Privacy Policy
Last updated: March 23, 2026
1. Introduction
Blacksmith AI LLC ("Blacksmith AI," "we," "us," or "our") operates the Vulcan platform available at blacksmithai.net, an AI-powered software-as-a-service solution designed for government contracting professionals. We are committed to protecting the privacy and security of the personal information and business data entrusted to us by our users. This Privacy Policy describes how we collect, use, store, share, and protect your information when you visit our website, create an account, or use the Vulcan platform and its associated services.
This Privacy Policy applies to all users of the Service, including visitors who browse our website without creating an account, registered users with active subscriptions, and administrators who manage organizational accounts. By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy and consent to the data practices described herein. If you do not agree with this Privacy Policy, you should not access or use the Service. We encourage you to read this Privacy Policy carefully and to check this page periodically for updates.
2. Information We Collect
Account Information: When you register for an account, we collect your full name, email address, company or organization name, phone number (optional), job title, and password. If you are an organizational administrator, we may also collect information about your organization, including company size, NAICS codes, CAGE code, UEI number, and business address. This information is necessary to create and maintain your account and to provide the Service.
Usage Data: We automatically collect certain technical and usage information when you access the Service, including your Internet Protocol (IP) address, browser type and version, operating system, device type, referring URLs, pages visited within the Service, features used, time and date of access, time spent on pages, click patterns, and other diagnostic data. This information helps us understand how users interact with the Service and enables us to improve platform performance, user experience, and feature development.
Content Data:We collect and store the content you upload to or create within the Service, including but not limited to: uploaded documents (RFPs, RFQs, SOWs, and other solicitation documents), proposals and proposal drafts, organizational profiles, employee and personnel records, past performance narratives, compliance matrices, staffing plans, price workbooks, and any other materials you provide to leverage the platform's features. This content is essential for the AI-powered features of the Service to function.
Payment Data: When you subscribe to a paid plan, payment processing is handled entirely by our third-party payment processor, Stripe, Inc. We do not directly collect, store, or have access to your full credit card number, debit card number, or bank account details. We receive from Stripe only a truncated card identifier (last four digits), card brand, expiration date, billing address, and transaction status for the purpose of maintaining your subscription records and providing customer support.
3. How We Use Your Information
We use the information we collect for the following purposes: (a) to provide, operate, and maintain the Service, including processing your requests, generating AI-powered outputs, and delivering the features you have subscribed to; (b) to process your data through AI models to generate proposals, compliance analyses, staffing plans, price workbooks, and other outputs as directed by you; (c) to improve, personalize, and expand the Service, including analyzing usage patterns to identify areas for improvement and developing new features; (d) to communicate with you, including sending service-related announcements, technical notices, updates, security alerts, and administrative messages.
We also use your information: (e) to process transactions and manage your subscription, including billing, invoicing, and payment processing through Stripe; (f) to monitor and analyze usage trends and activity on the Service for security purposes, including detecting, investigating, and preventing fraudulent transactions, unauthorized access, and other illegal activities; (g) to comply with legal obligations, respond to lawful requests from public authorities, and protect our rights, privacy, safety, or property; and (h) to enforce our Terms of Service and other agreements. We will not use your information for purposes materially different from those described in this Privacy Policy without your consent.
4. AI Data Processing
The Vulcan platform utilizes large language models (LLMs) provided by third-party AI service providers, including Anthropic, OpenAI, and Google, to power its AI features. When you use AI-powered features of the Service, portions of your data and content are transmitted to these providers' APIs for processing. This data transmission is necessary to generate the outputs you request, such as proposal narratives, compliance analyses, and document summaries. We send only the minimum data necessary to fulfill your specific request.
Critically, your data is not used by Anthropic, OpenAI, Google, or any other AI provider to train, fine-tune, or improve their general-purpose models. We maintain enterprise-tier agreements with our AI providers that include explicit data protection provisions and prohibitions on model training with customer data. All AI processing is ephemeral in nature: your data is processed in real time to generate the requested output and is not persistently stored by the AI provider beyond the duration of the API request. We do not aggregate your data with data from other users for AI processing purposes. Each request is processed independently using only your authorized content.
5. Data Storage & Security
Your data is stored on Amazon Web Services (AWS) infrastructure located in the United States, primarily in the us-east-1 region. Our database services are provided by MongoDB Atlas, which operates on AWS infrastructure with enterprise-grade security controls. All data is encrypted at rest using AES-256 encryption and in transit using TLS 1.2 or higher. We implement strict access controls, including role-based access control (RBAC), multi-factor authentication for administrative access, and the principle of least privilege for all personnel who may interact with production systems.
Blacksmith AI maintains security controls appropriate for handling Controlled Unclassified Information (CUI) in accordance with NIST Special Publication 800-171 guidelines. We are actively pursuing SOC 2 Type II compliance and Cybersecurity Maturity Model Certification (CMMC) readiness. Our security program includes regular vulnerability assessments, penetration testing, security awareness training for all employees, incident response planning, and continuous monitoring of our infrastructure. We employ network segmentation, intrusion detection systems, and automated alerting to identify and respond to potential security threats promptly. While no method of transmission over the internet or method of electronic storage is 100% secure, we strive to use commercially acceptable means to protect your information.
6. Data Sharing
Blacksmith AI does not sell, rent, trade, or otherwise commercially exploit your personal information or User Content to any third party. We share your information only in the following limited circumstances: (a) with AI service providers (Anthropic, OpenAI, Google) solely for the purpose of processing your AI requests as described in Section 4; (b) with Stripe for payment processing and subscription management as described in Section 2; (c) with Mapbox for geospatial data processing and mapping features within the platform; (d) with service providers who assist us in operating the Service, such as hosting providers, email delivery services, and customer support tools, subject to confidentiality agreements.
We may also disclose your information: (e) to comply with applicable law, regulation, legal process, or enforceable governmental request, including lawful requests by public authorities to meet national security or law enforcement requirements; (f) to enforce our Terms of Service or other agreements, including investigation of potential violations; (g) to detect, prevent, or otherwise address fraud, security, or technical issues; (h) to protect against harm to the rights, property, or safety of Blacksmith AI, our users, or the public as required or permitted by law; or (i) in connection with a merger, acquisition, reorganization, or sale of assets, in which case the acquiring entity would be bound by the terms of this Privacy Policy with respect to your information.
7. Cookies & Analytics
We use cookies and similar tracking technologies to operate and improve the Service. Essential cookies are required for core functionality, including user authentication, session management, security tokens (CSRF protection), and remembering your preferences. These cookies are strictly necessary for the Service to function and cannot be disabled without affecting your ability to use the platform.
Analytics cookies: We use Google Analytics (measurement ID: GA-KC9K9VG5QJ) to collect anonymized usage data about how visitors interact with our website and platform. Google Analytics uses cookies to track page views, session duration, traffic sources, user flow, and feature engagement. This data is aggregated and anonymized and is used solely to understand usage patterns and improve the Service. We do not use any third-party advertising cookies, retargeting pixels, or social media tracking scripts. We do not serve advertisements on the Service and do not share analytics data with advertisers. You may manage your cookie preferences through your browser settings; however, disabling essential cookies may impair the functionality of the Service.
8. Your Rights
You have the following rights with respect to your personal information: (a) Right to Access: You may request a copy of the personal information we hold about you at any time. (b) Right to Correction: You may request that we correct any inaccurate or incomplete personal information. (c) Right to Deletion: You may request that we delete your personal information, subject to certain legal exceptions. (d) Right to Data Portability: You may request a machine-readable export of your data, including all User Content, account information, and platform-generated outputs.
(e) Right to Opt Out of Marketing:You may opt out of receiving marketing communications at any time by clicking the "unsubscribe" link in any marketing email or by contacting us directly. (f) CCPA Rights: If you are a California resident, you have additional rights under the California Consumer Privacy Act, including the right to know what personal information we collect, the right to delete your personal information, the right to opt out of the sale of personal information (which we do not engage in), and the right to non-discrimination for exercising your privacy rights. (g) GDPR Rights: If you are located in the European Economic Area, you may have additional rights under the General Data Protection Regulation, including the right to restrict processing and the right to object to processing. To exercise any of these rights, please contact us at info@blacksmithai.net. We will respond to all verified requests within thirty (30) days.
