Privacy Policy

Last updated: April 19, 2026

BlastRFQ ("we," "us," "our," or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our Services. By accessing and using BlastRFQ, you acknowledge that you have read, understood, and agree to be bound by all the terms of this Privacy Policy.

Information We Collect

We collect information in several ways to provide and improve our services:

Information You Provide Directly

  • Account Registration: Business name, contact information (email, phone), company details, and industry information
  • RFQ Data: Request for quotation specifications, material requirements, quantities, drawings, and technical specifications
  • Quote Data: Pricing information, terms, delivery dates, and other commercial terms provided by vendors
  • Billing Information: Payment method details (processed securely by Stripe), invoicing address, and transaction history
  • Communications: Messages, inquiries, feedback, and support requests sent through our platform
  • Profile Information: Job titles, roles, permissions, and preferences within the platform

Information Collected Automatically

  • Device Information: Browser type, operating system, device identifiers, and mobile network information
  • Usage Data: Pages visited, features used, search queries, click patterns, and time spent on sections
  • IP Address and Location: IP address and approximate geographic location based on IP geolocation
  • Cookies and Tracking Technologies: Cookies, web beacons, and similar tracking mechanisms (see Cookies section below)
  • Server Logs: Access logs containing IP addresses, request types, and timestamps

Third-Party Information

  • Information from business verification services and public records
  • Data from integrated authentication services (Clerk)
  • Information shared by other users when they reference or invite you to the platform

How We Use Information

We use the information we collect for legitimate business purposes:

  • Service Delivery: To provide, maintain, and improve the BlastRFQ platform and features
  • Matching and Communications: To connect buyers with appropriate vendors and facilitate RFQ/quote exchanges
  • Account Management: To manage user accounts, authenticate users, and maintain permissions
  • Billing and Payments: To process payments, generate invoices, and manage subscriptions
  • Analytics and Optimization: To analyze platform usage, improve user experience, and optimize features
  • Customer Support: To respond to inquiries, troubleshoot issues, and provide technical assistance
  • Legal Compliance: To comply with applicable laws, regulations, and legal obligations
  • Fraud Prevention: To detect, prevent, and address fraudulent activity and security threats
  • Business Operations: To conduct general business operations, including auditing and data analysis
  • Marketing Communications: To send product updates, service announcements, and promotional materials (with your consent)

Sharing Your Information

We share information only as necessary to provide services and comply with legal obligations:

Service Providers

We share information with third-party service providers who assist us in operating our platform and conducting business, including:

  • Clerk: Authentication and identity management
  • Stripe: Payment processing and billing
  • Supabase: Database and data storage
  • Vercel: Hosting and infrastructure
  • Analytics providers, email delivery services, and customer support platforms

These providers are contractually obligated to use your information only as needed to provide services to us and are required to maintain the confidentiality and security of your data.

Other Platform Users

When you use BlastRFQ to exchange RFQs and quotes, your business contact information and RFQ/quote details are shared with the relevant parties on the platform (vendors or buyers) to facilitate transactions.

Legal Requirements

We may disclose information when required by law, court order, subpoena, or government request, or when we believe in good faith that disclosure is necessary to:

  • Comply with legal obligations
  • Protect our legal rights and interests
  • Enforce our Terms of Service
  • Prevent fraud, security threats, or physical harm
  • Protect the rights, safety, and property of others

Business Transfers

If BlastRFQ is involved in a merger, acquisition, bankruptcy, dissolution, reorganization, or similar transaction or proceeding, your information may be transferred as part of that transaction. We will provide notice before any such transfer and before any material change in how information is used.

Aggregated and De-Identified Data

We may share aggregated, anonymized data that cannot reasonably be used to identify you for research, marketing, analytics, and other purposes without restriction.

Data Retention

We retain your information for as long as necessary to provide services and fulfill the purposes outlined in this Privacy Policy. Retention periods vary by data type:

  • Account Information: Retained while your account is active and for a reasonable period afterward to comply with legal obligations
  • RFQ and Quote Data: Retained for the duration of the transaction and for 3 years afterward for regulatory and business purposes
  • Billing Records: Retained for 7 years to comply with tax and accounting regulations
  • Usage and Analytics Data: Retained for up to 13 months for analytics and improvement purposes
  • Communications: Retained for 1 year unless longer retention is required for legal purposes

You may request deletion of your data subject to legal retention requirements. Upon account deletion, we will remove your personal information within 30 days, except where retention is required by law. Historical transaction data may be retained in anonymized form.

Data Security

We take the security of your information seriously and implement appropriate technical, administrative, and physical safeguards to protect your data against unauthorized access, alteration, disclosure, and destruction:

  • HTTPS encryption for all data transmitted between your device and our servers
  • Encrypted storage of sensitive data at rest (passwords, payment information)
  • Secure authentication through Clerk with support for SSO and multi-factor authentication
  • Access controls limiting employee and contractor access to necessary data only
  • Regular security audits and penetration testing
  • Firewall protection and intrusion detection systems
  • Secure data center infrastructure operated by Supabase and Vercel
  • Incident response procedures to address potential security breaches

Despite our security measures, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security. If you believe your account has been compromised, please contact us immediately at nick@blastrfq.com.

