Guspora Bid Privacy Policy
This Privacy Policy explains how Guspora LLC ("Guspora," "we," "us," or "our") collects, uses, and shares information in connection with Guspora Bid (the "Service"). Guspora LLC is a Kentucky limited liability company (Kentucky Organization Number 1569927, EIN 42-1996887) with offices at 250 American Drive, Bardstown, KY 40004.
Guspora Bid is a business-to-business application sold to small business federal contractors. We do not direct the Service to consumers, and we do not knowingly collect information from anyone under the age of 18.
1. Information We Collect
Account information. When you sign up, we collect the company name, legal entity name, UEI, CAGE code, owner name, work email address, and password. We use a third-party payment processor (Stripe) to collect billing details; we receive a tokenized customer reference and limited transaction metadata, not full card numbers.
Customer Data. Information you and your operators enter into the Service, including capability profile fields, manufacturer authorizations, past performance entries, pricing rules, draft narratives, and packet attachments. This is treated as your confidential information under our Terms of Service.
Public procurement data. The Service ingests opportunity data from SAM.gov and award and outlay data from USASpending.gov. This information is publicly posted by the U.S. government; we associate it with your account when our scoring logic identifies a potential fit.
Usage and device data. We collect log data, IP address, browser and device type, pages and features used, and timestamps, for security, debugging, billing accuracy, and product improvement.
Cookies. We set a session cookie ("guspora_bid_auth") and a CSRF cookie ("csrf_token") for authentication, and we may set a small number of additional first-party cookies for preferences and operational purposes. We do not use cross-site advertising trackers in the authenticated portal.
Support communications. If you email support@guspora.com or otherwise contact us, we keep the message and any attachments to handle your request.
2. How We Use Information
We use the information described above to:
- Operate, secure, and maintain the Service.
- Authenticate operators and prevent unauthorized access.
- Score opportunities, generate AI-assisted drafts, and assemble packets at your direction.
- Process payments and manage subscriptions.
- Provide customer support.
- Detect, investigate, and prevent abuse, security incidents, and violations of our Terms of Service.
- Improve the Service, including by analyzing aggregate usage patterns.
- Comply with legal obligations and enforce our agreements.
3. AI Processing
The Service uses third-party large language model providers to generate draft narratives and other suggested text. When you invoke a draft action, relevant portions of the underlying solicitation and of your Customer Data may be sent to these providers solely to produce the requested output. We choose providers that contractually commit not to use customer prompts to train their general-purpose models. AI-generated content is presented for your review before it enters any submittable packet.
4. How We Share Information
We do not sell personal information. We share information only as described below:
- Service providers. Cloud infrastructure (Amazon Web Services), payment processing (Stripe), email delivery, error monitoring, and AI model providers, in each case under contract and only as needed to provide the Service.
- Within your organization. Customer Data is shared across operators and admins of your tenant. Each tenant's data is logically separated from other tenants.
- Federal agencies. Only when you, the Customer, choose to submit a packet through a federal portal. The Service itself does not transmit packets to federal agencies on your behalf.
- Legal and safety. When we believe in good faith that disclosure is required by law or legal process, or is necessary to protect the rights, property, or safety of Guspora, our customers, or the public.
- Corporate transactions. In connection with a merger, acquisition, financing, or sale of assets, subject to standard confidentiality protections.
5. Data Location and Transfers
The Service is hosted in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from those of your jurisdiction.
6. Data Retention
We retain account information and Customer Data for as long as your account is active and for a commercially reasonable period afterward to comply with legal, tax, accounting, and audit obligations, and to resolve disputes. On request made within thirty (30) days after account termination, we will make Customer Data available for export in a machine-readable format, after which we may delete or anonymize it. Backup copies may persist for additional time consistent with standard backup rotation. Specific retention periods may be revised over time and will be reflected in updates to this Policy.
7. Security
We use administrative, technical, and physical safeguards designed to protect Customer Data, including encryption in transit, access controls, audit logging, and segregation of tenant data. No system is perfectly secure. You are responsible for maintaining strong, unique credentials for each operator and for promptly removing access when an operator leaves your organization.
8. Your Choices and Rights
You can update most account information from inside the Service. Owners and admins can deactivate operator accounts. You may close your account at any time by emailing support@guspora.com.
Depending on where you reside, you may have additional rights regarding personal information, including the right to access, correct, delete, or port your data, or to object to or restrict certain processing. To exercise these rights, email privacy@guspora.com from the email address on file. We will respond within the timeframe required by applicable law. If you are an employee or operator of a Customer, please direct your request to the Customer first; we will assist the Customer in responding.
9. Children
The Service is not directed to children under 18. We do not knowingly collect personal information from children. If you believe a child has provided personal information through the Service, please contact us at privacy@guspora.com and we will take appropriate steps to delete it.
10. Changes to This Policy
We may update this Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. If the change is material, we will notify the Customer's billing contact by email and provide reasonable notice before the change takes effect.
11. Contact
Questions, requests, or concerns about this Policy may be sent to privacy@guspora.com, or by mail to Guspora LLC, 250 American Drive, Bardstown, KY 40004.