Privacy and Security Policy
You can find resources about FraudRecord and client management software integrations here.

Website Visitor and Member Privacy Statement

Information that is gathered from visitors

In common with other websites, log files are stored on the web server saving details such as the visitor's IP address, browser type, referring page and time of visit.

Browser cookies are used to remember visitor preferences when interacting with the website. Browser cookies need to be enabled to use our website.

Third-party tracking cookies may be placed on your browser, such as Google Analytics cookies, by the third-party services we utilize to collect anonymised data about our visitors.

Where registration is required, identifyable information such as the member's email address, username and password, will be stored in our database.

How the Information is used

The information is used to enhance the visitor's experience when using the website to display personalised content.

E-mail addresses will not be sold, rented or leased to 3rd parties. We utilize the stored email addresses only to send transactional or informational emails.

E-mail may be sent to inform you of news related to our services or offers by us.

We do not send third-party offers via email unless the user submits an expcilit opt-in to our third-party offers list. The default is opt-out.

Visitor Options

If you have registered to one of our services, you may delete your account any time. This will delete all information we store about you, such as your email address and name. Our servers will automatically purge web access logs monthly, so your IP address information that may be stored in our access logs will be deleted as well.

You may be able to block cookies via your browser settings but this may prevent you from access to certain features of the website.

Cookies

Cookies are small digital signature files that are stored by your web browser that allow your preferences to be recorded when visiting the website. They may be used to track your return visits to the website, or to remember your login information.

How your Company Information is used

If you subscribe to our service, your company name and website will be stored in our database. They will be considered public, and may be visible to other subscribers in report pages, or sponsorhip lists. You can remove your company information along with every report you have submitted using our control panel. This will remove your data from our database.

Your company information will not be searchable. We will not disclose your membership details, such as your email address, to any potential advertiser or partner. We will not sell your private information to any third party for advertisement or other purposes.

Privacy and Security of Client Information Submitted by Our Members

"Client Information" is a part of our service, it is the submitted information of the clients of the users of our service. When one of our users submit information about their clients for reporting or verification purposes, we store the received information as "client information".

Our service requires collection of client information, in a uniquely encrypted way which cannot be reversed by any feasible means by anyone.

Collected Client Information

We only request and accept client information scrambled with an industry standard one-way encryption algorithms. The algorithm is a standard SHA-1 hash, iterated 32,000 times, and during each iteration, prefixed with a custom string that is "fraudrecord-". We only accept the final result, not the sensitive source information.

In this document, "unsecured information" means any piece of data, submitted through our service by members, containing sensitive client information, that was not hashed using one-way algorithms before reaching our servers.

Current industry standards and professional opinions of the experts in the field of data security all agree that this iterated and prefixed SHA-1 hash system is a one-way encryption, and there is no feasible way to retrieve actual client information from a hashed result. Our guarantee about the irreversibility of the encrypted information goes as far as the guarantees of the industry experts do.

If all guidelines are followed by our members, unsecured and sensitive client information never reaches our servers, and we have no way of accessing, storing or using any sensitive information.

It is possible for our members to inadvertently submit unsecured client data in the name of "extra information" in reports while using our service. This is not allowed by our own policies and we do not endorse or recommend submitting any unsecured client information. If we locate or receive a notice of unsecured information, we will immediately remove the said information from our database permanently. We will purge any backups or access logs that may contain the unsecured information.

Any client information that may be submitted via our website for one-way hashing on our side, is immediately destroyed from our server memory after hashing, leaving only the securely hashed version in our permanent database.

All access to our system involving sensitive client information (even if they are encrypted with industry standard algorithms) is provided through 128-bit or higher SSL encryption protocols.

Subject Access Request, Information Removal, and Right-to-be-Forgotten

We accept and process Subject Access requests and Information Removal requests. For EU citizens, we accept, among others, written requests and proof of EU citizenship to process these requests in relation to EU's GDPR law. We will comply with the requests within 30 days. The postal mail address for all requests is: Sepapaja tn 6, 15551, Tallinn, Estonia.

In cases of data removal requests, we may anonymize your information for statistical purposes before deleting any personally identifiable information.

Guarantees and Non-liability

We protect our database as much as technically possible from any intrusion. We only provide verification of a specific client data, we do not provide or allow any type of public listing of the stored information.

We provide all encryption and security protocols that can be technically provided between two distant servers. We do not accept any responsibility of leaked client information if the member fails to adhere to the standards we have laid out and provided.

Accepting to use our service means the user acknowledges that we do everything in our power to protect all information available to us, but we cannot guarantee any form of absolute security. We do not accept any responsibility or liability, financial or otherwise, concerning the client information of our users, in case of any form of security breach. Use our service at your own risk.

We reserve the right to change our policies at any time. We will notify our users of any pending changes, via email and our web portal, prior to any change. Users can cancel their membership and terminate their use of our services at any time.