Product Use Cases Pricing Resources
Sign In Get Started Free

Privacy Policy

Last Updated: March 2026

1. Introduction

RFXapp ("we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our Service.

By using RFXapp, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, company name, password
  • Profile Settings: Default currency, language preferences
  • Project Data: Requirements documents, project details, budgets, deadlines
  • Supplier Information: Supplier names, email addresses, capabilities, notes
  • Communications: Emails sent and received through the Service
  • Payment Information: Processed by Stripe (we do not store full credit card details)

2.2 Automatically Collected Information

  • Usage Data: Pages visited, features used, time spent on the Service
  • Device Information: IP address, browser type, operating system
  • Log Data: API calls, error logs, performance metrics
  • Cookies: See Section 8 for details

2.3 Information from Third Parties

  • AI Processing: Content you submit is processed by Google Gemini AI
  • Email Delivery: Email metadata is processed by Postmark
  • Payment Processing: Payment information is processed by Stripe

3. How We Use Your Information

We use your information to:

  • Provide the Service: Create and manage your account, process projects, facilitate supplier communication
  • AI Features: Extract requirements, evaluate bids, generate email content, suggest suppliers
  • Improve the Service: Analyze usage patterns, fix bugs, develop new features
  • Communications: Send transactional emails, respond to support requests
  • Compliance: Comply with legal obligations, enforce our Terms of Service
  • Security: Detect and prevent fraud, unauthorized access, and abuse

We do NOT use your information to sell or rent your data, send unsolicited marketing emails, or train AI models on your proprietary data.

4. How We Share Your Information

4.1 Service Providers

We share information with third-party service providers who help us operate the Service:

  • Supabase: Database hosting, authentication, file storage
  • Google Gemini: AI processing for document extraction, bid evaluation, email generation
  • Postmark: Email sending and receiving
  • Stripe: Payment processing
  • Vercel: Frontend application hosting

These providers are contractually obligated to protect your data and use it only to provide services to us.

4.2 Legal Requirements

We may disclose your information if required by law, court order, or government request, or if we believe disclosure is necessary to comply with legal obligations, protect our rights, prevent fraud, or protect user safety.

5. Data Retention

  • Active Accounts: We retain your data for as long as your account is active
  • Deleted Accounts: We delete your data within 30 days of account deletion
  • Legal Requirements: We may retain certain data longer if required by law
  • Backups: Deleted data may persist in backups for up to 90 days

6. Your Rights

  • Access and Portability: You can access and export your data at any time through your account
  • Correction: You can update your account information and project data directly in the Service
  • Deletion: You can delete your account at any time through Account Settings; we will permanently delete all your data within 30 days
  • Objection: You can object to certain uses of your data (e.g., marketing emails)
  • Withdraw Consent: Where processing is based on consent, you can withdraw consent at any time
  • Complaint: You have the right to file a complaint with a data protection authority

7. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption: Data is encrypted in transit (TLS) and at rest
  • Access Controls: Role-based access, row-level security in the database
  • Authentication: Secure password hashing, optional two-factor authentication
  • Monitoring: Security logs, error tracking, intrusion detection

However, no system is completely secure. You use the Service at your own risk.

8. Cookies and Tracking

  • Essential Cookies: Required for authentication and basic functionality
  • Analytics Cookies: To understand how users interact with the Service (if implemented)

You can disable cookies in your browser settings. Disabling essential cookies may prevent you from using the Service.

9. AI Processing and Data Use

  • We use Google Gemini to process your documents, evaluate bids, and generate content
  • Your content is sent to Google's servers for processing
  • Google's AI does not use your data to train its models (per their Enterprise agreement)
  • AI-generated content may contain errors or inaccuracies — you are responsible for reviewing all AI output before use

10. Children's Privacy

The Service is not intended for children under 18. We do not knowingly collect information from children. If you believe we have collected information from a child, contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. Continued use after changes constitutes acceptance.

12. Contact Us

  • Email: privacy@rfxapp.com
  • Support: support@rfxapp.com

Third-Party Privacy Policies

By using RFXapp, you acknowledge that you have read and understood this Privacy Policy.