Privacy Policy
This Privacy Policy explains how FraudGuard.dev ("we", "us", "our") collects, uses, stores and protects personal data in connection with our duplicate account detection and fraud prevention platform, including this website.
We are committed to handling personal data in compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable national data protection legislation.
1. Who we are
FraudGuard.dev is the trading name of the operator of this service. We act as:
- Data Controller for personal data you provide directly to us (e.g. via the contact form on this website).
- Data Processor for personal data of end-users submitted to our API by our operator clients ("Tenants"). In that capacity we process data strictly on behalf of and under the instructions of the relevant Tenant (the Data Controller).
Contact for data protection matters: [email protected]
2. Data we collect and why
A. Contact form submissions
When you submit an inquiry via our contact form we collect:
- Full name
- Email address
- Company or organisation name (optional)
- Message content
- Consent record (timestamp of checkbox tick)
Legal basis: Legitimate interest (responding to a business inquiry) and consent. Purpose: To respond to your inquiry and, where relevant, to discuss a commercial arrangement.
B. Dashboard account data
For Tenant administrators and operators who access the FraudGuard dashboard we store:
- Email address and hashed password
- Full name (optional)
- Role and account status
- Last login timestamp
- Security event log entries (IP address, user-agent, event type) — retained for 90 days
Legal basis: Performance of a contract (service delivery). Purpose: Authentication, access control, and audit trail for security incidents.
C. End-user data processed on behalf of Tenants
Our API receives account registration data submitted by Tenants for duplicate and abuse detection. This may include names, email addresses, phone numbers, IP addresses, device identifiers and similar registration attributes. We process this data exclusively as a Data Processor under instruction from the Tenant and do not use it for our own purposes beyond service delivery.
D. Technical and diagnostic data
We use Sentry (Functional Software Inc.) for error tracking. Sentry may capture anonymised stack traces, request metadata and, where errors occur in authenticated contexts, the user identifier. IP addresses are not forwarded to Sentry. For details see sentry.io/privacy.
3. How long we retain data
- Contact form data: up to 24 months from the date of submission, or until you request deletion.
- Dashboard account data: for the duration of the contract with the Tenant plus 30 days after account deletion.
- Security event logs: 90 days on a rolling basis.
- Tenant end-user data: governed by the Data Processing Agreement with each Tenant.
- Diagnostic data (Sentry): 90 days per Sentry's standard retention.
4. Who we share data with
We do not sell personal data. We share data only with the following sub-processors where necessary to deliver the service:
- Resend (email delivery for transactional messages such as OTP codes and notifications) — data transferred on the basis of Standard Contractual Clauses.
- Sentry (error tracking) — data transferred on the basis of Standard Contractual Clauses.
- Hosting provider — server infrastructure within the EU/EEA.
We may also disclose data where required by applicable law or regulation, or to protect the legal rights of FraudGuard.dev.
5. International transfers
Where data is transferred outside the European Economic Area (EEA), we ensure an appropriate level of protection through Standard Contractual Clauses (SCCs) approved by the European Commission or equivalent safeguards.
6. Cookies and local storage
This website does not use tracking or advertising cookies. The dashboard application stores the following in your browser:
- access_token (HttpOnly cookie) — JWT session token, expires in 8 hours.
- csrf_token (cookie) — CSRF protection token, expires in 8 hours.
- trusted_device (HttpOnly cookie) — optionally set when you choose to trust a device during two-factor authentication, valid for 30 days.
- fg-theme, fg-lang, fg-fontsize, fg-pagesize (localStorage) — UI preferences, stored only on your device.
None of these are used for tracking, profiling, or advertising.
7. Your rights under GDPR
If we are the Data Controller for your personal data, you have the right to:
- Access — obtain a copy of the personal data we hold about you.
- Rectification — ask us to correct inaccurate or incomplete data.
- Erasure — request deletion of your data where there is no overriding legal ground to retain it.
- Restriction — ask us to restrict processing in certain circumstances.
- Portability — receive your data in a structured, machine-readable format.
- Objection — object to processing based on legitimate interests.
- Withdrawal of consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, email [email protected]. We will respond within 30 days. If you believe we have handled your data unlawfully, you have the right to lodge a complaint with your national supervisory authority (e.g. the ICO in the UK, UODO in Poland, or the relevant EU data protection authority).
8. Security
We apply appropriate technical and organisational measures to protect personal data, including encrypted transit (TLS), bcrypt password hashing, HttpOnly and SameSite=Strict cookies, JWT session invalidation on password change, account lockout after repeated failed attempts, and immutable security event logging.
9. Changes to this policy
We may update this Privacy Policy from time to time. The date at the top of the page will always reflect the latest revision. For material changes we will notify Tenant administrators by email.
10. Contact
For any privacy-related queries or requests:
- Email: [email protected]
- General: [email protected]