We use privacy-first analytics. Essential audience metrics run by default, marketing attribution only with explicit consent. Privacy Policy

Blast Audit
Book a Demo

Legal

Privacy Policy

How we collect, process, and protect your data.

Last updated: February 27, 2026

Blast Audit Privacy Policy

Last updated: February 27, 2026

At Next BP, we place great importance on protecting your privacy. This Privacy Policy explains how we collect, use and share information when you use our Excel add-in, Blast Audit (the "Software").

1. Information We Collect

We may collect the following types of information:

  • Subscription Information
    When you subscribe to the Software, we collect your name, email address and certain information needed to process your payment, which is handled by our third‑party payment provider Stripe. We do not store your full credit card information; it is processed directly by Stripe in accordance with their own terms and privacy policy.

  • Usage Data
    We collect information about how you use the Software (features used, frequency, session duration, technical settings, etc.) as well as processing metadata (for example: number of documents/pages processed, processing time) in order to:

    • ensure billing and track your subscription,
    • improve the Software and monitor its performance,
    • prevent abuse and ensure the security of our services.
      Where possible, this data is aggregated or anonymized.

    For our website and add-in surfaces, we also run a self-hosted traffic analytics pipeline. In default audience mode, analytics are limited to aggregate audience metrics (for example: page path, referrer host, country/region/city approximation, browser/OS/device family) and do not include persistent cross-site identifiers. If marketing consent is explicitly granted, we may additionally process campaign/referrer detail and pseudonymous visitor identifiers for attribution reporting.

  • Documents and Extracted Data
    To provide certain key features of the Software, particularly OCR (Optical Character Recognition) and certain automated analysis features:

    • you may need to select areas of documents locally on your computer ("snipping");
    • images or data extracted via snipping, or full documents that you submit for analysis, are securely transmitted to our servers to be processed;
    • our processing infrastructure is operated on Microsoft Azure (including production hosting in the European Economic Area);
    • OCR and AI-related operations may be executed using Microsoft Azure AI services (including Azure AI Foundry, Azure OpenAI and Azure AI Document Intelligence), acting on our behalf.

    Ephemeral Processing
    The content of your documents is processed on our servers only for as long as necessary to perform the requested task (OCR, matching, analysis, etc.). We do not permanently store the content of your documents after processing is completed. Data is received, processed and the result is returned to you. We do not keep a copy of the document content after the operation, except where temporarily required for technical reasons (caching, operational logging), which are handled securely and regularly purged.

  • Feedback
    If you choose to provide feedback, suggestions or problem reports, we collect the information you send to us (message content, email address, etc.).

2. How We Use Information

We use the information we collect for the following purposes:

  • to provide, maintain and improve the Software’s features, including processing of submitted documents;
  • to manage your account, process your subscription payments via Stripe, and track your subscription;
  • to perform requested document processing (OCR, matching, analysis) on our secure Microsoft Azure infrastructure and Azure AI services (including Azure AI Foundry) where applicable;
  • to provide technical support and respond to your requests;
  • to analyze usage data and processing metadata in order to improve performance, reliability and features of the Software;
  • to send you important information about the Software (updates, maintenance, changes);
  • to ensure the security of our services and detect and prevent fraud or abuse;
  • to comply with our legal and regulatory obligations.

3. Information Sharing

We do not sell your personal information. We may share certain information with third parties only in the following cases:

  • Service Providers
    We rely on third‑party companies to help us provide our services, in particular:

    • Payment Processing
      We use Stripe to securely process your subscription payments. When you make a payment, your information is transmitted directly to Stripe, and its use is governed by Stripe’s own Terms of Use and Privacy Policy. We encourage you to review them.

    • Hosting, OCR and AI Infrastructure
      We use Microsoft Azure and related Azure AI services (including Azure AI Foundry, Azure OpenAI and Azure AI Document Intelligence) to host and operate core backend processing, including OCR and AI-enabled features.

    • Authentication and Identity Management
      We use WorkOS for authentication and organization/identity workflows.

    • Product Analytics
      We use PostHog to process usage events and improve product performance and reliability.

    • Application Monitoring
      We use Sentry to monitor errors and diagnose incidents.

    • Customer Messaging and Support
      We use Intercom to provide in-product messaging and support interactions.

    • AI-assisted Web Research (when enabled)
      We use Exa for web search and external content retrieval used by AI-assisted research features.

    • Depending on configuration, additional providers may assist us with specific operations. We only grant access to information strictly necessary for the relevant task and require appropriate contractual safeguards.

  • Legal Compliance and Security
    We may disclose information (including processing metadata or, in exceptional and legally required cases, temporarily held content) if we believe in good faith that such disclosure is necessary to:

    • comply with any law, regulation, legal process, or enforceable governmental request;
    • protect our rights, property or safety, or those of our users or the public;
    • detect, prevent and address fraud, security or technical issues.

4. Data Transfers and Location of Processing

When you use the Software for functions requiring server‑side processing (such as OCR or certain automated analysis features), the relevant data (snipped images, submitted documents and related metadata) may be transferred to and processed on infrastructure operated for NEXT BP on Microsoft Azure, primarily within the European Economic Area (including France Central), as well as by the Sub‑processors listed in this Policy when necessary to provide the service.

We take steps to ensure that such transfers and processing are secure and comply with applicable regulations (in particular the GDPR). Where data is transferred outside the EEA, we rely on appropriate safeguards (such as Standard Contractual Clauses or other valid transfer mechanisms).

5. Data Security

We implement appropriate technical (e.g. TLS encryption for data transfers) and organizational measures to protect your information, whether in transit or on our servers. These measures are designed to protect against unauthorized access, disclosure, alteration or destruction.

We commit to processing the content of your documents only on an ephemeral basis for the task requested. However, no method of transmission or storage is completely secure. You are also responsible for the security of your own IT environment (workstation, network, passwords, etc.).

6. Your Rights

In accordance with applicable law (in particular the GDPR), you have certain rights regarding the personal information we hold about you (account, subscription and usage log data). These rights may include:

  • right of access;
  • right to rectification;
  • right to erasure;
  • right to restriction of processing;
  • right to object;
  • right to data portability.

With respect to the content of processed documents, since we do not store it after processing, these rights apply primarily to other categories of data (account, subscription, usage logs, etc.).

To exercise your rights, please contact us at the address given in Section 9.

7. Data Retention

We retain your personal information (account, subscription, usage logs) for as long as necessary to:

  • provide the Software;
  • fulfill our contractual and legal obligations (billing, accounting, etc.);
  • resolve disputes and enforce our policies.

As stated above, the content of documents submitted for OCR/analysis is not retained on our servers after the requested task has been completed. Operational logs containing metadata may be retained for a limited time for security and troubleshooting purposes.

Traffic analytics events are retained for up to 25 months and analytics identifiers for up to 13 months, after which scheduled purge jobs remove expired records.

8. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. In the event of any material change, we will inform you through the Software, by email, or by publishing the updated version on our website, indicating the new effective date.

Your continued use of the Software after the effective date of the updated Policy constitutes your acceptance of it.

9. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, or if you wish to exercise your rights, please contact us at: