Privacy Policy

Venchur Ave Inc. | dlasb.com

Effective Date: May 1, 2026 Last Updated: May 1, 2026

Plain-English Summary

What we collect: your name, email, hashed password, subscription status, and the solicitation PDFs you upload. Your payment card data goes to Stripe — we don't store it.

What we do with your uploads: we send them to an AI provider (Anthropic or OpenAI) on a zero-retention contract — they don't keep your data and they don't train models on it. We process the result and return it to you.

Whether we keep your PDFs: only on Strike, Command, and Joint Ops tiers (which include the Solicitation Manager). RECON, Field Ops, and Academy do not retain uploaded PDFs. When your subscription ends, retained PDFs are deleted.

What we don't do: sell your data, use your uploads to train AI, show third-party ads, or share your information with anyone except the service providers listed below.

This summary is not a substitute for the full Policy below. It exists to help you orient quickly. The binding terms are the full text.

Introduction

This Privacy Policy describes how Venchur Ave Inc. ("Venchur," "we," "us," or "our") collects, uses, stores, shares, and protects information when you visit dlasb.com or use the products and services we offer through that website, including the DLA Solicitation Breakdown Analyzer (the "Analyzer") and the DLA Solicitation Academy (the "Academy"). The Analyzer and the Academy are referred to collectively as the "Services."

We have written this Policy to be specific about what we collect and what we do with it. Where the answer is "we don't do that," we say so. Where the answer depends on which subscription tier you have, we explain the difference. Please read it carefully. By using the Services, you agree to the practices described in this Policy.

1. Who We Are

Venchur Ave Inc. is a Delaware corporation that operates dlasb.com and the Services. Venchur Ave Inc. is a Veteran-Owned Small Business that also bids on government solicitations in its own right. The Services are not affiliated with, endorsed by, or sponsored by the U.S. Department of Defense, the Defense Logistics Agency (DLA), DIBBS, SAM.gov, or any other federal, state, or local government agency.

1.1 Contact for Privacy Questions

If you have any question about this Policy, want to exercise a privacy right, or believe your information has been mishandled, contact us at:

Email: support@venchurave.com
Subject line: "Privacy Inquiry"

We aim to respond to privacy inquiries within thirty (30) days of receipt. Some requests may require additional verification before we can act on them.

2. Scope of This Policy

This Policy applies to:

The dlasb.com marketing website;
The Analyzer (web application and any downloadable client we make available);
The Academy (web application);
Any email, chat, or support communications you have with us about the Services.

This Policy does NOT apply to:

Third-party websites you reach by clicking external links from the Services (including the websites of payment processors, AI providers, government agencies, and procurement portals);
Any product or service operated by another company that integrates with or references the Services;
Information you choose to publish or transmit through systems we do not operate (for example, when you submit a bid through DIBBS or SAM.gov yourself).

3. Key Definitions

Account Information. Information you provide when you create an account or maintain a subscription, including name, email address, hashed password, and your subscription tier and status.

Solicitation Material. Files, documents, text, images, or other content you upload to the Services, including DLA DIBBS quote requests, Invitation for Bid (IFB) documents, Request for Proposal (RFP) documents, attachments, drawings, packaging requirements, and related procurement information.

Analysis Output. Structured data and text generated by the Services as a result of processing your Solicitation Material, including extracted fields, summaries, recommended bid prices, packaging cost estimates, and related interpretive content.

AI Subprocessor. A third-party large language model provider (currently Anthropic and/or OpenAI) that processes Solicitation Material on our behalf to produce Analysis Output.

Personal Information. Information that identifies, relates to, or could reasonably be linked with a particular individual or household, as defined under applicable U.S. state privacy laws.

4. Information We Collect

4.1 Information You Provide Directly

When you create an account, subscribe to a paid plan, contact support, or otherwise interact with the Services, we collect:

Identifiers: name and email address.
Authentication credentials: a salted, bcrypt-hashed copy of your password. We do not store the password itself in plaintext or in a recoverable form.
Subscription information: your subscription tier, status, billing interval, period start and end dates, and quota usage.
Communications: the contents of emails you send to support@venchurave.com or messages submitted through the contact form on dlasb.com.
Solicitation Material: the PDF documents and other files you upload to the Analyzer or Academy.

