Privacy Policy

1. Our Role

Blaise App LLC (“Blaise,” “Company,” “we,” “us,” or “our”) operates a marketing attribution and analytics technology platform (the “Platform”) that connects Creators, Businesses, and Customers through verified QR-based commerce. This Privacy Policy describes how we collect, use, share, and protect your personal information when you use the Platform.

Blaise is a data controller with respect to personal information collected through the Platform. Businesses that access structured analytics through the Platform act as independent controllers with respect to any data they access and are independently responsible for complying with all applicable privacy laws in connection with their use of that data.

2. Information We Collect

2.1 All Users

All users must create an account to access the Platform. During registration and use of the Platform, we collect the following information from all users:

• First and last name
• Email address
• Phone number
• Full mailing address
• Date of birth (for age verification)
• Username
• Encrypted password
• Device and usage information (IP address, browser type, operating system, session duration, pages visited)

Users must be 18 years of age or older to create an account. Your full date of birth is collected solely for age verification and is converted into five-year age ranges for analytics and reporting purposes: 18–23, 24–29, 30–35, 36–41, 42–47, 48–53, 54–59, and 60+. Your full date of birth is not shared with Businesses or other users.

Your full mailing address is converted into ZIP code for analytics and reporting purposes. Your full mailing address is not shared with Businesses or other users.

2.2 Creators

In addition to the information collected from all users, we collect the following information from Creators:

• Social media handles and follower counts
• Niche categories and experience level
• Profile photo and bio
• Portfolio samples submitted with campaign applications
• Location (city and state)
• Campaign application data, including pitches and proposals
• Commission and payout history
• Creator Tier scores and ranking data
• Referral activity
• Tax information (W-9 data — see Section 17)
• Performance metrics (redemption counts, conversion rates, campaign results)

2.3 Businesses

In addition to the information collected from all users, we collect the following information from Businesses:

• Business legal name and DBA (doing business as)
• Business address and location(s)
• EIN or Tax Identification Number
• Point of contact information
• POS (point-of-sale) integration data
• Campaign and offer details
• Transaction data
• Subscription and billing data
• Analytics tier selection
• Staff and employee accounts and access levels

2.4 Customers

In addition to the information collected from all users, we collect the following information from Customers:

• QR code redemption history
• Transaction amounts and dates
• Wallet balance and reward data
• Referral relationships

Blaise does not knowingly collect personal information from children under 18. See Section 15 for more information.

2.5 Information We Do Not Collect

Blaise does not collect biometric information (fingerprints, facial geometry, voiceprints, retinal scans, or other biometric identifiers) from any user. Blaise does not use facial recognition technology or any biometric identification or classification systems. This disclosure is made in compliance with the Illinois Biometric Information Privacy Act (BIPA), 740 ILCS 14, and similar state biometric privacy laws.

3. How We Use Your Information

We use the personal information we collect for the following purposes:

1. To create, maintain, and secure your account
2. To verify your identity and age eligibility
3. To facilitate connections between Creators, Businesses, and Customers
4. To process QR code redemptions and attribute transactions
5. To calculate and process Creator commissions and payouts
6. To provide structured analytics to Businesses based on their tier level
7. To calculate and update Creator Tier scores and rankings
8. To administer the Referral Program and track referral relationships
9. To detect, prevent, and investigate fraud, abuse, and policy violations
10. To comply with legal obligations, including tax reporting (1099-NEC)
11. To communicate with you about your account, campaigns, offers, and Platform updates
12. To provide customer support and respond to inquiries
13. To improve and optimize Platform features and performance
14. To send marketing communications about new features, campaigns, or promotions

You may opt out of marketing communications at any time by using the unsubscribe link in any marketing email or by contacting us at support@joinblaise.com. Opting out of marketing communications does not affect transactional or account-related communications.

4. Transaction and Attribution Data

When a Customer redeems a QR code at a Business location, we collect the following data to facilitate attribution and analytics:

• Redemption timestamp
• Business location
• Offer details and discount applied
• Transaction amount
• Creator attribution (which Creator's QR code was redeemed)
• Customer identifier
• Device information at time of redemption
• Referral source (if applicable)

Blaise does not collect or store full credit card numbers, CVVs, or raw payment card data. Payment processing is handled by our third-party payment processor (see Section 6.1).

All attribution determinations are made exclusively by Blaise's internal systems. Platform records are authoritative and final for purposes of attribution credit, commission eligibility, and reporting metrics.

5. Data Sharing and Analytics

Participation in the Blaise Platform involves structured analytics sharing with Businesses. This section describes what data is shared, how it is shared, and what restrictions apply.

