Privacy Policy

Last Updated: November 15, 2025

At Fidro, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our fraud detection and risk analysis API services ("Service"). Please read this policy carefully.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Name and email address
• Company name and website (if provided)
• Billing address and payment information
• Account preferences and settings

1.2 API Usage Data

When you use our API, we collect:

• Request Data: Email addresses, IP addresses, payment metadata, and other data you submit for fraud analysis
• Response Data: Risk scores, validation results, and recommendations we return
• Metadata: API keys used, timestamps, request/response sizes, HTTP status codes
• Geographic Data: IP-based location information derived from submitted requests

1.3 Technical Information

We automatically collect:

• Device type and operating system
• Browser type and version
• IP address and geographic location
• Cookie identifiers and similar tracking technologies
• Usage patterns and performance metrics

1.4 Communication Data

When you contact us, we collect:

• Email correspondence
• Support tickets and chat transcripts
• Feedback and survey responses

2. How We Use Your Information

2.1 Service Provision

We use your information to:

• Provide fraud detection and risk analysis services
• Process API requests and return results
• Maintain and improve our algorithms
• Authenticate users and prevent unauthorized access
• Generate invoices and process payments

2.2 Service Improvement

We use data to:

• Analyze usage patterns and optimize performance
• Develop new features and improve existing ones
• Train and refine our fraud detection models
• Generate anonymized statistics and insights
• Conduct research and development

2.3 Communication

We may use your email address to:

• Send service-related notifications
• Provide customer support
• Share product updates and new features
• Send billing and account information
• Request feedback (you may opt out of marketing emails)

2.4 Legal Compliance

We may use your information to:

• Comply with legal obligations and court orders
• Enforce our Terms of Service
• Protect our rights and prevent fraud
• Respond to lawful requests from authorities

3. Data Processing and Analysis

3.1 Fraud Detection

To provide our fraud detection service, we:

• Analyze email addresses for patterns indicating disposable or temporary addresses
• Evaluate IP addresses for risk indicators and geographic anomalies
• Process payment metadata to identify potential chargebacks
• Compare submitted data against known fraud patterns
• Maintain databases of fraud indicators and threat intelligence

3.2 Machine Learning

We use submitted data to:

• Train machine learning models for improved fraud detection
• Validate and test algorithm accuracy
• Generate aggregate statistics about fraud trends
• Improve risk scoring algorithms

Important: All machine learning training uses anonymized and aggregated data. Individual identifiable information is never shared or exposed in our models.

3.3 Anonymization

Before using data for analysis or model training, we:

• Remove or hash personally identifiable information
• Aggregate data across multiple sources
• Apply differential privacy techniques where appropriate
• Ensure individual records cannot be re-identified

4. Data Retention

4.1 API Request Data

• Active Accounts: API request and response data is retained for 90 days by default
• Enterprise Accounts: Custom retention periods may be negotiated
• Deleted Data: After the retention period, data is permanently deleted from our systems

4.2 Account Data

• Active Accounts: Retained for the duration of your account
• Closed Accounts: Retained for 30 days after account closure, then deleted
• Billing Records: Retained for 7 years as required by law

4.3 Aggregated Data

Anonymized and aggregated statistics may be retained indefinitely for research and service improvement.

5. Data Sharing and Disclosure

5.1 Third-Party Service Providers

We share data with trusted service providers who assist us in:

• Payment Processing: Stripe for billing and payment processing
• Email Services: Transactional email delivery
• Cloud Hosting: AWS for infrastructure and data storage
• Analytics: Service monitoring and performance analysis

All service providers are bound by confidentiality agreements and may only use your data to perform services on our behalf.

5.2 Business Transfers

If Fidro is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

5.3 Legal Requirements

We may disclose your information if required to:

• Comply with legal obligations, court orders, or subpoenas
• Enforce our Terms of Service
• Protect the rights, property, or safety of Fidro, our users, or others
• Detect, prevent, or address fraud, security, or technical issues

5.4 Aggregate Information

We may share anonymized, aggregated statistics about:

• Overall fraud trends and patterns
• Service usage and performance metrics
• Industry benchmarks and insights

This information cannot be used to identify individual users or accounts.

5.5 What We Don't Share

We NEVER:

• Sell your personal information to third parties
• Share your API request data with other customers
• Use your data for purposes unrelated to providing our Service
• Share identifiable information for marketing purposes

6. Data Security

6.1 Security Measures

We implement industry-standard security measures:

• Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
• Access Controls: Role-based access with least privilege principles
• Authentication: Multi-factor authentication for sensitive operations
• Monitoring: 24/7 security monitoring and intrusion detection
• Auditing: Regular security audits and penetration testing
• Isolation: Tenant data isolation and segregation

6.2 API Key Security

• API keys are hashed and encrypted in our database
• Full keys are only displayed once upon creation
• We monitor for suspicious API usage patterns
• You can revoke keys at any time through your dashboard

6.3 Data Breaches

In the event of a data breach:

• We will investigate and contain the incident immediately
• Affected users will be notified within 72 hours
• We will comply with all applicable breach notification laws
• We will take steps to prevent future incidents

6.4 Your Responsibility

You are responsible for:

• Keeping your account credentials and API keys secure
• Using secure connections (HTTPS) when calling our API
• Complying with security best practices in your applications
• Reporting suspected security issues promptly

7. Your Rights and Choices

7.1 Access and Correction

You have the right to:

• Access your account information and API usage data
• Correct inaccurate or incomplete information
• Export your data in a machine-readable format
• Request information about how we process your data

7.2 Deletion

You have the right to:

• Delete your account and associated data
• Request deletion of specific API request records
• Opt out of certain data processing activities

To exercise deletion rights, contact us at privacy@fidro.io.

7.3 Data Portability

You can:

• Export your account information at any time
• Download API request logs via the dashboard
• Request a complete copy of your data in JSON or CSV format

7.4 Marketing Preferences

You can:

• Opt out of marketing emails via the unsubscribe link
• Continue to receive essential service notifications
• Update communication preferences in your account settings

7.5 Do Not Track

We respect Do Not Track (DNT) browser signals and do not track users across websites.

8. Cookies and Tracking

8.1 Cookies We Use

• Essential Cookies: Required for authentication and service functionality
• Analytics Cookies: Help us understand how users interact with our Service
• Preference Cookies: Remember your settings and preferences

8.2 Cookie Management

You can control cookies through your browser settings. Note that disabling essential cookies may affect service functionality.

8.3 Third-Party Cookies

We do not use third-party advertising cookies. Analytics cookies are only used to improve our Service.

9. International Data Transfers

9.1 Data Location

Our primary servers are located in the United States. By using our Service, you consent to the transfer of your information to the United States and other countries where we operate.

9.2 International Protections

We implement appropriate safeguards for international data transfers:

• Standard Contractual Clauses for EU data
• Adequacy decisions where applicable
• Privacy Shield principles (where applicable)

10. Compliance with Privacy Laws

10.1 GDPR (European Union)

For users in the European Union, we comply with GDPR:

• Legal Basis: We process data based on consent, contract performance, legal obligations, and legitimate interests
• Data Protection Officer: Contact dpo@fidro.io for GDPR-related inquiries
• EU Rights: You have rights to access, rectification, erasure, restriction, portability, and objection
• Supervisory Authority: You may lodge complaints with your local data protection authority

10.2 CCPA (California)

For California residents, we comply with CCPA:

• Right to Know: What personal information we collect and how it's used
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt out of the "sale" of personal information (we don't sell data)
• Non-Discrimination: We won't discriminate against users who exercise their rights

10.3 Other Jurisdictions

We comply with applicable privacy laws in all jurisdictions where we operate, including:

• Canada's PIPEDA
• Australia's Privacy Act
• UK GDPR
• Brazil's LGPD

11. Children's Privacy

Our Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information promptly.

12. Your Data Processing Responsibilities

12.1 As a Data Controller

When you use our Service, you are typically the data controller for information you submit. You are responsible for:

• Ensuring you have legal authority to submit data to our Service
• Obtaining necessary consents from your end users
• Providing appropriate privacy notices to your users
• Complying with applicable data protection laws
• Responding to data subject requests from your users

12.2 Data Processing Agreement

For enterprise customers, we can provide a Data Processing Agreement (DPA) upon request. Contact sales@fidro.io for DPA inquiries.

12.3 Sub-Processors

A list of our sub-processors is available at fidro.io/sub-processors. We will notify you of any changes to our sub-processors with at least 30 days' notice.

13. Changes to This Privacy Policy

13.1 Updates

We may update this Privacy Policy from time to time to reflect:

• Changes in our practices
• Legal or regulatory requirements
• New features or services
• User feedback

13.2 Notification

We will notify you of material changes by:

• Email to your registered address
• Notice on our website or in the dashboard
• Update to the "Last Updated" date at the top of this policy

13.3 Continued Use

Your continued use of the Service after changes constitute acceptance of the updated Privacy Policy.

14. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or our data practices:

Fidro Privacy Team

• Email: privacy@fidro.io
• Data Protection Officer: dpo@fidro.io
• Support: support@fidro.io
• Website: https://fidro.io

Mailing Address: Fidro [Your Business Address] [City, State, ZIP]

15. Specific Rights by Region

15.1 European Economic Area (EEA) Users

• Right to access personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Rights related to automated decision-making

15.2 California Residents

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to say no to the sale of personal information
• Right to access personal information
• Right to equal service and price

15.3 Canadian Residents

• Right to access personal information
• Right to challenge accuracy and completeness
• Right to withdraw consent
• Right to file complaints with the Privacy Commissioner

16. Transparency Report

We maintain a transparency report detailing:

• Government requests for user data
• Law enforcement requests
• Data breach incidents
• Privacy-related statistics

Access our transparency report at fidro.io/transparency.

17. Privacy by Design

We incorporate privacy considerations into:

• Product development and feature design
• System architecture and infrastructure
• Data collection and processing workflows
• Security implementations
• Third-party integrations

---

Summary: We collect data necessary to provide fraud detection services, protect it with strong security measures, never sell it to third parties, and give you control over your information. If you have questions, please contact privacy@fidro.io.