Legal / Privacy Policy
Effective 2026-05-19

Privacy Policy

30-second summary: We collect what we need to match you to contracts and run the service — your business profile, account info, and how you use the platform. We do not sell your data. We use a small list of vetted subprocessors. You can export or delete your data anytime.

1. Data we collect

CategoryExamplesWhy
Accountemail, name, locale, Auth0 subSign in, send notifications
Business profilewebsite URL, services, certifications, NAICS, specialty tags, profile textMatch you to contracts
Public profile (opt-in)name, services, certs, contact (only if you set visibility=Public)Teaming Marketplace discoverability
Usagematches saved, AI Room threads, feedback signals (thumbs up/down), proposal draftsPersonalize results, run the service
BillingStripe customer ID, subscription tier, EIN/business tax ID (when provided)Process payments, send invoices
TechnicalIP address, browser, OS, request paths (in logs only)Security, abuse detection, debugging
AI-derivedFederal Readiness Score, capability statement, embeddings, match rationaleProvide the AI features themselves

2. We do NOT collect

  • Government-issued IDs (SSN, passport) except your business EIN/RFC if you provide it for Federal Services engagement.
  • Bank account numbers (Stripe handles cards; we never see the PAN).
  • Biometrics, geolocation beyond city-level, browsing history outside our domain.

3. How we use it

  • To run the platform — matching, AI features, billing, support.
  • To send you alerts you opt in to.
  • To improve the platform using aggregated, anonymized usage.
  • To prevent fraud, abuse, and security incidents.
  • To comply with law (audit trails, tax records).

4. We do NOT sell your data

Period. Not to advertisers, not to data brokers, not to marketing lists. The aggregated, anonymized intelligence we may sell (under the "Mycontracts Intelligence" data product line) never identifies an individual business; it describes patterns across thousands of contracts and agencies.

5. Subprocessors

We share data with a short list of third parties needed to operate Mycontracts. Full list at /subprocessors. Highlights:

  • Anthropic — AI model provider. Receives the AI prompts we send (which may include your business profile + contract text). They do not train on our data.
  • Voyage AI — Embeddings provider. Receives the text we embed for vector search.
  • Stripe — Payment processing.
  • Auth0 (Okta) — Identity / sign-in.
  • Render — Hosting + Postgres + Redis.
  • Resend / Google — Transactional email.

6. Retention

  • Active accounts: data kept as long as the account is active.
  • Closed accounts: most data deleted within 30 days. Some records retained for tax/audit reasons up to 7 years (US) / per local requirement (MX).
  • AI Room transcripts: 90 days after the saved contract is closed/won/lost, then purged unless you exported.
  • Webhook + audit logs: 13 months.

7. Your rights

You can:

  • Export your data (profile, saved contracts, proposal drafts, capability statements) anytime from the dashboard.
  • Correct any inaccurate data via the profile editor.
  • Delete your account by emailing privacy@agora-virtual.com — we delete within 30 days.
  • Object to specific processing (e.g. anonymous-aggregate use) by emailing privacy@agora-virtual.com.
  • File a complaint with a supervisory authority — your state Attorney General (US), the INAI (México), or the EU DPA where you reside.

8. Children

Mycontracts is for business use. We do not knowingly collect data from anyone under 18.

9. International transfers

Mycontracts is hosted in the United States. Our subprocessors may operate worldwide. We rely on Standard Contractual Clauses (SCCs) and similar safeguards for transfers from the EU/UK to the US.

10. Contact for privacy

privacy@agora-virtual.com