days.

Cookies and Tracking

Our site uses a small number of cookies and similar technologies:

  • Session cookies set by our application for authenticated areas (the dashboard).
  • Google Analytics cookies for anonymous usage analytics.
  • Google Ads cookies for conversion tracking on paid acquisition channels.
  • Cloudflare cookies for security and bot detection.
  • tawk.to cookies on pages where the chat widget loads, so a returning visitor sees their chat history.

You can block these via your browser's privacy controls. Blocking session cookies will break the dashboard; blocking analytics cookies will not affect API or site functionality.

Security

We use TLS in transit and encryption at rest for our database. API keys are stored as one-way hashes, not in plaintext. Internal access to production systems is limited to the operator (the founder). We don't claim SOC 2 or ISO 27001 (we are not yet certified); if your compliance program requires either, email us and we can walk you through our current controls.

If you discover a security issue, please email [email protected] with details. We'll respond within 48 hours.

International Users

GovCon API is operated from the United States and data is processed there. If you access our service from outside the U.S., your data will be transferred to and processed in the U.S. By using the service, you consent to that transfer.

If you are in the EU, UK, or another jurisdiction with strong data-protection laws, your rights above (access, deletion, correction, export) apply. For GDPR or UK-specific requests, mention your jurisdiction in your email so we route the request correctly.

Changes to This Policy

We may update this policy occasionally. If we make a material change (new third parties, expanded data collection, shorter or longer retention), we'll email account holders at least 30 days before the change takes effect. The "Last updated" date at the top of this page always reflects the current version.

Contact

Questions about this policy or how your data is handled? Email [email protected]. We read every message.

Have a question this page didn't answer?

Email support

We respond within 5 business days.