Public files only. Human review required.Trust starts with clear source boundaries.

SourceFlag is for public and unclassified solicitation review with citations and clear upload boundaries.SourceFlag is built for source-backed first-pass review of public solicitation packages, with citations, human review, and conservative data-boundary language at the center of the workflow.

Public files only. Human review required.Built for public solicitations, with source context close to every output.

Use SourceFlag for public/unclassified solicitation materials. Verify AI-assisted output before use.SourceFlag is for public and unclassified solicitation materials only. AI-assisted output can be wrong or incomplete, so citations and human review stay central to the workflow.

Read Trust Center

Source-backed outputs

Citations and excerpts stay close to important answers.Citations, page references, source excerpts, and attachment cues stay close to important answers.

Do-not-upload boundary

Do not upload restricted, controlled, private, or sensitive material.No CUI, Federal Contract Information (FCI), ITAR-controlled data, EAR/export-controlled material, classified information, source-selection-sensitive information, procurement-sensitive information, non-public government or contractor information, private capture material, internal pricing strategy, sensitive customer/subcontractor/teaming material, regulated personal data, or restricted material.

Human review required

Proposal, pricing, legal, and compliance decisions stay human.Proposal, capture, pricing, legal, and compliance decisions remain human responsibilities.

Workspace access

Access follows account roles, memberships, and invitations.Workspace access follows the configured account, membership, invitation, and role flow.

Review public solicitations without mixing in restricted material.

Organize public and unclassified solicitation packages into a source-backed workspace for first-pass proposal review.

Public RFP review checklist for proposal teams.

Use this public RFP review checklist to organize intake, requirements, deadlines, risks, clarifying questions, kickoff, and handoff.

Federal Contract Information (FCI) and SourceFlag boundary.

Federal Contract Information is information not intended for public release that is provided by or generated for the government under a contract.

Who operates SourceFlag?

SourceFlag is operated by CodeArtisans LLC and is scoped to U.S.-only B2B use with public and unclassified solicitation materials.

Read About SourceFlag

Self-serve scope

Current self-serve plans are U.S.-only, B2B-only, and limited to public/unclassified solicitation packages.

Public and unclassified boundary

SourceFlag is intended for public solicitation packages and related public attachments only.

No CUI, Federal Contract Information (FCI), ITAR-controlled data, EAR/export-controlled material, classified information, source-selection-sensitive information, procurement-sensitive information, non-public government or contractor information, private capture material, internal pricing strategy, sensitive customer/subcontractor/teaming material, regulated personal data, or restricted material.

Source-backed outputs

Ask answers and review outputs are designed to stay tied to source files, citations, excerpts, pages, and attachment references.

Important answers should be verified against the original solicitation package before use.

Human review required

SourceFlag accelerates first-pass review, but it does not guarantee compliance or replace proposal-team judgment.

Proposal, capture, legal, pricing, and compliance decisions remain human responsibilities.

Workspace access controls

Workspaces are intended to separate access by account, membership, invitation, and role flow.

Workspace administrators remain responsible for inviting and removing appropriate users.

AI processing posture

SourceFlag uses managed AI providers for product features such as review, Ask, drafting, summarization, and extraction.

Workspace content is used to operate the service and is not sold. See Privacy for provider language.

Data export and deletion

Workspace data can be exported or deleted on verified request where commercially reasonable.

Requests remain subject to billing, security, backup, legal retention, and legitimate business needs.

What SourceFlag is not

No unsupported compliance or security promises.

The trust posture is intentionally conservative. SourceFlag supports review; it does not become the authority on agency interpretation, compliance, or proposal risk.

No SOC 2 report is currently offered.

No FedRAMP authorization is currently offered.

No CMMC certification is currently offered.

Not a CUI, Federal Contract Information (FCI), ITAR, classified, or export-controlled hosting environment.

Not legal, procurement, pricing, capture, compliance, security, or export-control advice.

Not a guarantee that every requirement, deadline, risk, ambiguity, amendment, or instruction will be found.

Security practices

SourceFlag uses commercially reasonable administrative, technical, and organizational safeguards designed to protect information. No transmission, storage, or processing method is perfectly secure.

Users are responsible for deciding what to upload, managing access, keeping credentials secure, and verifying outputs before use.

Subprocessors and service providers

The current Privacy Policy names these providers for AI processing, authentication, database/storage, hosting, background jobs, billing, business email, and optional walkthrough video embeds:

OpenAI APISupabaseStripeVercelRenderGoogle WorkspaceYouTube privacy-enhanced embeds

View subprocessors and service providers

Trust and security questions, answered.

The answers stay aligned with the public/unclassified boundary, Privacy Policy, and Terms.

Can I upload CUI, FCI, ITAR, classified, or private capture material?

No. SourceFlag is currently intended only for public and unclassified solicitation packages and related public attachments. Do not upload CUI, Federal Contract Information (FCI), ITAR-controlled data, EAR/export-controlled material, classified information, source-selection-sensitive information, procurement-sensitive information, private capture material, internal pricing strategy, sensitive customer/subcontractor/teaming material, regulated personal data, or restricted material.

What happens if AI output is wrong or incomplete?

AI-assisted output can be wrong, incomplete, or misapplied. SourceFlag is designed to support review, not replace it. Users must verify outputs against the original solicitation package and their own proposal requirements.

Who controls workspace access?

Workspace administrators manage access according to the configured account, membership, invitation, and role flow. Users remain responsible for granting access only to appropriate reviewers.

How do deletion and export requests work?

Workspace data can be exported or deleted on verified request where commercially reasonable, subject to billing, security, backup, and legal retention needs. This language is aligned with the Privacy Policy and Terms.

Need to report a privacy or security concern?

Use the published Privacy contact for privacy requests, security concerns, and data-handling questions.

Contact privacy@sourceflagworkspace.com

Public files only. Human review required.Trust starts with clear source boundaries.

Public files only. Human review required.Built for public solicitations, with source context close to every output.

Source-backed outputs

Do-not-upload boundary

Human review required

Workspace access

Review public solicitations without mixing in restricted material.

Public RFP review checklist for proposal teams.

Federal Contract Information (FCI) and SourceFlag boundary.

Who operates SourceFlag?

Public and unclassified boundary

Details

Source-backed outputs

Details

Human review required

Details

Workspace access controls

Details

AI processing posture

Details

Data export and deletion

Details

No unsupported compliance or security promises.

Security practices

Subprocessors and service providers

Trust and security questions, answered.

Can I upload CUI, FCI, ITAR, classified, or private capture material?

What happens if AI output is wrong or incomplete?

Who controls workspace access?

How do deletion and export requests work?

Can I upload CUI, FCI, ITAR, classified, or private capture material?

What happens if AI output is wrong or incomplete?

Who controls workspace access?

How do deletion and export requests work?

Need to report a privacy or security concern?