CaptureLabSign in

Privacy Policy

Last updated: May 2026

1. Introduction

CaptureLab (“we”, “us” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose and safeguard information when you use our federal acquisition intelligence platform at capturelab.ai (the “Service”). Please read it carefully. By using the Service you consent to the practices described below.

2. Information we collect

Information you provide directly:

  • Email address (used for authentication and digest emails)
  • Organisation name and team member email addresses
  • Capability profile data: NAICS codes, PSC codes, keywords, target agencies and set-aside status
  • Documents you upload (capability statements, past performance)
  • Pipeline notes and pursuit data you enter

Information collected automatically:

  • Log data: IP address, browser type, pages visited, timestamps
  • Usage data: features accessed, searches performed, opportunities viewed
  • Cookies and similar technologies (see Section 7)

3. How we use your information

We use collected information to:

  • Provide, operate and improve the Service
  • Authenticate users and manage accounts
  • Pre-screen SAM.gov opportunities against your configured filters
  • Send daily digest emails and watch alert notifications
  • Process AI-generated fit scores using your profile data
  • Respond to support requests and customer communications
  • Detect, investigate and prevent fraudulent or unauthorised activity
  • Comply with applicable legal obligations

4. Legal basis for processing (EEA/UK users)

If you are located in the European Economic Area or United Kingdom, we process your personal data on the following legal bases: performance of a contract (to provide the Service), legitimate interests (improving the Service, preventing fraud) and compliance with legal obligations. Where required we will seek your consent.

5. How we share your information

We do not sell your personal data. We may share information with:

  • Service providers: Supabase (database and authentication), Render (hosting), Anthropic (AI processing), Postmark (email delivery). Each is bound by appropriate data processing agreements.
  • Team members: Users within the same tenant organisation can see shared pipeline and watch data.
  • Legal authorities: Where required by law, court order or government request.
  • Business transfers: In connection with a merger, acquisition or sale of assets, subject to standard confidentiality protections.

6. Data retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Upon account termination we will delete or anonymise your data within 90 days, unless we are required by law to retain it longer. Opportunity and scoring data derived from public SAM.gov records may be retained for analytics purposes in anonymised form.

7. Cookies

We use strictly necessary cookies to maintain your authenticated session. We do not use third-party advertising cookies. You can control cookie settings through your browser; disabling session cookies will prevent you from signing in to the Service.

8. Security

We implement industry-standard technical and organisational measures to protect your data, including TLS encryption in transit, encrypted storage, access controls and regular security reviews. No system is completely secure; you use the Service at your own risk and should notify us immediately of any suspected breach.

9. Your rights

Depending on your jurisdiction you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data (“right to erasure”)
  • Object to or restrict certain processing
  • Data portability (receive your data in a machine-readable format)
  • Withdraw consent where processing is based on consent

To exercise any of these rights, contact us at privacy@capturelab.ai. We will respond within 30 days.

10. International transfers

The Service is hosted in the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States. We rely on appropriate safeguards (such as Standard Contractual Clauses) for transfers from the EEA or UK.

11. Children’s privacy

The Service is intended for business users and is not directed at children under 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us data, please contact us and we will delete it promptly.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will post the revised policy on the Service with an updated “Last updated” date and, for material changes, notify you by email. Your continued use of the Service after the effective date constitutes acceptance of the revised policy.

13. Contact us

For privacy questions or to exercise your rights, contact: privacy@capturelab.ai