9. Data Retention
Active Accounts: We retain your personal information and User Content for the duration of your active subscription. Your data remains accessible and available to you throughout your subscription term and is actively maintained in our production systems. Terminated Accounts: Following account termination or cancellation, we retain your data for a period of thirty (30) days to allow you to reactivate your account or export your data. After this 30-day grace period, your User Content and personal information will be scheduled for permanent deletion from our production systems.
Backups: Copies of your data that exist in backup systems will be purged within ninety (90) days of the deletion of your production data. We maintain automated backup rotation schedules to ensure timely purging of deleted data from all backup media. Legal Holds: In certain circumstances, we may be required to retain your data beyond the standard retention periods to comply with legal obligations, resolve disputes, enforce our agreements, or respond to lawful government requests. In such cases, we will retain only the minimum data necessary and for only as long as required by the applicable legal obligation. Anonymized and aggregated data that cannot be used to identify you may be retained indefinitely for statistical and analytical purposes.
10. International Data Transfers
Blacksmith AI is based in the United States, and the Service is hosted on AWS infrastructure primarily in the us-east-1 (Northern Virginia) region. All data collected through the Service is processed and stored in the United States. If you are accessing the Service from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using the Service, you consent to the transfer of your information to the United States. We take reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy regardless of where it is processed.
11. Children's Privacy
The Service is not directed to individuals under the age of eighteen (18). We do not knowingly collect personal information from children under 18. The Service is designed for use by business professionals in the government contracting industry and is not intended for use by minors. If we become aware that we have inadvertently collected personal information from a child under 18, we will take immediate steps to delete such information from our systems. If you believe that we may have collected information from a child under 18, please contact us immediately at info@blacksmithai.net so that we can take appropriate action.
12. Government Contractor Considerations
We recognize that many of our users handle Controlled Unclassified Information (CUI) and other sensitive government contracting data. Blacksmith AI is committed to maintaining security controls aligned with the National Institute of Standards and Technology (NIST) Special Publication 800-171, "Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations." Our security program addresses the fourteen families of security requirements outlined in NIST 800-171, including access control, awareness and training, audit and accountability, configuration management, identification and authentication, incident response, maintenance, media protection, physical protection, personnel security, risk assessment, security assessment, system and communications protection, and system and information integrity.
We are actively working toward Cybersecurity Maturity Model Certification (CMMC) readiness to meet the evolving cybersecurity requirements for organizations working within the Defense Industrial Base (DIB) and broader federal contracting ecosystem. Our infrastructure and operational practices are designed to support our users' compliance obligations under DFARS 252.204-7012, DFARS 252.204-7020, and related regulatory requirements. Users are responsible for assessing whether the Service meets their specific contractual and regulatory requirements for the handling of CUI or other controlled data categories. We are happy to discuss our security controls and compliance posture with prospective and current customers upon request.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. For material changes to this Privacy Policy, we will provide at least thirty (30) days advance notice by sending an email to the address associated with your account and by posting a prominent notice within the Service. Non-material changes, such as typographical corrections or minor clarifications, may be made without prior notice. The "Last updated" date at the top of this Privacy Policy will be revised to indicate when the most recent changes were made.
Your continued use of the Service after the effective date of any changes to this Privacy Policy constitutes your acceptance of the updated policy. If you do not agree to the changes, you should discontinue your use of the Service and contact us to discuss your concerns or to request deletion of your data. We encourage you to review this Privacy Policy regularly to stay informed about how we are protecting your information.
14. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
Blacksmith AI LLC
1611 N Broadway Ave
Oklahoma City, OK 73103
United States of America
Email: info@blacksmithai.net
We take all privacy inquiries seriously and will make reasonable efforts to respond within thirty (30) days. For matters related to data breaches or security incidents, please include "SECURITY" in your email subject line so that we may escalate and prioritize your report. If you are not satisfied with our response, you may have the right to lodge a complaint with your local data protection authority.