Service Privacy Policy
Last Modified: April 4, 2023
This Service Privacy Policy (“Service Privacy Policy”) governs your use of the services and of our website fraud.net and its subdomains (the “Website”) as provided by Fraud.net Inc., a Delaware corporation, and its affiliates, successors, and/or assigns (“Fraud.net” or “we”). Fraud.net provides online businesses (our “Members” or “you”) with services that help Members detect and address fraud and other malicious behavior on their digital properties. In doing so, we collect and analyze information about how Internet users (“Members’ Customers” or “Users”) interact with our Members’ digital properties such as websites and mobile applications (their “Member Sites”). Any content, functionality, and services offered on or through our cloud-based, machine-learning platform or Website that is used to analyze, predict or prevent fraudulent activity as well as any of Fraud.net’s other products, services, or terms that may be incorporated herein through separate Work Order(s) executed by you and Fraud.net (“Work Order”), are referred to collectively as the “Services.” The Services identify patterns, using custom and global models that leverage both the specific Member’s data and data provided by all other Members enabling Members to streamline the review their Users’ activities and prevent misuse of their assets and services. This Service Privacy Policy should be read in conjunction with the Terms of Service, Website Privacy Policy, and, if applicable, the Work Order.
This Service Privacy Policy describes the types of information that we may collect from you or that you may choose to provide when you use our Services and our practices for collecting, using, maintaining, protecting and disclosing that information.
Note that this Service Privacy Policy does not describe our collection and use of information when visitors access our public website, fraud.net and its subdomains. Please see our Website Privacy Policy.
Member Information and How We Use It
Information Members send us about themselves (“Member Information”)
We collect information about each Member when they register for the Services such as company name, URL, address, industry, company size, fraud related information, and payment information. If the Member pays by credit card, our processor collects that information (we do not store full credit card information). We also collect personal information of those individuals that represent the Member in connection with the use of the Services such as name, job title, email address and phone number.
We use Member Information you provide to:
- provide Members with the Services and for billing and collections;
- create internal analysis and business analytics to improve the Services;
- notify Members regarding technical alerts, updates, security notifications and administrative communications
- send Members marketing information, including product updates, industry news and reports, if it is in accordance with their newsletter and marketing preferences, and any other purpose about which we notify Members.
At any time you may ask us to stop sending newsletters or marketing communications to you by clicking the “unsubscribe” link in an email that we send you. If you have any questions, on how to unsubscribe, contact us at support@fraud.net.
Service Data and How We Use It
Members may submit data through our application programming interface or through the API, including personal information and transaction data with respect to Members’ Customers. Such data includes but is not limited to email addresses, billing and shipping addresses, usernames, telephone numbers, payment information (does not include full credit card information), User behavior, transaction information and transaction history (collectively, “Service Data”
Fraud.net generates analysis and results using the Service Data, whether alone or in combination with other sources, and creates risk profiles for Users, risk assessments, and analytics reports based on the Service Data submitted (“Analytical Results”). Members own their Service Data, but Fraud.net owns the Services and Analytical Results. Each Member decides the types and format of the Service Data they wish to submit for analysis using the Services.
Members may also place JavaScript code issued by Fraud.net onto their Member Sites in order to enable us to collect unique device identifiers, including device metadata, from Users automatically. We collect and analyze this information to identify unique properties of the device being used, how the Users interact with the Member Sites, and IP locations for use in the creation of the Analytical Results.
Similarly, in connection with mobile applications, Members may integrate Fraud.net-provided software development kits (“SDKs”) to help prevent fraud that may occur through their applications. The SDKs provide Fraud.net more precise information about the Users’ locations such as GPS (if the location settings allow it) and IP address. Additionally, the SDKs collect phone-related metadata (including battery level, device properties, carrier name, motion and proximity information) and unique device identifiers.
From time to time, we may alter our device fingerprinting technology, SDKs, and APIs to improve their effectiveness.
Disclosure of Your Information to Third Parties and Liabilities
Vendors, consultants, and other service providers: We may share Member Information and Service Data with third party vendors, consultants, and other service providers who are working on our behalf and with whom the sharing of such information is necessary to undertake that work, e.g., to process billing or to provide customer support.
Data enrichment: We may share minimal User information (e.g., email addresses) with select third-party vendors for data enrichment purposes. Enriching data allows us to provide a richer subset of data from which to make more informed fraud risk assessments. For example, we share select user email addresses with third parties to obtain links to publicly available social profiles.
Vital interests and legal rights: We may disclose information about you if we believe it necessary to protect the vital interests or legal rights of Fraud.net, our Members, or the rights or property of others.
Corporate Affiliates and Transactions: We may provide Member Information and Service Data to our affiliates, including any subsidiary, parent company or company under common control with Fraud.net (collectively, “Affiliates”). Affiliates will use Member Information and Service Data only as described in this Service Privacy Policy. Additionally, if Fraud.net is involved in a merger, acquisition or sale of all or a portion of its assets, Member Information and Service Data may be shared or transferred as part of that transaction.
Fraud.net does not (i) share User information with third party marketers or advertisers; (ii) contact Members’ Customers; or (iii) identify individual Members to other Members as the source of Service Data for any Analytical Results.
Service Providers: We may use a 3rd party service provider to provide us with additional compute services and have defined terms and conditions with them in meeting our security principles and standards; and share liabilities should in case underlying principles and expectations are violated by either party.
