GovPrimer
Start free
Security & Trust
01TRUST

Security & trust at GovPrimer

GovPrimer encrypts your data in transit, isolates every workspace in a multi-tenant architecture, enforces role-based access, and secures API keys with signed webhooks. The platform is built on official public data from SAM.gov, USAspending.gov, and Grants.gov — not classified information. Here's exactly how we handle your data.

By the GovPrimer teamUpdated June 13, 2026
Start free Ask a security question
02How we handle your data

Encryption in transit

All traffic to and from GovPrimer — the app, the API, and webhooks — is served over HTTPS using modern TLS. Your credentials, searches, and pipeline data are never sent in the clear.

Multi-tenant isolation

Every workspace's data is scoped to its organization. Queries are filtered by tenant on the server so one customer's saved searches, pipeline, notes, and exports are never visible to another.

Role-based access control

Invite teammates and assign roles so people see and do only what their role allows. Workspace owners manage members, permissions, and who can export or change shared searches.

API key security

API access uses org-scoped keys sent over HTTPS, and outbound webhook payloads are signed so you can verify they came from GovPrimer. Keys are tied to your workspace and can be rotated.

Built on public data

The opportunity, award, and agency data in GovPrimer comes from official public sources — SAM.gov, USAspending.gov, and Grants.gov. We aren't handling classified or controlled information to power search.

Data minimization

We collect what we need to run the product — your account, workspace, and the searches and pursuits you create — and nothing more. We don't sell your personal data.

Reputable infrastructure

GovPrimer runs on established cloud infrastructure with managed, access-controlled databases and routine backups, so your workspace data is durable and recoverable.

Transparent policies

What we collect, why, and how we use it is spelled out in our Privacy Policy and Terms — in plain language, without surprises.

03Our privacy commitments

Promises we hold ourselves to

Your workspace is yours

The searches, pipeline, notes, and exports you create belong to your organization. We don't repurpose your private capture data, and we don't sell your personal information.

Least privilege by default

Access is scoped — by tenant, by role, and by API key — so people and integrations get only the access they need to do their job.

Honest about our maturity

GovPrimer is a young, fast-moving product. We describe the security practices we actually follow rather than claiming certifications we don't yet hold — and we'll update this page as our program matures.

04By design

Built on public data

The intelligence side of GovPrimer — opportunities, awards, contractors, and agency analytics — is sourced entirely from official public datasets. That's a deliberate trust decision: the data that powers your market research is open government information, not something sensitive we've collected about you or your competitors.

The only private data in GovPrimer is the work you do on top of that public foundation: your account, your workspace members, and the saved searches, alerts, pipeline, and notes you create. That private layer is what our isolation, access control, and encryption practices are built to protect.

SAM.gov (opens in a new tab) USAspending.gov (opens in a new tab) Grants.gov (opens in a new tab)

Reporting & responsible disclosure

Found a potential vulnerability or have a security concern? We want to hear about it. Email us and we'll respond promptly and work with you on a fix.

Email hello@govprimer.com

Read the legal details

Privacy Policy Terms of Service
01Questions

Security & privacy FAQs

How does GovPrimer protect my data in transit?

All connections to the GovPrimer app, API, and webhooks use HTTPS with modern TLS, so your credentials and workspace data are encrypted while moving between your browser or systems and GovPrimer.

Can other customers see my searches or pipeline?

No. GovPrimer is multi-tenant and scopes all data to your organization. Server-side queries are filtered by tenant, so your saved searches, pipeline, notes, and exports are isolated from other customers.

Does GovPrimer have role-based access control?

Yes. You can invite teammates and assign roles so each person sees and does only what their role permits. Workspace owners manage members, permissions, and shared searches.

How are API keys and webhooks secured?

API requests are authenticated with org-scoped keys over HTTPS, and outbound webhook payloads are signed so you can verify they originated from GovPrimer. Keys are tied to your workspace and can be rotated.

Is GovPrimer SOC 2 certified?

GovPrimer is a young product, and we describe the practices we actually follow rather than claiming certifications we don't yet hold. If you have specific compliance or security-review requirements, email hello@govprimer.com and we'll work through them with you.

What data sources power GovPrimer?

GovPrimer's opportunity, award, and agency data comes from official public sources — SAM.gov, USAspending.gov, and Grants.gov — so the platform isn't built on classified or controlled information.

01Get started

Put GovPrimer to work — securely

Start free on a platform built on public data, with workspace isolation and role-based access from day one.

Start free Read our privacy policy