Service Privacy & Security Policy

Last Modified: December 15, 2021

This Service Privacy Policy (“Service Privacy Policy”) governs your use of the services and of our website fraud.net and its subdomains (the “Website”) as provided by Fraud.net Inc., a Delaware corporation, and its affiliates, successors, and/or assigns (“Fraud.net” or “we”). Fraud.net provides online businesses (our “Customers” or “you”) with services that help Customers detect and address fraud and other malicious behavior on their digital properties. In doing so, we collect and analyze information about how Internet users (“Customers’ Consumers” or “Users”) interact with our Customers’ digital properties such as websites and mobile applications (their “Customer Sites”). Any content, functionality, and services offered on or through our cloud-based, machine-learning platform or Website that is used to analyze, predict or prevent fraudulent activity as well as any of Fraud.net’s other products, services, or terms that may be incorporated herein through separate Purchase Order(s) executed by you and Fraud.net (“Purchase Order”), are referred to collectively as the “Fraud.net Services.” The Fraud.net Services identify patterns, using custom and global models that leverage both the specific Customers’ data and data provided by all other Customers enabling Customers to streamline the review their Users’ activities and prevent misuse of their assets and services. This Service Privacy Policy should be read in conjunction with the Terms of Service, Website Privacy Policy, and, if applicable, the Purchase Order.

This Service Privacy Policy describes the types of information that we may collect from you or that you may choose to provide when you use our Fraud.net Services and our practices for collecting, using, maintaining, protecting and disclosing that information.

Note that this Service Privacy Policy does not describe our collection and use of information when visitors access our public website, fraud.net and its subdomains. Please see our Website Privacy Policy

Member Information and How We Use It

Information Customers send us about themselves (“Customer Information”)

We collect information about each Customer when they register for the Fraud.net Services such as company name, URL, address, industry, company size, fraud related information, and payment information. If the Customer pays by credit card, our processor collects that information (we do not store full credit card information). We also collect personal information of those individuals that represent the Customer in connection with the use of the Fraud.net Services such as name, job title, email address and phone number.

We use Member Information you provide to:

  • provide Customers with the Fraud.net Services and for billing and collections;
  • create internal analysis and business analytics to improve the Fraud.net Services;
  • notify Customers regarding technical alerts, updates, security notifications and administrative communications
  • send Customers marketing information, including product updates, industry news and reports, if it is in accordance with their newsletter and marketing preferences, and any other purpose about which we notify Customers.

At any time you may ask us to stop sending newsletters or marketing communications to you by clicking the “unsubscribe” link in an email that we send you. If you have any questions, on how to unsubscribe, contact us at support@fraud.net.

Service Data and How We Use It

Customers may submit data through our application programming interface or through the API, including personal information and transaction data with respect to Customers’ Consumers. Such data includes but is not limited to email addresses, billing and shipping addresses, usernames, telephone numbers, payment information (does not include full credit card information), User behavior, transaction information and transaction history (collectively, “Customer Data”).

Fraud.net generates analysis and results using the Customer Data, whether alone or in combination with other sources, and creates risk profiles for Users, risk assessments, a risk score and a substantiation of that score, and aggregated insights and analytics reports based on the Customer Data that are created through Fraud.net’s proprietary modeling and analysis (“Analytical Results”). Customers own their Customer Data, but Fraud.net owns the Fraud.net Services and Analytical Results. Each Customer decides the types and format of the Customer Data they wish to submit for analysis using the Fraud.net Services.

Customers may also place JavaScript code issued by Fraud.net onto their Customer Sites in order to enable us to collect unique device identifiers, including device metadata, from Users automatically. We collect and analyze this information to identify unique properties of the device being used, how the Users interact with the Customer Sites, and IP locations for use in the creation of the Analytical Results.

Similarly, in connection with mobile applications, Customers may integrate Fraud.net-provided software development kits (“SDKs”) to help prevent fraud that may occur through their applications. The SDKs provide Fraud.net more precise information about the Users’ locations such as GPS (if the location settings allow it) and IP address. Additionally, the SDKs collect phone-related metadata (including battery level, device properties, carrier name, motion and proximity information) and unique device identifiers.

From time to time, we may alter our device fingerprinting technology, SDKs, and APIs to improve their effectiveness.

Disclosure of Your Information to Third Parties and Liabilities

Vendors, consultants, and other service providers: We may share Customer Information and Customer Data with third party vendors, consultants, and other service providers who are working on our behalf and with whom the sharing of such information is necessary to undertake that work, e.g., to process billing or to provide customer support.

Data enrichment: We may share minimal User information (e.g., email addresses) with select third-party vendors for data enrichment purposes. Enriching data allows us to provide a richer subset of data from which to make more informed fraud risk assessments. For example, we share select user email addresses with third parties to obtain links to publicly available social profiles.

Vital interests and legal rights: We may disclose information about you if we believe it necessary to protect the vital interests or legal rights of Fraud.net, our Customers, or the rights or property of others.

Corporate Affiliates and Transactions: We may provide Customer Information and Customer Data to our affiliates, including any subsidiary, parent company or company under common control with Fraud.net (collectively, “Affiliates”). Affiliates will use Customer Information and Customer Data only as described in this Service Privacy Policy. Additionally, if Fraud.net is involved in a merger, acquisition or sale of all or a portion of its assets, Customer Information and Customer Data may be shared or transferred as part of that transaction.

Fraud.net does not (i) share User information with third party marketers or advertisers; (ii) contact Customers’ Consumers; or (iii) identify individual Customers to other Customers as the source of Customer Data for any Analytical Results.

Service Providers: We may use a 3rd party service provider to provide us with additional compute services and have defined terms and conditions with them in meeting our security principles and standards; and share liabilities should in case underlying principles and expectations are violated by either party.

Data Controllers: Furthermore, in our 3rd party due diligence process, we never share data directly to 3rd party data processors unless there exists a mutual contract between the ‘data controller’ and the 3rd party ‘data processor’. This limits our direct liability should in case data protection principles were not adhered by 3rd party data processor on behalf of the ‘data controller’.

Compliance with laws: We may disclose Customer Information and Customer Data to a third party where we are legally required to do so in order to comply with any applicable laws, regulations, legal process, or law enforcement or government requests.

Your Rights, Limiting Use and Disclosure as a Data Subject

By law, especially in EU regions, you can ask us what information we hold about you, and you can ask us to correct it if it is inaccurate. If we have asked for your consent to process your personal data, you may withdraw that consent at any time.

If we are processing your personal data for reasons of consent or to fulfill a contract, you can ask us to give you a copy of the information in a machine-readable format so that you can transfer it to another provider.

If we are processing your personal data for reasons of consent or legitimate interest, you can request that your data be erased.

You have the right to ask us to stop using your information for a period of time if you believe we are not doing so lawfully.

Finally, in some circumstances, you can ask us not to reach decisions affecting you using automated processing or profiling.

To submit a request regarding your personal data by email, post or telephone, please use the contact information provided below in the Accessing and Correcting Your Information section of this policy.

Your Right to Complain

If you have a complaint about our use of your information, we would prefer you to contact us directly in the first instance so that we can address your complaint. However, you can also contact the Information Commissioner’s Office via their website at www.ico.org.uk/concerns or write to them at:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Accessing and Correcting Your Information

If you want Fraud.net to correct Your Information that is stored on Fraud.net systems, please submit your request in writing to:

Fraud.net Inc.
Attn: Legal Department
330 7th Avenue
New York, NY 10001

Subject to our ability to verify your request, Fraud.net will correct the Information within thirty (30) days of receipt of your request.

Information Security

Fraud.net is committed to privacy and security. Customers may contact us for additional information regarding our security measures. Examples of Fraud.net’s security measures include physical, electronic, and procedural safeguards; sophisticated security monitoring tools; documented security policies; use of strong encryption for transmissions to and from Fraud.net Customers; restricting access to personally identifiable information; and periodic security reviews by third party security experts.

Following termination or deactivation of an account, we may retain personal information and content for backup, archival, audit, disaster recovery, or otherwise in accordance with the Terms of Service and applicable law.

International Data Transfer

Information collected via the Fraud.net Services is transferred to and hosted on our servers in the United States and Fraud.net may also maintain servers located in Europe or Asia. Fraud.net protects all personal data in accordance with this Service Privacy Policy wherever it is processed.

EU-US Privacy Shield and GDPR Framework

Fraud.net complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Principles as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Fraud.net has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Service Privacy Policy or the Website Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/

Fraud.net is committed to subjecting to the Privacy Shield Principles all personal data received from the European Union in reliance on the Privacy Shield. We comply with the Privacy Shield Principles regarding the handling of personal data. We may disclose information to comply with any court order, law or legal process, including to respond to any government or regulatory request, including in response by lawful requests to meet national security or law enforcement requirements in accordance with the EU-US Privacy Shield Framework. You may be able to invoke binding arbitration under certain conditions as described in the Privacy Shield Principles.

In accordance with the Privacy Shield Framework, Fraud.net has designated JAMS, a dispute resolution provider located in the United States, to address complaints and provide appropriate recourse free of charge. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information and to file a complaint. Fraud.net is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

As a processor, Fraud.net does not accept information directly from Customers’ Consumers, and Customers’ Consumers do not submit information directly to Fraud.net. Customers’ Consumers should first contact their respective Customers directly with concerns. In accordance with the EU-US Privacy Shield Principles (see “EU-US Privacy Shield Framework” below), Customers and Customers’ Consumers may access their personal data for the purpose of correcting, amending or deleting that information.

Should you have any questions and/or complaints, please feel free to contact us by submitting your request in writing to:

Fraud.net Inc.
Attn: Legal Department
330 7th Avenue
New York, NY 10001

Changes to Our Service Privacy Policy

This Service Privacy Policy may change from time to time. Any material changes will be posted to this page and we will notify you through a notice on the Website and/or by any other reasonable means. The date that the Service Privacy Policy was last modified is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Website and this Service Privacy Policy to check for any changes. Your continued use of the Services after we make changes is deemed to be acceptance of those changes.

Your California Privacy Rights

California Civil Code Section 1798.83 permits Customers who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to legal@fraud.net.