Data Controllers: Furthermore, in our 3rd party due diligence process, we never share data directly to 3rd party data processors unless there exists a mutual contract between the ‘data controller’ and the 3rd party ‘data processor’. This limits our direct liability should in case data protection principles were not adhered by 3rd party data processor on behalf of the ‘data controller’.
Compliance with laws: We may disclose Member Information and Service Data to a third party where we are legally required to do so in order to comply with any applicable laws, regulations, legal process, or law enforcement or government requests.
Your Rights, Limiting Use and Disclosure as a Data Subject
By law, especially in EU regions, you can ask us what information we hold about you, and you can ask us to correct it if it is inaccurate. If we have asked for your consent to process your personal data, you may withdraw that consent at any time.
If we are processing your personal data for reasons of consent or to fulfill a contract, you can ask us to give you a copy of the information in a machine-readable format so that you can transfer it to another provider.
If we are processing your personal data for reasons of consent or legitimate interest, you can request that your data be erased. You have the right to ask us to stop using your information for a period of time if you believe we are not doing so lawfully. Finally, in some circumstances, you can ask us not to reach decisions affecting you using automated processing or profiling.
To submit a request regarding your personal data by email, post or telephone, please use the contact information provided below in the Accessing and Correcting Your Information section of this policy.
Your Right to Complain
If you have a complaint about our use of your information, we would prefer you to contact us directly in the first instance so that we can address your complaint. However, you can also contact the Information Commissioner’s Office via their website at www.ico.org.uk/concerns or write to them at:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Accessing and Correcting Your Information
If you want Fraud.net to correct Your Information that is stored on Fraud.net systems, please submit your request in writing to:
Fraud.net Inc.
Attn: Legal Department
244 5th Avenue, 2nd floor
New York, NY 10001
Subject to our ability to verify your request, Fraud.net will correct the Information within thirty (30) days of receipt of your request.
Information Security
Fraud.net is committed to privacy and security. Members may contact us for additional information regarding our security measures. Examples of Fraud.net’s security measures include physical, electronic, and procedural safeguards; sophisticated security monitoring tools; documented security policies; use of strong encryption for transmissions to and from Fraud.net Members; restricting access to personally identifiable information; and periodic security reviews by third party security experts.
Following termination or deactivation of an account, we may retain personal information and content for backup, archival, audit, disaster recovery, or otherwise in accordance with the Terms of Service and applicable law.
International Data Transfer
Information collected via the Services is transferred to and hosted on our servers in the United States and Fraud.net may also maintain servers located in Europe or Asia. Fraud.net protects all personal data in accordance with this Service Privacy Policy wherever it is processed.
EU-US Privacy Shield and GDPR Framework
“On July 16, 2020, the Court of Justice of the European Union issued a judgment declaring as “invalid” the European Commission’s Decision (EU) 2016/1250 of 12 July 2016 on the adequacy of the protection provided by the EU-U.S. Privacy Shield. As a result of that decision, the EU-U.S. Privacy Shield Framework is no longer a valid mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States. This decision does not relieve participants in the EU-U.S. Privacy Shield of their obligations under the EU-U.S. Privacy Shield Framework.”
Fraud.Net has been compliant with the EU-US Privacy Shield and follows its recommended best practices. However, given the invalidation by The Court of Justice of the European Union (“CJEU”) as mentioned above, and its subsequent ruling that international data flows under the European Union’s comprehensive data protection regime, the GDPR, can continue to be EU standard Contractual Clauses, there is no impact on Fraud.net’s privacy notification and practices due to EU-US Privacy Shield Framework invalidation as it already complies with GDPR expectations by keeping EU data segregated in the EU jurisdiction by design. Furthermore, GDPR itself recognizes the importance of fraud prevention within two of its recitals, and falls into an exception category.
Recital 47: “The processing of personal data strictly necessary for the purposes of preventing fraud also constitutes a legitimate interest of the data controller concerned…”
Recital 71: “decision-making based on … profiling should be allowed where expressly authorized by … law … including for fraud or tax evasion monitoring and prevention purposes”
Fraud.net is committed and continues to follow the best practices as outlined in GDPR Principles for all personal data received from the European Union. We may disclose information to comply with any court order, law or legal process, including to respond to any government or regulatory request, including in response by lawful requests to meet national security or law enforcement requirements in accordance with the GDPR and other regulations, and you have a right to complain, correct or update the same as mentioned in the previous sections (Your Rights, Limiting Use and Disclosure as a Data Subject, Your Right to Complain, Accessing and Correcting Your Information ) of this Privacy Policy.
Summary of our best practices on data protection can be found here.
Should you have any questions and/or complaints, please feel free to contact us by submitting your request in writing to:
Fraud.net Inc.
Attn: Legal Department
244 5th Avenue, 2nd floor
New York, NY 10001
Changes to Our Service Privacy Policy
This Service Privacy Policy may change from time to time. Any material changes will be posted to this page and we will notify you through a notice on the Website and/or by any other reasonable means. The date that the Service Privacy Policy was last modified is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Website and this Service Privacy Policy to check for any changes. Your continued use of the Services after we make changes is deemed to be acceptance of those changes.
Your California Privacy Rights
California Civil Code Section 1798.83 permits Members who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to legal@fraud.net.