Privacy and Security Policy
This Privacy and Security Policy outlines how FraudRecord collects, uses, and protects your information. By using our services, you agree to the terms of this policy.

FraudRecord Service

Features

Resources

Join FraudRecord

Protect your business from fraud today

Get Started Guide

Website Visitor and Member Privacy Statement

Information Gathered from Visitors

Like many websites, our web server stores log files containing details such as the visitor’s IP address, browser type, referring page, and the time of visit.

Browser cookies are used to remember visitor preferences during interactions with our website. Cookies must be enabled to use our website fully.

Third-party tracking cookies, such as those used by Google Analytics, may be placed on your browser by third-party services we use to collect anonymized statistical data about our visitors.

Where registration is required, identifiable information such as the member’s email address, username, and password will be securely stored in our database.

How the Information Is Used

This information is used to enhance the visitor experience on our website, including displaying personalized content.

Email addresses are not sold, rented, or leased to third parties. We use stored email addresses to send transactional or informational emails relevant to your account and our services.

We may occasionally send emails to inform you about news or updates related to our services or offers provided by us.

We do not send third-party offers via email unless the user has explicitly opted in to receive such offers. The default setting is opted out.

Visitor Options

If you have registered for any of our services, you may delete your account at any time. This process will remove all information we store about you, including your email address and name. Our servers automatically purge web access logs monthly, ensuring that your IP address and other related information are also deleted in due course.

You can block cookies via your browser settings; however, doing so may prevent access to certain features of the website.

Cookies

Cookies are small digital signature files stored by your web browser that record your preferences when visiting the website. Cookies may be used to track return visits or to remember your login information.

How Your Company Information Is Used

If you subscribe to our service, your company name and website will be stored in our database. This information is considered public and may be visible to other subscribers on report pages or sponsorship lists. You can remove your company information along with any reports you have submitted using our control panel, which will remove your data from our database.

Your company information is not searchable. We do not disclose your membership details, such as your email address, to any potential advertiser or partner. We do not sell your private information to any third party for advertising or any other purposes.

Privacy and Security of Client Information Submitted by Our Members

“Client Information” refers to data about the clients of our members, submitted as part of our service for reporting, verification, or tracking purposes. When a user submits client information, we store it as “collected client information” as defined further in this policy.

Our service requires the collection of client information in a uniquely encrypted format that cannot feasibly be reversed by any party.

Collected Client Information

We only request and accept client information that has been scrambled using industry-standard one-way encryption algorithms. Specifically, the algorithm is a standard SHA-1 hash, iterated 32,000 times, with each iteration being prefixed with a custom string (“fraudrecord-”). We only accept and store the final hashed result, never the original sensitive information.

In this document, “unsecured information” means any data submitted through our service by members that contains sensitive client information and was not hashed using a one-way algorithm before reaching our servers.

According to current industry standards and expert opinions in data security, this iterated and prefixed SHA-1 hash system constitutes one-way encryption. There is no feasible method to recover the original client information from the hashed result. Our guarantee regarding the irreversibility of encrypted information is consistent with guarantees made by industry experts.

If all guidelines are followed by our members, unsecured and sensitive client information may never reach our servers when using API connections, meaning we do not access, store, or use any sensitive information.

It is possible for members to inadvertently submit unsecured client data as “extra information” in their reports. This is strictly prohibited by our policies, and we do not endorse or recommend submitting any unsecured information. Upon discovering or being notified of any unsecured information, we will immediately and permanently remove such information from our database.

Any client information submitted via our website for one-way hashing on our end is immediately deleted from our server memory after hashing, leaving only the securely hashed version in our permanent database.

All access to our system involving sensitive client information (even when encrypted with industry-standard algorithms) is protected by SSL encryption protocols.

Subject Access Requests, Information Removal, and Right-to-be-Forgotten

We accept and process Subject Access Requests and Information Removal Requests. For EU citizens, we comply with requests related to the EU’s GDPR law and accept written requests accompanied by proof of EU citizenship. We will process such requests within 30 days. Written requests can be sent to: Sepapaja tn 6, 15551, Tallinn, Estonia.

When processing data removal requests, we may anonymize your information for statistical and technical purposes prior to deleting your personally identifiable data.

Guarantees and Limitations of Liability

We protect our database to the fullest extent technically possible from unauthorized access and intrusion. We only provide verification of specific client data and do not allow or offer any form of public listing of stored information.

We employ all feasible encryption and security protocols for data transfers between servers. However, we do not accept responsibility for any client information leaks resulting from members’ failure to adhere to our documented security standards.

By using our service, you acknowledge that we undertake all reasonable measures to protect information in our possession, but we cannot guarantee absolute security. We accept no responsibility or liability, financial or otherwise, for client information submitted by our users in the event of any security breach. Use of our service is at your own risk.

We reserve the right to amend these policies at any time. We may update these policies at any time, but will notify users via email and our web portal prior to the changes taking effect, typically providing at least 30 days’ notice before the effective date. Users may cancel their membership and discontinue the use of our services at any time.