Your Rights and Choices

You have the following rights regarding your information:

Access and Portability

You have the right to access your personal information and, in certain circumstances, receive a copy of your information in a portable format. You can access much of your information directly through your account settings.

Correction and Updates

You may correct, update, or modify your account information at any time through your account dashboard. If you need assistance, please contact our support team.

Deletion

You have the right to request deletion of your account and associated personal data, subject to legal retention requirements and ongoing transaction needs. Please note that certain transaction records must be retained for compliance purposes.

Marketing Communications

You may opt out of promotional emails and marketing communications at any time by clicking the "unsubscribe" link in our emails or updating your communication preferences in your account settings. Please note that even if you opt out of marketing communications, we will continue to send you service-related announcements and administrative messages.

Cookies and Tracking

You can control cookies through your browser settings. Most browsers allow you to refuse cookies or alert you when cookies are being sent. Note that blocking cookies may affect certain platform functionalities.

Regulatory Rights

Depending on your location, you may have additional rights under applicable privacy laws (such as GDPR, CCPA, or similar regulations). These rights may include the right to object to processing, restrict processing, and lodge complaints with regulatory authorities. Please contact us to exercise these rights.

To exercise any of these rights, please contact us at nick@blastrfq.com with your request. We will respond within 30 days or as required by applicable law.

Cookies and Tracking Technologies

We use cookies, web beacons, pixels, and similar tracking technologies to enhance your experience, understand usage patterns, and improve our services:

Types of Cookies

  • Essential Cookies: Required for platform functionality, authentication, and security
  • Performance Cookies: Collect information about how you use our services to improve performance and user experience
  • Preference Cookies: Remember your preferences and settings for future visits
  • Marketing Cookies: Track your activity for targeted advertising and marketing purposes

Third-Party Tracking

We may allow third-party service providers to place cookies on your device for analytics, advertising, and other purposes. You can learn more about and opt out of many third-party cookies at aboutads.info.

Cookie Management

Most browsers provide options to control cookies. You can typically refuse cookies or receive notification when a cookie is being sent. Consult your browser's help section for instructions. Please note that disabling certain cookies may impact the functionality of our platform.

Do Not Track

Some browsers include a "Do Not Track" feature. Our systems may not respond to Do Not Track signals, but you can control tracking through your browser settings and opt-out mechanisms described above.

International Data Transfers

BlastRFQ is based in the United States (Chicago, Illinois). Your information is collected, processed, stored, and transferred in the United States and may be transferred to, stored in, and processed in other countries where we or our service providers operate.

By using BlastRFQ, you consent to the transfer of your information to countries outside your country of residence, which may have different data protection laws. We take appropriate safeguards to protect your information, including:

  • Standard Contractual Clauses approved by relevant authorities
  • Adequacy decisions recognizing equivalent data protection
  • Your explicit consent to such transfers

If you are located in the European Economic Area (EEA) or other regions with data protection regulations, you may have additional rights. Please contact us to discuss international transfer mechanisms.

Children's Privacy

BlastRFQ is not directed to, and we do not knowingly collect information from, individuals under the age of 18. Our services are designed for use by business professionals and companies. If we learn that we have collected information from someone under 18 without proper consent, we will take appropriate steps to delete such information and notify the appropriate legal guardians.

Third-Party Links and Services

Our website and platform may contain links to third-party websites and services that are not operated by BlastRFQ. This Privacy Policy applies only to information we collect through our services. We are not responsible for the privacy practices of third-party websites and services. We encourage you to review the privacy policies of any third-party services before providing your information or using their platforms.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

  • Posting the updated Privacy Policy on our website with an updated "Last Updated" date
  • Sending you an email notification if the change is significant
  • Requesting your consent if required by applicable law

Your continued use of BlastRFQ after any changes indicates your acceptance of the updated Privacy Policy. We encourage you to review this policy regularly to stay informed about how we protect your information.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

BlastRFQ

CutStep AI LLC

Address

733 West 15th Street
Chicago, IL 60607
United States

We will respond to your inquiry within 30 days or as required by applicable law. If you are not satisfied with our response, you may have the right to lodge a complaint with your local data protection authority.

Additional Legal Provisions

California Consumer Privacy Act (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). These rights include the right to know what personal information is collected, the right to delete personal information, the right to opt-out of the sale of personal information, and the right to non-discrimination. Please contact us to exercise these rights.

European Economic Area (EEA) - GDPR

If you are located in the EEA, your personal data is protected under the General Data Protection Regulation (GDPR). Our legal basis for processing your information includes: performance of our contract with you, your consent, compliance with legal obligations, and our legitimate business interests. You have rights including access, correction, deletion, and the right to lodge complaints with your data protection authority.

United Kingdom - UK GDPR

If you are located in the United Kingdom, your personal data is protected under the UK GDPR. Similar rights and protections as described in the EEA section apply to you.