Astro Smart Tech LLC, doing business as FindBids
Effective Date: July 2, 2026
Last Updated: July 2, 2026
1. Introduction and Scope of This Policy
Astro Smart Tech LLC, a California limited liability company operating under the trade name FindBids ("FindBids," "we," "us," or "our"), respects the privacy of the businesses and professionals who engage with our platform. The present Privacy Policy explains how we collect, use, disclose, retain, and safeguard personal data in connection with the FindBids website at https://findbids.us, the member application at https://app.findbids.us, and the related services described in our Terms and Conditions (collectively, the "Services").
FindBids furnishes an artificial-intelligence-powered government procurement intelligence platform to businesses and government contracting consultants. Although the Services are directed exclusively to commercial users, the individuals who register accounts, correspond with us, or are named within uploaded materials are natural persons whose data merits protection. Accordingly, the practices described below are designed to satisfy the General Data Protection Regulation, Regulation (EU) 2016/679 ("GDPR"), the California Consumer Privacy Act, California Civil Code § 1798.100 et seq., as amended by the California Privacy Rights Act (together, the "CCPA"), and other applicable data-protection laws.
By accessing or using the Services, you acknowledge the practices set forth herein. Where a separate Data Processing Agreement governs our handling of personal data on your behalf, that agreement controls to the extent of any conflict with this Policy in respect of such processing.
2. Our Dual Role: Controller and Processor
The capacity in which we act depends upon the category of personal data at issue, and the distinction carries consequences for the rights and obligations that attach.
- Controller: With respect to the personal data of account holders, individual users, prospective customers, and website visitors, including registration details, billing information, marketing correspondence, and usage analytics, FindBids determines the purposes and means of processing and therefore acts as a controller within the meaning of Article 4(7) of the GDPR, and as a "business" under the CCPA.
- Processor: With respect to personal data contained within Subscriber Content that a customer uploads or generates through the Services, including company personnel details, contact records, and personal data appearing within retrieved solicitation documents, FindBids processes such data on the customer's instructions and in the customer's interest, thereby acting as a processor under Article 4(8) of the GDPR, and as a "service provider" under the CCPA. In that capacity, our obligations are further defined by a Data Processing Agreement made available on request.
3. Categories of Personal Data We Collect
The personal data we handle varies according to how you interact with the Services. We collect the following categories:
- Identity and Contact Data: Your full name, business email address, telephone number, employer or company name, job title, and the professional role associated with your Account.
- Account and Credential Data: Your username, password, authentication tokens, seat and team assignments, and preferences configured within the member portal. Login credentials constitute sensitive personal information under the CCPA and are handled with corresponding care.
- Subscriber Content: The company profile, service descriptions, procurement preferences, uploaded documents, and other materials that you submit so that the platform may perform matching, retrieval, and drafting functions on your behalf, together with any personal data embedded within those materials.
- Billing and Transaction Data: Subscription tier, Credit usage, transaction history, and limited payment-related information. Full payment-card details are collected and processed directly by our payment processor and are not stored on our systems.
- Usage, Device, and Technical Data: Internet protocol address, browser type, device identifiers, operating system, referring pages, session activity, feature interactions, and log data generated when you access the Services.
- Communications Data: The content of your inquiries, support requests, demonstration bookings, and correspondence with our team, together with marketing and customer-relationship records.
- Cookie and Analytics Data: Information gathered through cookies and similar technologies, addressed in detail within our separate Cookie Policy.
4. How Personal Data Is Collected
We obtain personal data through several channels, and the source of a given item informs how we may lawfully use it. Information is collected directly from you when you register an Account, commence a free trial, configure a company profile, upload materials, contact our team, or book a demonstration. Data is generated automatically as you navigate and use the Services, by means of servers, log files, cookies, and analytics tools. Certain information reaches us from third parties, including our payment processor, our customer-relationship-management provider, and the public procurement portals from which solicitation documents are retrieved at your direction.
5. Purposes of Processing and Lawful Bases
Each processing activity is tied to a specified purpose and, where the GDPR applies, to a lawful basis under Article 6. The correspondence is set out below:
- Provision of the Services: We process Identity, Account, and Subscriber Content data to create and administer your Account, to perform bid matching and document retrieval, and to generate AI Output, relying on the performance of a contract under Article 6(1)(b) of the GDPR.
- Billing and Payment: We process billing and transaction data to charge subscription fees, to administer free-trial conversion, and to prevent fraudulent transactions, relying on contractual necessity and on our legitimate interest in securing payment under Article 6(1)(f).
- Service Communications: We use contact data to send transactional notices, security alerts, and administrative messages, relying on contractual necessity and on legitimate interest in keeping you informed of matters affecting your Account.
- Marketing and Business Development: We may send commercial communications concerning features, tiers, or offers, relying on your consent where required under Article 6(1)(a), or otherwise on our legitimate interest under Article 6(1)(f), subject always to your right to opt out.
- Analytics and Improvement: We analyze usage and technical data to maintain, secure, and enhance the Services, relying on our legitimate interest in operating a reliable and continually improving platform.
- Legal and Compliance: We process personal data to comply with legal obligations, to establish, exercise, or defend legal claims, and to enforce our Terms and Conditions, relying on legal obligation under Article 6(1)(c) and on legitimate interest under Article 6(1)(f).
Where we rely upon legitimate interests, we have conducted a balancing exercise to confirm that our interests are not overridden by your rights and freedoms, and further particulars of that assessment are available on request.
6. Artificial-Intelligence Processing and Automated Handling
The Services employ artificial intelligence to match company profiles against solicitations, to score relevance, and to generate draft responses. Personal data contained within your inputs may be transmitted to third-party model providers, presently Google Gemini and Anthropic Opus, solely to produce the requested output, and the roster of model providers may change as the platform develops.
The automated processing performed by FindBids does not produce legal or similarly significant effects concerning any individual within the meaning of Article 22 of the GDPR, as the outputs are advisory drafts and relevance indicators intended for human review, and no decision affecting a person's finances, employment, housing, education, or access to essential services is made solely by automated means. Human oversight remains integral to the intended use of every output, consistent with the review-before-use obligations set out in our Terms and Conditions.
7. Cookies, Analytics, and Tracking Technologies
We use cookies, pixels, and comparable technologies to operate the Services, to remember preferences, and to measure usage, including through Google Analytics for statistical insight and through HubSpot for customer-relationship and marketing functions. The categories of cookies deployed, their purposes, their duration, and the mechanisms available for managing consent are described comprehensively in our Cookie Policy, which forms part of this Privacy Policy by reference. Where consent is legally required for non-essential cookies, it is obtained through our consent-management interface before such cookies are set.
8. Disclosure of Personal Data and Sub-Processors
We do not disclose personal data except as described in this Policy. Personal data may be shared with the following categories of recipients, each engaged under contractual terms that restrict their use of the data to the purposes for which it was provided:
- Infrastructure and Hosting Providers: Cloudflare, Inc., which supplies hosting and storage, and Supabase, Inc., which supplies database and authentication services.
- Payment Processor: Stripe, Inc., which processes subscription and Credit-based charges and handles payment-card data under its own security and privacy standards.
- Artificial-Intelligence Model Providers: Google (in respect of Gemini) and Anthropic (in respect of Opus), which process inputs to generate requested outputs, together with any successor or additional model provider engaged from time to time.
- Analytics and Marketing Providers: Google, in respect of Google Analytics, and HubSpot, Inc., in respect of customer-relationship management and marketing operations.
- Professional Advisors and Authorities: Legal, accounting, and audit advisors, and governmental or regulatory authorities, where disclosure is necessary to comply with law, to respond to lawful requests, or to protect our rights.
- Corporate Transactions: A successor entity or acquirer, in connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to the continuity of protections described herein.
We neither sell personal data for monetary consideration nor engage in the sharing of personal data for cross-context behavioral advertising as those terms are defined under the CCPA, a point developed further in Section 13.
9. International Data Transfers
Because FindBids is established in the United States and engages providers located there, personal data originating in the European Economic Area, the United Kingdom, or Switzerland may be transferred to, and processed in, the United States and other jurisdictions whose data-protection laws may differ from those of your country of residence. Where such transfers occur, we implement one or more of the safeguards contemplated by Chapter V of the GDPR.
- Standard Contractual Clauses: We rely principally on the Standard Contractual Clauses adopted by the European Commission under Implementing Decision (EU) 2021/914, supplemented, where warranted, by a transfer-impact assessment of the kind required following the judgment of the Court of Justice of the European Union in Case C-311/18 (Schrems II).
- EU-US Data Privacy Framework: Where a recipient in the United States is certified under the EU-US Data Privacy Framework, and its United Kingdom and Swiss extensions, we may additionally rely upon the European Commission's adequacy decision of July 10, 2023, which remains in effect as of the date of this Policy.
We monitor developments affecting the validity of these mechanisms, including pending proceedings before the Court of Justice, and will adjust our transfer arrangements as required to maintain a lawful basis for each transfer.
10. Data Retention
Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected, to comply with legal, tax, and accounting obligations, and to resolve disputes or enforce agreements. Account and Subscriber Content data is retained for the duration of your subscription and for a reasonable period thereafter, after which it is deleted or anonymized unless a longer retention period is required by law. Billing records are retained in accordance with applicable financial-recordkeeping requirements. Where you request deletion, we honor that request subject to the exceptions permitted under applicable law, as described in Sections 12 and 13.
