Privacy Policy
How we collect, use, share, and protect personal information — and the rights you have over your data.
Who we are
SpendRFX ("SpendRFX", "we", "us") provides procurement and supplier-risk intelligence software and related tools at spendrfx.com. SpendRFX is the controller of the personal information described in this policy. Questions or requests: mike@spendrfx.com.
Information we collect
- Information you give us. When you request a demo, submit an intake form, run the free Carrier Risk Check, or contact us, we collect the details you provide — typically your name, work email, company, role, annual revenue, and the procurement problem you describe.
- Account & usage data. If you hold an account, we store your login credentials (passwords are hashed, never stored in plaintext) and a session authentication cookie. We log basic technical data (IP address, browser type, pages requested) to operate and secure the service.
- Content you submit to the platform. Documents, supplier names, rate cards, and queries you upload or enter so the platform can analyze them.
- Billing data. If you purchase a paid plan, our payment processor (Stripe) collects and processes your payment details. We do not store full card numbers on our servers.
Our supplier-risk analyses also draw on public, authoritative records (e.g., FMCSA, federal regulatory and enforcement databases). That information concerns businesses and public filings, not visitors to this site.
How we use information
- To provide, operate, and improve the service and respond to your requests.
- To analyze the suppliers, documents, and questions you submit and return results.
- To send transactional and follow-up communications (e.g., your Carrier Check result, demo scheduling, account notices).
- To process payments and manage subscriptions.
- To secure the service, prevent abuse, and comply with legal obligations.
Legal bases (GDPR): performance of a contract, our legitimate interests in operating and securing the service, your consent where required, and compliance with legal obligations.
How we share information
We do not sell your personal information. We share it only with:
- Service providers (subprocessors) that operate the platform on our
behalf, under contract and limited to the purposes above:
- Anthropic — AI processing of documents and queries you submit
- Stripe — payment processing
- Google / Gmail — transactional and follow-up email delivery
- Render — application hosting and infrastructure
- Sentry — error monitoring (where enabled)
- Legal and safety — when required by law, to enforce our terms, or to protect rights, property, and safety.
- Business transfers — in connection with a merger, acquisition, or sale of assets, with notice where required.
Data retention
We keep personal information for as long as needed to provide the service and for legitimate business or legal purposes, then delete or anonymize it. You can ask us to delete your data at any time (see "Your rights").
Your rights
Depending on where you live, you may have the right to access, correct, delete, port, or restrict processing of your personal information, to object to certain processing, and to withdraw consent.
- EEA/UK (GDPR): the rights above, and the right to lodge a complaint with your supervisory authority.
- California (CCPA/CPRA): the right to know, delete, and correct your personal information, and to opt out of "sale" or "sharing" — we do not sell or share personal information as those terms are defined. We will not discriminate against you for exercising these rights.
To exercise any right, email mike@spendrfx.com. We will verify your request and respond within the timeframe required by applicable law.
Cookies
We use strictly necessary cookies to keep you logged in and to secure the service. We do not use advertising cookies. You can block cookies in your browser, but the authenticated parts of the service may not function.
Security
We protect data with industry-standard measures, including encryption in transit, hashed passwords, and access controls. No system is perfectly secure, but we work to protect your information and to notify you of material incidents as required by law.
International transfers
We and our subprocessors may process information in the United States and other countries. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) for cross-border transfers.
Children
The service is for business use and is not directed to children under 16. We do not knowingly collect personal information from children.
Changes to this policy
We may update this policy from time to time. We will post the revised version here and update the effective date above. Material changes will be communicated where required.
Contact
SpendRFX · mike@spendrfx.com