This Privacy Policy describes how Tomsons Digital LLC ("BidChamp," "we," "us," or "our"), a limited liability company registered in Georgia (Identification Number: 412798110, registered address: Georgia, Kutaisi, Khundadze St., N 52, Apt N20), collects, uses, stores, and shares information about you when you use the BidChamp software-as-a-service platform available at https://bidchamp.ai and related services (collectively, the "Service").
By using the Service, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.
1. Information we collect
1.1 Information you provide
When you create an account, use the Service, or contact us, we collect:
- Account information: name, email address, password (hashed), company name, role
- Profile information: company UEI, CAGE code, NAICS codes, set-aside certifications, physical address, phone number, federal contracting experience
- Billing information: name on card, billing address, partial card number (last 4 digits), card expiration. Full card details are collected and stored exclusively by our payment processor (Fastoo / LLC New Payment System) — we do not store full payment card numbers on our servers
- Communications: messages you send us via email, support tickets, or in-app chat
- Past performance documents: federal contract narratives, capability statements, and other materials you upload
1.2 Information collected automatically
When you use the Service, we automatically collect:
- Usage data: pages viewed, features used, opportunities scored, proposals drafted, time spent
- Device data: IP address, browser type, operating system, device identifiers
- Cookies and similar technologies: session cookies for authentication; analytics cookies (only if you consent)
1.3 Information from third parties
- SAM.gov data: when you provide your UEI, we retrieve corresponding public registration data from SAM.gov (via GovCon API) to populate your profile and Past Performance library
- Payment events: Fastoo provides us with transaction status, failure codes, and authorization events related to your subscription
2. How we use your information
We use information to:
- Provide, maintain, and improve the Service
- Process subscription payments and manage your account
- Score federal contracting opportunities, extract Section L requirements, and draft proposals using AI
- Send you transactional emails (account changes, payment receipts, subscription renewals, security notifications)
- Send you marketing emails about new features (you can unsubscribe anytime; we do not send promotional emails to users who have opted out)
- Detect and prevent fraud, abuse, and security incidents
- Comply with legal obligations (tax reporting, regulatory inquiries, law enforcement requests)
- Conduct analytics to understand product usage patterns
3. AI processing of your data
The Service uses AI models (provided by Anthropic, Inc. — Claude API) to score opportunities, extract requirements from solicitations, and draft proposal content. When you use AI features:
- Your input (RFP text, profile data, questions to AI Advisor) is sent to Anthropic for processing
- Anthropic does not use your data to train its models per our enterprise agreement
- AI-generated outputs are stored in your account for your reference
- We do not use your account data to train any AI models
4. How we share your information
We do not sell your personal information. We share information only with:
4.1 Service providers (data processors)
| Provider | Purpose | Data shared | Location |
|---|---|---|---|
| Fastoo / LLC New Payment System | Payment processing | Payment card data, transaction details, name | Georgia |
| Anthropic, Inc. | AI processing (Claude API) | Prompts, profile context, RFP text | United States |
| Resend | Transactional + marketing email delivery | Email address, name, message content | United States |
| DigitalOcean, Inc. | Cloud hosting and infrastructure | All Service data (encrypted at rest) | United States |
| GovCon API (govconapi.com) | Federal contract data + SAM entity lookup | Your UEI (read-only lookup) | United States |
| JSC Bank of Georgia | Bank account operations for the Company | Aggregated transaction settlement data | Georgia |
These providers process data only on our instructions and are bound by confidentiality and data-protection obligations.
4.2 Legal disclosure
We may disclose information if required by law, valid government request, or to protect the rights, property, or safety of BidChamp, our users, or the public.
4.3 Business transfers
If BidChamp is acquired or merged, your information may be transferred to the acquirer, subject to this Privacy Policy.
5. International data transfers
You may be located outside Georgia. By using the Service, you understand that information we collect will be transferred to and processed in the United States, Georgia, and other countries where our service providers operate. We use appropriate safeguards (encryption in transit and at rest) to protect your information during transfer.
6. Your rights
Depending on your location, you have the following rights regarding your personal data:
6.1 All users
- Access: request a copy of the personal data we hold about you
- Correction: request correction of inaccurate data
- Deletion: request deletion of your account and associated data (subject to legal retention requirements)
- Export: request your data in a portable format (CSV/JSON)
6.2 European Union / EEA / UK users (GDPR)
In addition to above:
- Restrict processing: request that we limit how we process your data
- Object: object to processing based on legitimate interests or for direct marketing
- Data portability: receive data in machine-readable format
- Lodge complaint: file a complaint with your local data protection authority
6.3 California users (CCPA/CPRA)
In addition to general rights:
- Know: request disclosure of categories of personal information collected, sold, or disclosed
- Opt-out of sale/sharing: we do not sell your personal information; opt-out not applicable
- Non-discrimination: we will not deny service or charge different prices based on exercising your rights
6.4 Georgian users (Georgian Personal Data Protection Law)
Rights under the Law of Georgia on Personal Data Protection apply, including data subject rights to access, correction, deletion, blocking, and objection.
To exercise any rights, email us at: giorgi.jgere@gmail.com (or support@bidchamp.ai when active). We will respond within 30 days.
7. Data retention
- Account data: retained while your account is active and for 12 months after account closure (or longer if required by law — e.g., 6 years for tax records under Georgian law)
- Payment records: retained for 6 years for tax and accounting purposes
- Past performance documents: retained while your account is active; deleted within 30 days of account closure (or upon your earlier request)
- AI conversation history: retained for 90 days then automatically deleted unless you save it explicitly
- Server logs: retained for 30 days then deleted
8. Security
We implement reasonable technical and organizational measures to protect your information:
- HTTPS/TLS encryption for all data in transit
- Encryption at rest for sensitive data
- Bcrypt password hashing
- Rate limiting and DDoS protection
- Regular security reviews and dependency updates
- Access controls limiting employee access to user data on a need-to-know basis
- Payment card data is processed by Fastoo (PCI-DSS compliant); we do not store full card numbers
No security system is impenetrable, and we cannot guarantee absolute security. If we become aware of a data breach affecting your personal data, we will notify you and relevant authorities as required by applicable law.
9. Children's privacy
The Service is not intended for individuals under 18. We do not knowingly collect personal information from anyone under 18. If you believe we have collected information from a minor, contact us immediately and we will delete it.
10. Cookies
We use cookies for:
- Essential cookies: authentication, session management (cannot be disabled — required for the Service to function)
- Analytics cookies: understanding feature usage (only with your consent on first visit)
You can control cookies via your browser settings. Disabling essential cookies will prevent the Service from working.
11. Third-party links
The Service may contain links to third-party websites (e.g., SAM.gov). We are not responsible for the privacy practices of those websites. Review their privacy policies before submitting information.
12. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification at least 14 days before they take effect. The "Last Updated" date at the top reflects the most recent version. Continued use of the Service after changes take effect constitutes acceptance.
13. Contact us
For questions, requests, or concerns about this Privacy Policy or our handling of your personal data:
Tomsons Digital LLC (operator of BidChamp)
Identification Number: 412798110
Address: Georgia, Kutaisi, Khundadze St., N 52, Apt N20
Email: giorgi.jgere@gmail.com (currently); privacy@bidchamp.ai (when active)
Phone: +995 568 00 22 23
For Georgian users: you may also contact the Personal Data Protection Service of Georgia (https://personaldata.ge) regarding any complaints.
This Privacy Policy is provided in English. Translations may be available on request, but the English version controls in case of discrepancy.