5.1 What Data Is Shared

Businesses may access the following categories of data through the Platform's structured analytics features:

• Age range (five-year increments, not full date of birth)
• ZIP code (not full mailing address)
• Sex (if voluntarily provided by the user)
• Creator referral attribution
• QR redemption history and patterns
• Product and service purchase categories
• Aggregated campaign performance metrics

5.2 Tier-Based Access

The level of analytics data available to Businesses depends on their subscription tier:

• Free Tier: Basic campaign metrics, redemption counts, and aggregated performance data.
• Premium Tier: Enhanced analytics including demographic breakdowns, geographic distribution, trend analysis, and Creator performance comparisons.
• Enterprise Tier: Full analytics suite including custom reporting, cross-campaign analysis, customer retention metrics, and advanced demographic insights.

5.3 Data We Do Not Share

Blaise does not share the following with Businesses or other users:

• Full names of Customers
• Email addresses
• Phone numbers
• Full mailing addresses
• Full dates of birth

5.4 Business Restrictions

Businesses that access analytics data through the Platform are contractually prohibited from:

• Attempting to re-identify individual users from anonymized or aggregated data
• Combining Platform data with external data sources to identify users
• Contacting users outside the Platform using data obtained through Platform analytics
• Reselling, sublicensing, or redistributing analytics data
• Using analytics data for regulated decision-making (employment, credit, insurance, housing)
• Using analytics data to train artificial intelligence or machine learning models without prior written consent from Blaise

5.5 Analytics Data Is Licensed

Structured analytics data is licensed to Businesses, not sold. Blaise retains all rights to the underlying data and analytics systems. Access to analytics data may be suspended or terminated in accordance with the Terms of Service.

6. Third-Party Service Providers

Blaise works with third-party service providers who process data on our behalf. These providers are contractually obligated to use your data only for the purposes we specify and to implement appropriate security measures.

6.1 Payment Processing

Payments are processed via Stripe, Inc. (“Stripe”). Stripe collects bank account information, tax information, and payment details directly. Blaise does not store full bank account numbers, Social Security Numbers, or raw payment card data. Stripe's privacy policy governs its collection and use of your payment information.

6.2 Artificial Intelligence and Machine Learning

Blaise may use AI and machine learning systems, including services provided by OpenAI and other providers, for the following purposes:

• Campaign description drafting and optimization
• Pitch generation assistance for Creators
• Fraud detection and anomaly identification
• Performance insights and recommendations
• Content moderation
• Customer support assistance

We do not intentionally transmit personal identifiers (names, email addresses, phone numbers) to AI providers. However, user-submitted free-text content (such as campaign descriptions, pitches, or messages) may contain personal information that is processed by AI systems.

AI Model Training Opt-Out: Blaise does not use your personal information to train third-party AI models. If Blaise develops proprietary AI models in the future, you will be given the opportunity to opt out of having your data used for model training before any such use occurs.

AI-generated fraud flags and content moderation decisions are subject to human review before any adverse action is taken against your account.

6.3 AI-Assisted Communications

The Platform offers AI-assisted features such as “Generate Pitch” for Creators and campaign description optimization for Businesses. Content generated by these features is clearly indicated as AI-assisted. Users are responsible for reviewing and personalizing AI-generated content before submission.

6.4 Email Service Providers

Blaise uses third-party email service providers to send transactional emails (account verification, password resets, payout notifications) and marketing communications. Your email address is shared with these providers solely for the purpose of delivering communications on our behalf.

6.5 POS Integration Providers

When a Business connects its point-of-sale system to the Platform, transaction data may be shared between Blaise and the POS provider (such as Square, Shopify, or Clover) to facilitate QR code redemption verification and attribution. Only the data necessary to process and verify the transaction is shared.

7. Cookies and Tracking Technologies

Blaise uses cookies and similar tracking technologies to operate, secure, and improve the Platform. We use the following categories of cookies:

• Essential Cookies: Required for the Platform to function, including authentication, security, and session management. These cookies cannot be disabled.
• Functional Cookies: Enable enhanced functionality such as remembering your preferences, language settings, and display options.
• Analytics Cookies: Help us understand how users interact with the Platform, which pages are visited most frequently, and how to improve the user experience.

Blaise does not currently respond to Do Not Track (DNT) browser signals, as there is no uniform industry standard for DNT compliance. However, Blaise does honor Global Privacy Control (GPC) signals. If your browser sends a GPC signal, Blaise will treat your visit as an opt-out of the sale or sharing of personal information for that browser session.

For more information about our use of cookies, please see our Cookie Policy.

8. Messaging Data

8.1 In-App Messaging

The Platform provides in-app messaging functionality for communication between users in connection with Campaigns, Offers, Partnerships, and Ambassadorships. All Platform messages are encrypted in transit and at rest.

