BlastRFQ rocket logoBlastRFQ
MaterialsROI CalculatorPricing
Sign in
BlastRFQBlastRFQ

One RFQ. Every qualified vendor. Instantly.

How it worksMaterialsPricingROI CalculatorChangelogRoadmapPartnersSecurityPrivacy PolicyTerms of Service
BlastRFQ, accelerate procurement

Accelerate procurement

© 2026 BlastRFQ LLC. All rights reserved.·BlastRFQ LLC is a product of Cutstep AI LLC.

BlastRFQ LLC · Chicago, IL 60601

Vendor communications sent through BlastRFQ include an unsubscribe link in every email. To opt out of future RFQ notifications, use the unsubscribe link in any email you received.

How it works

What's under the hood.

BlastRFQ isn't a contact-form router. It's a match engine, an audit-grade compliance trail, and a learning loop that improves with every awarded quote. Here's the architecture.

01

The match engine ranks per RFQ, not per slug.

Every supplier in the matched pool gets a per-RFQ fit score with itemized reasons. No black box.

Example: why a supplier ranked top-tier

  • +25Capability match — buyer needs tin-plate stamping; supplier lists 14 stamping capabilities including tin-plate
  • +10State match — buyer in IL, supplier in WI (same Midwest region)
  • +6Strong win rate (30% over last 90 days, 10 quotes)
  • +5Responded to 2 of last 3 RFQs
  • +5Canonical alloy match — vendor profile includes 304 / 304L; RFQ alloy is 304
  • +4ISO 9001 certified — buyer requires baseline certifications
  • -8Lead time tight — RFQ delivery in 14 days, vendor typical 21 days

Final score = 100 + sum of deltas. Tier (top / preview / excluded) drops out of the score.

Inputs include capability and material match, certifications, state and region, MOQ, lead-time fit, historical responsiveness, dormancy, slug-specific pass patterns, organization quality, distributor detection, and 90-day win rate. Every reason is visible to the buyer on the Review Vendors screen before any email goes out.

02

Every regulatory event is on a compliance trail.

Built for the auditor who shows up six months later asking who got contacted and when.

Every blast, opt-out, award, cancellation, and consent event writes to a unified compliance log. The buyer's RFQ detail page surfaces a filtered view — exactly enough to answer regulator questions without leaking internal scoring metadata.

  • →blast_sent — who was contacted, when, with what subject
  • →vendor_unsubscribed — CAN-SPAM 16 CFR 316.6 audit detail (source, IP hash, user agent)
  • →vendor_claimed — supplier confirmed their profile from the blast link
  • →rfq_awarded — final price, winning supplier, quote-volume context
  • →sms_optin / sms_optout — TCPA / FCC consent records (4-year retention)
03

Awards close the learning loop.

Every buyer-marked award teaches the match engine which suppliers actually win their work.

When a buyer marks a quote awarded, the platform writes a structured row with the final negotiated price, attribution, and free-form notes. That data feeds back into the match score on every subsequent RFQ:

Strong win rate (≥20% over the last 90 days, with at least 3 quotes) earns a ranking bonus. Weak win rate(<5% with 5+ quotes) gets a soft nudge down. Small samples don't move the score — one win against one quote isn't signal.

Paired with response data, every interaction makes the next RFQ's match list more accurate.

04

Security: service-role at the data layer, Clerk at the route layer.

Auth gates are explicit, not implicit. Row-level security is defense-in-depth, not the gate.

Every database read and write goes through service-role credentials from server-side route handlers. Clerk authentication gates which user can hit which route. Row-level security policies on every sensitive table enforce service_role_only — so even if a route handler bug bypasses Clerk, the underlying tables refuse the request.

  • →All sensitive tables (RFQs, quotes, vendor contacts, users) explicitly deny anon and authenticated roles
  • →Email and SMS sends route through a single audited chokepoint with kill-switch, mode switch (simulate/live), domain allowlist, and per-recipient validation
  • →Schema-drift monitoring catches any DDL applied outside the migrations folder, hourly
  • →Daily health audit runs against production data — surfaces orphan records, stale matview, bounced contacts still active, dedup backlog
05

Built for integration.

If you run quoting, shop-floor, or ERP software, BlastRFQ slots into the part of the workflow you don't do.

BlastRFQ handles the buyer-to-supplier outreach side: matching, blasting, quote intake, award tracking, compliance. We don't do shop-floor or quoting workflows on the supplier side. That makes us a clean partner for platforms that do.

Interested in integration? Reach out at nick@blastrfq.com.

See what shipped, see what's next.

Changelog|Roadmap|Pricing