Last updated: June 7, 2026
Cookie Policy
This Cookie Policy explains how ContractBeam ("we", "us") uses cookies on https://contractbeam.com. It is written to be readable by a non-lawyer and to be honest about exactly what we do and do not do.
ContractBeam helps you discover federal contract and grant opportunities. You do not need an account, a login, or a password to use it. Because there is no login, the way we remember and personalize your experience relies on a single cookie, described below.
What cookies are
Cookies are small text files that a website asks your browser to store on your device. When you return to the site, your browser sends the cookie back, which lets the site recognize that the same browser has visited before. Cookies can be "first-party" (set by the site you are visiting) or "third-party" (set by another company, often for advertising or cross-site tracking).
Some cookies are strictly necessary for a site to function. Others — like the one we use — are not strictly necessary; they enable personalization and let us understand how the product is used.
Cookies on ContractBeam
ContractBeam sets one first-party cookie of its own (tv). In addition, Google AdSense — the third party that serves the ads which keep ContractBeam free — sets its own third-party advertising cookies. Both are listed here.
| Cookie | Set by | Purpose | Category | Duration |
|---|---|---|---|---|
tv | ContractBeam (first-party) | A randomly generated, anonymous visitor id (a UUID). It lets us remember your saved opportunities, tailor rankings and recommendations to you, and measure how the product is used. | Functional / personalization and product analytics — not strictly necessary | About 2 years |
__gads, __gpi, __eoi (and similar) | Google AdSense (third-party) | Serve ads, limit how often you see the same ad, measure performance, and — with consent where required — personalize ads. | Third-party advertising | Up to ~13 months |
IDE, DSID, test_cookie (on doubleclick.net / google.com) | Google (third-party) | Ad delivery, measurement, and personalization across sites that use Google's ad services. | Third-party advertising | Session to ~13 months |
Technical details: the first-party tv cookie is HttpOnly and SameSite=Lax, and is marked Secure in production. The advertising cookies are set and controlled by Google, not by us; exact names and lifetimes are determined by Google and may change.
Honest classification. Although the tv cookie is first-party and we use it for our own product personalization and analytics rather than advertising, it is not a strictly-necessary cookie. The site can still load and show opportunities without it; the cookie's job is to personalize your experience and to power our analytics. For that reason, in the EU and UK we treat the tv cookie as a non-essential / analytics cookie that requires your consent before we set it.
How we use the cookie
The anonymous id in the tv cookie is the key that ties together:
- Saved opportunities — the opportunities you bookmark, so they persist for you. These remain stored until you unsave them.
- Your behavior on the site — events such as searches, impressions, views, saves, unsaves, dismissals, bid clicks, filters, and profile actions, along with truncated query text and facets like NAICS code, agency, set-aside, state, source, and opportunity type. We use this to improve ranking and recommendations and to understand how the product's funnel works.
- Your self-declared business profile — if you voluntarily fill it in (NAICS codes, set-asides, states, keywords), it is associated with your visitor id to provide the strongest personalization. We store the latest version you submit; it is overwritten when you update it.
The id is pseudonymous: it is not linked to your name or email, because we do not collect those.
Legal basis (EU/UK)
For people in the EU and UK, our legal bases under the GDPR are:
- Placing the
tvcookie: your consent, collected through the cookie consent banner, as required by the ePrivacy rules for a non-essential cookie. - Personalization, ranking, recommendations, and product analytics (the visitor id, behavior events, and saved opportunities): our legitimate interests in operating and improving the product, balanced against your privacy.
- Your self-declared business profile: your consent, given by voluntarily filling in the optional form.
- Rate-limiting from your IP address: our legitimate interests in security and abuse prevention. We use the IP address only as an in-memory rate-limit key and never store it.
How long we keep this data
We are honest that retention here is open-ended:
- The anonymous visitor id persists in the cookie for about 2 years (or until you clear it).
- Behavior events and the visitor id linkage are retained indefinitely to support ongoing ranking and analytics.
- Saved opportunities are kept indefinitely until you unsave them.
- Your business profile is kept indefinitely and is overwritten each time you update it.
- The IP address used for rate-limiting is ephemeral and held only in memory; it is never written to storage.
Clearing the tv cookie severs the link between your browser and this stored data; see "Consent and how to withdraw it" and "Your rights" below.
Advertising cookies (Google AdSense)
ContractBeam shows third-party display ads served by Google AdSense. Google and its ad partners use the advertising cookies listed above to deliver and measure ads, cap how often you see them, and — where permitted — personalize them to your interests, which may involve processing your IP address, device/browser data, and ad identifiers. Google does this as an independent third party under its own privacy policy (policies.google.com/privacy; policies.google.com/technologies/partner-sites).
You control advertising cookies through:
- the on-site consent message (EEA/UK/Switzerland), where you can refuse personalized advertising;
- Google Ad Settings (myadcenter.google.com) to turn off ad personalization;
- aboutads.info/choices and youronlinechoices.eu to opt out of participating vendors;
- your browser cookie controls.
Refusing personalized ads doesn't remove ads — Google may still show non-personalized ones.
What we still do NOT use
To be clear about the boundaries:
- No advertising beyond Google AdSense. AdSense is the only ad network on the site; we don't run others.
- No fingerprinting. We do not use device or browser fingerprinting.
- No cross-site analytics by us. Our own analytics are Vercel Web Analytics and Speed Insights — cookieless, aggregate-only, and not used to identify you. We also keep an anonymous search log (search terms + result counts, no identifier).
- No accounts, passwords, names, emails, payment data, or precise geolocation. We do not collect any of these from visitors. (Any contact name or email shown on an opportunity is a public government point of contact, not visitor data.)
Where opportunity data comes from
The opportunities you browse are aggregated from public federal sources — SAM.gov (contract solicitations), Grants.gov (grants), and USASpending.gov (awarded contracts), plus sample seed data. This is public government data, not data about you. The data about you is limited to the anonymous visitor id, your on-site behavior, your saves, and any profile you choose to fill in, as described above.
Service providers
ContractBeam runs on infrastructure and services operated by third parties who process data on our behalf or, in Google's case, as an independent advertising provider:
- Vercel — hosting, edge proxy, and serverless functions; handles incoming requests (including IP addresses, which we use only to rate-limit and never store).
- Neon — serverless Postgres database that stores opportunities, behavior events, saves, and profiles.
- Google (AdSense) — serves the third-party display ads that fund the site and sets the advertising cookies listed above, as an independent third party under its own privacy policy.
Consent and how to withdraw it
In regions where consent is required (including the EU and UK), we ask for your consent through a cookie consent banner before setting the non-essential tv cookie. You can accept or decline.
For advertising cookies, visitors in the EEA, UK, and Switzerland are shown Google's certified consent message before personalized ads are used, where you can consent or refuse. Everywhere, you can manage advertising cookies through Google Ad Settings (myadcenter.google.com), aboutads.info/choices, and your browser controls (see “Advertising cookies (Google AdSense)” above).
You can change your mind or withdraw consent at any time:
- Clear the cookie. Deleting the
tvcookie in your browser removes the anonymous id. This severs the link between your browser and any saved opportunities, behavior history, or profile tied to that id. The next time you visit, you will appear as a brand-new, unrecognized visitor. - Use your browser controls. Most browsers let you block or delete cookies for a specific site or for all sites. You can use these controls to refuse the
tvcookie. Note that if you block it, personalization and your saved opportunities will not persist between visits.
Do Not Track and Global Privacy Control
Some browsers can send a "Do Not Track" (DNT) signal or a Global Privacy Control (GPC) signal. There is no industry-wide standard for how sites must respond to DNT. Because ContractBeam serves personalized ads through Google AdSense, that activity may be considered a "sale" or "sharing" under some U.S. state laws; you can opt out of personalized advertising through the on-site consent message, Google Ad Settings (myadcenter.google.com), and aboutads.info, and you can use GPC together with Google's privacy controls to signal your choice. You can also control the first-party tv cookie at any time using the consent banner, by clearing the cookie, or through your browser settings as described above.
Your rights
Depending on where you live, you may have rights over your data.
If you are in the EU or UK (GDPR): you have the right to access your data (Art. 15), to rectify it (Art. 16), to erase it (Art. 17), to data portability (Art. 20), and to object to processing based on legitimate interests (Art. 21). Your self-declared business profile is editable on the site (rectification).
If you are in California or a similar US state (CCPA/CPRA and equivalents): you have the right to know what we collect, to delete it, and to correct it. We don't sell your personal information for money, but serving personalized ads through Google AdSense may count as a "sale" / "sharing" for cross-context behavioral advertising — you can opt out via Google Ad Settings, the on-site consent message, and aboutads.info (see “Advertising cookies (Google AdSense)” above).
Because there is no login, deletion and most data-subject requests are handled manually rather than through self-service. To exercise any of these rights, or to ask a question, contact us using the details below. Clearing the tv cookie is also an immediate, self-service way to disconnect your browser from your stored data.
Changes to this policy
We may update this Cookie Policy from time to time, for example if our practices or providers change. When we do, we will update the "Last updated" date at the top of this page.
Contact
If you have questions about this Cookie Policy or about cookies on ContractBeam, contact us at frank.yang@nexarionflux.ai.
This policy is governed by the laws of the State of Michigan.
Note: This document is a plain-language template provided for convenience, not legal advice — have a qualified attorney review it before you rely on it.