4.2 Information We Collect Automatically

When you use the Services we automatically collect technical information, including:

Log data: IP address, user-agent string, request timestamps, request paths, response codes, and error events.
Authentication tokens: session identifiers used to keep you signed in.
Usage events: which Analyses you ran, when, against which uploaded file, and the resulting cost (in tokens) of the AI processing.
Operational telemetry: diagnostic information from the Services, such as page-load timing and feature interactions.

We do not currently use third-party advertising trackers. We do not sell your data to advertisers, and the Services display no third-party advertisements.

4.3 Information We Receive from Third Parties

We receive limited information from service providers acting on our behalf:

From Stripe (our payment processor): your customer ID, subscription ID, payment status, billing cycle dates, and the last four digits and expiration date of the payment method you used. We do not receive or store full payment-card numbers.
From AI Subprocessors: token usage and cost metadata associated with each request we make on your behalf.

4.4 Information We Do Not Collect

We do not knowingly collect any of the following from you through the Services:

Government-issued identification numbers (Social Security Numbers, passport numbers, driver's license numbers, CAGE codes that you have not voluntarily included in your communications);
Banking account numbers, routing numbers, or full payment card numbers (Stripe handles these directly);
Health, biometric, genetic, or other special categories of data;
Information from children under thirteen (13). The Services are intended for adult business users only. If we learn we have inadvertently collected information from a child under thirteen, we will delete it.

5. How We Use Information

We use the information described in Section 4 for the following purposes:

To provide, operate, maintain, and improve the Services;
To authenticate you and protect your account from unauthorized access;
To process Solicitation Material through AI Subprocessors and return Analysis Output to you;
To enforce subscription quotas and entitlements (for example, decrementing your monthly analysis allowance);
To process subscription payments and manage billing through Stripe;
To respond to your support inquiries and communicate with you about the Services;
To detect, investigate, and prevent fraud, abuse, security incidents, and policy violations;
To comply with applicable legal obligations and lawful requests from competent authorities;
For aggregate analytics that help us understand product usage at a non-identifying level (for example, "how many analyses ran in the last 24 hours" or "how many licenses are currently active").

We do NOT use Solicitation Material or Analysis Output to train artificial-intelligence models, to build advertising profiles, or to enrich data sold to third parties. We do not sell Personal Information.

6. How AI Processing Works (Plain English)

The Analyzer's core function is to read solicitation PDFs and produce structured Analysis Output. The Academy's Academy Tutor performs a similar function for educational purposes when you upload a practice solicitation. Both rely on AI Subprocessors. We want you to understand exactly what that means.

6.1 What Happens When You Upload a Document

When you upload Solicitation Material, the following sequence occurs:

The document is transmitted from your browser to our servers over an encrypted connection (HTTPS/TLS).
Our servers transmit the relevant portions of the document to the AI Subprocessor for analysis.
The AI Subprocessor processes the content and returns structured Analysis Output to our servers.
Our servers return the Analysis Output to your browser.
Whether the original PDF is retained on our servers depends on your subscription tier (see Section 7).

6.2 Zero-Retention AI Mode

We use AI Subprocessors in their zero-retention modes. This means:

The AI Subprocessor does not store your Solicitation Material after the response has been returned;
The AI Subprocessor does not use your Solicitation Material to train, fine-tune, or improve any model;
The AI Subprocessor does not use your Solicitation Material for any purpose other than producing the immediate Analysis Output we requested.

We rely on the AI Subprocessor's contractual representations to enforce these terms. We cannot, however, audit the AI Subprocessor's internal systems and we do not warrant that they are immune from breach. If you submit information to the Services that you cannot afford to have a third party briefly process, you should not submit it.

6.3 AI Output Is Generated Content

Analysis Output is produced by automated AI aggregation and interpretation of the documents you submit and, where relevant, of publicly available reference material such as historical procurement award data sourced from public government databases. Analysis Output:

Is informational only and is not legal, financial, contractual, regulatory, or compliance advice;
May contain errors, omissions, or hallucinated content. AI systems can produce content that is plausible-sounding but inaccurate;
Should be independently verified by you against the underlying solicitation document and any applicable government source before you rely on it for a bid or contracting decision;
Does not establish, modify, or interpret any contractual relationship between you and any government agency.

7. How Long We Keep Your Data

Different categories of data are retained for different periods. Solicitation Material in particular is retained only on certain subscription tiers, as set out below.

7.1 Account Information

We retain your Account Information (name, email, hashed password, subscription state) for as long as your account is active. If you cancel your subscription and do not resubscribe, your account is downgraded to free-tier status and Account Information is retained until you request deletion or until we delete inactive accounts under our routine maintenance schedule (currently, accounts inactive for twenty-four (24) months may be deleted).

7.2 Solicitation Material

Whether your uploaded Solicitation Material is retained depends on the subscription tier you hold at the time of upload:

No retention: On the RECON (free trial), Field Ops, and Academy tiers, the original Solicitation Material is processed and discarded immediately after the Analysis Output is returned. We do not store your uploaded PDFs on these tiers.
Retention while subscription is active: On the Strike, Command, and Joint Ops tiers (which include the Solicitation Manager feature), uploaded Solicitation Material is retained on our servers for as long as your subscription remains active. This allows you to revisit, re-export, and reload past analyses without re-uploading.

When a paid subscription on a retaining tier ends — by your cancellation, by non-renewal, by your downgrade to a non-retaining tier, or by deletion of your account — we delete your retained Solicitation Material from our active production systems. Deletion typically completes within seven (7) days of the triggering event. See Section 7.5 below regarding backup retention.

7.3 Analysis Output

Analysis Output associated with retained Solicitation Material is retained on the same schedule as the Solicitation Material. On non-retaining tiers, Analysis Output may also be deleted when the originating Solicitation Material is discarded; on retaining tiers, Analysis Output remains available until the subscription ends.

7.4 Logs, Telemetry, and Billing Records

Operational logs, security event records, and aggregate usage telemetry are retained for up to ninety (90) days for diagnostic and security purposes. Billing records (invoices, transaction identifiers) are retained for up to seven (7) years to satisfy tax and accounting obligations under U.S. law.

7.5 Backups

We make periodic encrypted backups of our production database for disaster-recovery purposes. Deleted records may persist in backup snapshots for up to thirty (30) days after deletion from production. We do not query, restore, or selectively extract data from backup snapshots in response to deletion requests; backup data is rotated out automatically as snapshots age.

7.6 Academy Practice Uploads

When you upload a solicitation to the Academy for practice purposes (for example, to ask the Academy Tutor questions about it), the document is processed and discarded after the practice session. The Academy does not maintain an archive of practice solicitations. Your conversation with the Academy Tutor about that document, however, may be retained as part of your learning history depending on Academy product behavior at the time. Refer to your Academy account settings for current behavior.

8. Who We Share Data With

We share information only with service providers acting on our behalf and only to the extent necessary for those providers to deliver their services to us. We do not sell Personal Information to third parties.

8.1 Subprocessors

Our current subprocessors are:

Stripe, Inc. (payment processing): receives the data necessary to process subscription payments. Stripe handles full payment-card numbers; we do not. Stripe's privacy policy is at stripe.com/privacy.
Anthropic, PBC (AI processing, Claude family of models): receives Solicitation Material and prompts to produce Analysis Output, under zero-retention terms.
OpenAI, OpCo, LLC (AI processing, GPT family of models, used in some Analyzer paths): receives Solicitation Material and prompts to produce Analysis Output, under zero-retention terms.
Neon, Inc. (database hosting): hosts our production PostgreSQL database in U.S. data centers.
Vercel Inc. (application hosting): hosts the dlasb.com application in U.S. edge regions.
Resend Inc. (transactional email): sends account-related emails such as password resets and receipts.

We will update this list as our subprocessor relationships change. The current subprocessor list reflects the state of the Services as of the Last Updated date above.

8.2 Legal Disclosures

We may disclose information when we have a good-faith belief that disclosure is required to:

Comply with applicable law, legal process, or a lawful government request;
Enforce our Terms of Service or other agreements;
Protect the rights, property, or safety of Venchur Ave Inc., our users, or the public;
Investigate or prevent suspected fraud, security incidents, or abuse of the Services.

Where legally permitted, we will attempt to notify the affected user before disclosing their information in response to a legal request, unless doing so is prohibited or would frustrate the purpose of the request.

8.3 Business Transfers

If Venchur Ave Inc. is involved in a merger, acquisition, financing, restructuring, or sale of assets, your information may be transferred as part of that transaction. We will provide notice (for example, by email or by a prominent notice on dlasb.com) of any such transfer and of any material change in how your information will be handled.

9. How We Protect Your Information

We use commercially reasonable administrative, technical, and physical safeguards to protect the information we collect, including:

Encryption in transit (TLS 1.2 or higher) for all communications with the Services;
Encryption at rest for production database storage and backup snapshots;
Hashed and salted password storage using bcrypt;
Role-based access controls and least-privilege practices for our internal systems;
Subprocessor agreements that obligate our service providers to maintain comparable safeguards.

No system is perfectly secure. We cannot guarantee that information transmitted to or stored on the Services will never be subject to unauthorized access, disclosure, alteration, or destruction. You are responsible for maintaining the confidentiality of your account credentials and for any activity that occurs under your account. If you believe your account has been compromised, contact us immediately at support@venchurave.com.

10. Your Privacy Rights

Depending on the U.S. state in which you reside, you may have specific privacy rights under applicable law, including the California Consumer Privacy Act (as amended by the CPRA), the Virginia Consumer Data Protection Act, the Colorado Privacy Act, the Connecticut Data Privacy Act, the Utah Consumer Privacy Act, the Texas Data Privacy and Security Act, and similar laws in other states. These laws may grant you the following rights:

10.1 Right to Know / Access

You may request that we disclose what Personal Information we have collected about you, the categories of sources, the purposes for which we collected it, and the categories of third parties with whom we have shared it. You may also request a portable copy of the Personal Information you have provided to us.

10.2 Right to Correct

You may request that we correct inaccurate Personal Information we maintain about you.

10.3 Right to Delete

You may request that we delete Personal Information we have collected about you, subject to certain exceptions (for example, where we are legally required to retain certain records, or where deleting the information would frustrate a security or fraud-prevention purpose).

10.4 Right to Opt Out of Sale or Sharing

We do not sell Personal Information and we do not share Personal Information for cross-context behavioral advertising. There is therefore nothing to opt out of with respect to those activities. If our practices change, we will update this Policy and provide an opt-out mechanism.

10.5 Right to Limit Use of Sensitive Personal Information

We do not collect or use sensitive Personal Information as that term is defined under California law, except as needed to provide the Services you have requested.

10.6 Right to Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights. We will not deny you the Services, charge you a different price, or provide a different level of quality because you exercised a right.

10.7 How to Exercise These Rights

To exercise any of these rights, email support@venchurave.com with the subject line "Privacy Request" and identify which right you are exercising. We will respond within the time required by applicable law (typically forty-five (45) days, with a possible extension as permitted). We may need to verify your identity before acting on a request. You may designate an authorized agent to make a request on your behalf, subject to applicable verification.

11. Children's Privacy

The Services are intended for adult business users (age eighteen and older) who are involved in U.S. government contracting. We do not knowingly direct the Services to, market to, or collect Personal Information from children under thirteen (13). If you believe a child under thirteen has provided Personal Information to us, contact us at support@venchurave.com and we will delete it.

12. International Users

The Services are operated from and intended for users in the United States. The Services are hosted in the United States. If you access the Services from outside the United States, you understand that your information will be transferred to, stored in, and processed in the United States, where data-protection laws may differ from those in your jurisdiction. We do not specifically target the Services to residents of the European Economic Area, the United Kingdom, or other jurisdictions outside the United States, and we do not warrant that the Services comply with the privacy laws of any country other than the United States.

13. Cookies and Local Storage

The Services use cookies and similar storage technologies to keep you signed in, remember your preferences, and operate the Services. We use the following categories:

Strictly necessary: session cookies and authentication tokens that are required for the Services to function;
Functional: cookies that remember your preferences (such as billing-interval toggles);
Operational analytics: aggregate, non-identifying telemetry about Service usage.

We do not use third-party advertising cookies or cross-site tracking pixels. You can configure your browser to refuse cookies; if you do so, parts of the Services may not function correctly.

14. Changes to This Policy

We may update this Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this Policy and, where appropriate, notify you by email or by a prominent notice on dlasb.com before the change takes effect. Your continued use of the Services after the effective date of an updated Policy constitutes your acceptance of the changes.

15. How to Contact Us

If you have any questions or concerns about this Policy or our privacy practices, you can reach us at:

Venchur Ave Inc.
Email: support@venchurave.com
Subject line: "Privacy Inquiry"

We are committed to addressing legitimate privacy concerns promptly and in good faith.