11. Security of Personal Data
We maintain administrative, technical, and organizational measures designed to protect personal data against unauthorized access, alteration, disclosure, or destruction, including encryption in transit, access controls, authentication safeguards, and the engagement of reputable infrastructure providers. No method of transmission or storage is entirely secure, and while we work diligently to protect your information, we cannot guarantee absolute security. Where a personal-data breach is likely to result in a risk to affected individuals, we will notify the competent supervisory authority and, where required, the affected individuals, within the timeframes prescribed by applicable law.
12. Your Rights Under the GDPR
Individuals located in the European Economic Area, the United Kingdom, or Switzerland are entitled to exercise the following rights in respect of their personal data, subject to the conditions and exceptions set out in the GDPR:
- Right of Access: You may obtain confirmation as to whether we process your personal data and request a copy of that data, under Article 15.
- Right to Rectification: You may request correction of inaccurate or incomplete data, under Article 16.
- Right to Erasure: You may request deletion of your personal data in the circumstances described in Article 17.
- Right to Restriction: You may request that we restrict processing in the circumstances described in Article 18.
- Right to Data Portability: You may receive your personal data in a structured, commonly used, and machine-readable format, and request its transmission to another controller, under Article 20.
- Right to Object: You may object to processing based on legitimate interests, and to processing for direct-marketing purposes, under Article 21.
- Right to Withdraw Consent: Where processing rests on consent, you may withdraw it at any time, without affecting the lawfulness of processing carried out beforehand.
- Right to Lodge a Complaint: You may lodge a complaint with a supervisory authority in your country of residence, place of work, or the place of an alleged infringement, under Article 77.
13. Your Rights Under California Law
Because the exemption formerly available for business-to-business personal data expired on January 1, 2023, the personal data of business contacts handled through the Services falls within the protection of the CCPA. California residents are entitled to the following rights, exercisable subject to verification of identity and to the statutory exceptions:
- Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected, the sources of that information, the purposes for collecting it, and the categories of recipients to whom it has been disclosed.
- Right to Delete: You may request deletion of personal information we have collected, subject to the exceptions set out in California Civil Code § 1798.105.
- Right to Correct: You may request correction of inaccurate personal information, under California Civil Code § 1798.106.
- Right to Opt Out of Sale or Sharing: You may direct us not to sell or share your personal information; FindBids does not sell personal information and does not share it for cross-context behavioral advertising, and consequently no such transaction requires an opt-out, although we honor recognized opt-out preference signals where applicable.
- Right to Limit Use of Sensitive Personal Information: You may request that we limit the use of sensitive personal information to permitted purposes; the sensitive data we collect, namely account login credentials, is used solely to furnish the Services and is not used to infer characteristics, so the practical scope of this right is correspondingly narrow.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of the foregoing rights, whether by denying Services, charging different prices, or providing a different level of quality.
The updated CCPA regulations concerning automated decision-making technology, risk assessments, and cybersecurity audits, which took effect on January 1, 2026, with substantive obligations phasing in during 2027 and thereafter, are monitored on an ongoing basis, and we will implement any applicable requirements within the prescribed timelines.
14. How to Exercise Your Rights
Requests to exercise any right described above may be submitted by contacting us at info@findbids.us. We will respond within the timeframes required by applicable law, namely one month under the GDPR, extendable where permitted, and forty-five days under the CCPA, extendable by an additional forty-five days where reasonably necessary. To protect your information, we will take reasonable steps to verify your identity before acting upon a request, and an authorized agent acting on your behalf must provide proof of authorization.
15. Children's Data
The Services are intended solely for businesses and professional users, and are not directed to children. We do not knowingly collect personal data from any individual under the age of sixteen. Should we become aware that personal data of a child has been collected without appropriate authorization, we will delete it without undue delay.
16. Third-Party Websites and Services
The Services may contain links to third-party websites, including governmental procurement portals, and may interoperate with third-party providers. The practices of those third parties are governed by their own privacy policies, over which we exercise no control and for which we accept no responsibility. We encourage you to review the privacy notices of any third-party service before providing personal data to it.
17. Changes to This Privacy Policy
We may amend this Privacy Policy from time to time to reflect changes in our practices, in the Services, or in applicable law. When a material change is made, we will revise the "Last Updated" date above and, where appropriate, provide additional notice through the Account or by electronic mail. Continued use of the Services following the effective date of an amendment constitutes acknowledgment of the revised Policy.
18. Contact Information, Data-Protection Representation, and Supervisory Authorities
Questions, requests, and complaints concerning this Privacy Policy or our data practices may be addressed to Astro Smart Tech LLC, doing business as FindBids, at info@findbids.us.
For individuals in the European Economic Area, the United Kingdom, or Switzerland, and to the extent Article 27 of the GDPR requires the designation of a representative within those territories, the identity and contact details of our appointed representative are made available upon request and will be published within this Section once designation is finalized. You retain, in every case, the right to contact your local supervisory authority directly.