Retention: Active messages are retained for twenty-four (24) months. After the active retention period, messages are moved to archived backup storage and retained for an additional twelve (12) months. Messages may be retained longer if required by law or in connection with an active investigation or legal proceeding.

Blaise reserves the right to access and review message content for the limited purposes of fraud review, dispute resolution, safety investigations, and legal compliance. Access to message content is restricted to authorized personnel on a need-to-know basis.

8.2 SMS Communications

Blaise may send SMS messages for account verification (OTP), security alerts, and transactional notifications. You may opt out of non-essential SMS communications at any time by replying STOP to any SMS message from Blaise. Opting out of SMS does not affect security-related messages such as OTP verification codes.

9. Data Retention

We retain personal information for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods are as follows:

• Account data: Retained for the duration of your account plus ninety (90) days after account deletion or termination.
• Tax and 1099 data: Retained for seven (7) years in compliance with IRS requirements.
• Transaction data: Retained for three (3) years for commission reconciliation, dispute resolution, and audit purposes.
• Messaging data: Retained in accordance with Section 8.1 (24 months active, 12 months archived).
• Audit logs: Retained for three (3) years for security, compliance, and fraud investigation purposes.
• De-identified data: Data that has been de-identified such that it cannot reasonably be linked back to an individual may be retained indefinitely for analytics, research, and Platform improvement purposes.

10. Data Security

Blaise implements administrative, technical, and physical safeguards designed to protect your personal information from unauthorized access, use, alteration, and destruction. Our security measures include:

• Encryption in transit: All data transmitted between your device and the Platform is encrypted using TLS (Transport Layer Security).
• Encryption at rest: Sensitive personal information, including tax data and messaging content, is encrypted using AES-256 encryption.
• Role-based access controls: Access to personal information is restricted to authorized personnel based on their role and need-to-know.
• Two-factor authentication: Required for sensitive account actions including adding or modifying payout methods and accessing tax documentation.
• Regular security assessments: We conduct periodic reviews of our security practices and infrastructure.
• Incident response procedures: We maintain documented procedures for detecting, responding to, and recovering from security incidents.

No method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security. If you believe your account has been compromised, please contact us immediately at security@joinblaise.com.

11. Data Breach Response

In the event of a data security incident involving your personal information, Blaise will:

1. Investigate and contain the incident promptly upon discovery.
2. Assess the scope of the breach, including what categories of personal information were affected and how many individuals were impacted.
3. Notify affected individuals in accordance with applicable federal and state breach notification laws, including the New York SHIELD Act (N.Y. Gen. Bus. Law §899-aa) and other applicable state laws.
4. Notify regulatory authorities as required by law, including state attorneys general where applicable.
5. Implement remedial measures to prevent recurrence, including security patches, access revocation, enhanced monitoring, and process improvements.

12. Your Privacy Rights

12.1 Your Rights

Depending on your state of residence, you may have the following rights with respect to your personal information:

• Right to Access: You may request a copy of the personal information we have collected about you.
• Right to Correct: You may request that we correct inaccurate personal information.
• Right to Delete: You may request that we delete your personal information, subject to certain exceptions (such as data required for legal compliance or active dispute resolution).
• Right to Restrict Processing: You may request that we limit the processing of your personal information in certain circumstances.
• Right to Data Portability: You may request a portable copy of your personal information in a commonly used, machine-readable format.
• Right to Opt Out of Sale or Sharing: Under the California Consumer Privacy Act (CCPA), you may opt out of the “sale” or “sharing” of your personal information. See Section 13 for details.
• Right to Non-Discrimination: Blaise will not discriminate against you for exercising any of your privacy rights.

12.2 How to Exercise Your Rights

To exercise any of the rights described above, contact us at legal@joinblaise.com. We will verify your identity before processing your request. Under the CCPA, we will respond to verified requests within forty-five (45) calendar days of receipt. We may extend this period by an additional forty-five (45) days if reasonably necessary, with notice to you.

You may designate an authorized agent to submit a privacy request on your behalf. If you use an authorized agent, we may require signed written permission from you and verification of your identity directly with Blaise.

The arbitration provisions in our Terms of Service do not prevent you from exercising your statutory privacy rights under applicable law, including the CCPA and other state privacy statutes.

13. Do Not Sell or Share My Personal Information

Under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA”), California residents have the right to opt out of the “sale” or “sharing” of their personal information. Blaise does not sell personal information for monetary consideration. However, certain data sharing described in Section 5 may constitute “sharing” under the CCPA's broad definition.

You may opt out of the sale or sharing of your personal information by:

• Visiting our Do Not Sell or Share My Personal Information page
• Sending an email to legal@joinblaise.com with the subject line “Do Not Sell or Share My Personal Information”

Blaise honors Global Privacy Control (GPC) signals. If your browser sends a GPC signal, we will automatically treat your visit as an opt-out of the sale or sharing of personal information for that browser session. For more information, see our Do Not Sell or Share page.

14. California-Specific Disclosures

This section provides additional disclosures required under the California Consumer Privacy Act (CCPA) for California residents.

14.1 Categories of Personal Information Collected

In the preceding twelve (12) months, Blaise has collected the following categories of personal information as defined by the CCPA:

• Identifiers (name, email, phone, address, username, IP address)
• Personal information under Cal. Civ. Code §1798.80(e) (name, address, telephone number)
• Protected classification characteristics (age range, sex if voluntarily provided)
• Commercial information (transaction records, purchase history, campaign data)
• Internet or electronic network activity (browsing history, session data, device information)
• Geolocation data (ZIP code derived from mailing address)
• Professional or employment-related information (business role, company information for Business users)
• Inferences (Creator Tier scores, fraud risk scores, audience demographics)
• Sensitive personal information (tax identification numbers for Creators and Businesses, processed exclusively for tax compliance)

14.2 Sources of Collection

We collect personal information directly from you (account registration, profile updates, campaign applications, messages), automatically through your use of the Platform (device data, usage analytics, cookies), and from third-party service providers (payment processors, POS integrations).

14.3 Business Purpose for Collection

We collect personal information for the business purposes described in Section 3 of this Privacy Policy, including providing and improving our services, processing transactions, facilitating analytics, detecting fraud, and complying with legal obligations.

14.4 Retention

We retain personal information for the periods described in Section 9 of this Privacy Policy. For a detailed description of your California privacy rights and a full notice at collection, please see our California Notice at Collection.

15. Children

15.1 Age Requirement

The Platform is restricted to individuals who are at least eighteen (18) years of age. Blaise does not knowingly collect personal information from individuals under 18. If we become aware that we have collected personal information from a person under 18, we will promptly delete that information and terminate the associated account.

15.3 Minors in Creator Content

Creators may produce content that features or depicts minors (individuals under 18). Creators are solely responsible for ensuring that any content featuring minors complies with all applicable child influencer and child content creator laws, including obtaining all necessary parental or guardian consents. See the Community Guidelines Section 3.3 and the Terms of Service for additional requirements.

If you are a parent or guardian and believe that a Creator has posted content featuring your child without your consent, you may request removal by contacting us at legal@joinblaise.com. Blaise will review and process removal requests promptly.

16. Referral Program Data

If you participate in the Blaise Referral Program, we collect and process the following data:

• Your unique referral code and link
• The identity of users who register using your referral code
• Referral milestone achievements and bonus eligibility
• Referral reward status and payout history

Referral data is used to attribute new user registrations, calculate referral bonuses, and detect referral abuse (such as self-referrals or duplicate account creation). For details on the Referral Program, see the Terms of Service.

17. Creator Tax Information

Creators who earn commissions through the Platform may be required to provide tax information, including W-9 data (legal name, address, taxpayer identification number). This information is collected and used solely for tax compliance purposes, including the issuance of IRS Form 1099-NEC for Creators who earn $600 or more in a calendar year.

Tax information is encrypted using AES-256 encryption at rest and is accessible only to authorized personnel responsible for tax compliance. Blaise does not store full Social Security Numbers in plaintext. Tax records are retained for seven (7) years in compliance with IRS requirements.

18. Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of Blaise's assets, your personal information may be transferred to the acquiring entity. In such an event:

• We will notify you before your personal information is transferred and becomes subject to a different privacy policy.
• The acquiring entity will be bound by the commitments made in this Privacy Policy with respect to your personal information, unless you consent to new terms.
• You will have the opportunity to delete your account and data before the transfer takes effect, to the extent permitted by law.

19. International Use

The Blaise Platform is intended for use within the United States only. Blaise does not knowingly collect personal information from individuals outside the United States. If you access the Platform from outside the United States, you do so at your own risk and are responsible for compliance with applicable local laws.

20. Changes to This Policy

Blaise may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. Material changes will be communicated through the Platform and, where appropriate, by email prior to the changes taking effect.

Continued use of the Platform after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically. The “Last updated” date at the top of this page indicates when this Privacy Policy was most recently revised.

21. Complaints and Dispute Resolution

If you have a complaint about how Blaise handles your personal information, please contact us at legal@joinblaise.com. We will investigate your complaint and respond within thirty (30) calendar days.

If you are not satisfied with our response, you may escalate your complaint to our Privacy Officer by sending a written request to the address listed in Section 22. The Privacy Officer will review your complaint and provide a final response.

You also have the right to file a complaint with your state Attorney General or other applicable regulatory authority.

22. Contact

If you have questions about this Privacy Policy or Blaise's data practices, please contact us: