Privacy Policy for USA and all other
non-UK and EU countries
Effective date: October 2025

Fraud Deflect is committed to your right to privacy. Reference to “Fraud Deflect,” “we,” “us,” “our” or the “Company” is a reference to Fraud Deflect, LLC and the relevant affiliates involved in the data processing activity, including the collection, holding use and disclosure of Personal Data. This privacy policy “the “Privacy Policy”) is an integral part of our terms and conditions applicable to you and governs the data collection, processing, use, transfer and disclosure made by us in connection with:


(i) Visitors to our website: www.frauddeflect.com and www.portal.frauddeflect.net (respectively, “Visitor” and “Website”);
(ii) The services provided by Fraud Deflect, including fraud detection and prevention services to our business customers (respectively, the “Fraud Deflect Solution” and “Merchants”); and
(iii) Other related services and applications (collectively, the “Services”).


Each of the Visitors and Merchants shall also be referred to herein as “you” or “User”. If you choose to use the Services, interact with the Website, or provide data to us otherwise, you explicitly agree to the use of such data in accordance with this Privacy Policy. You may not use the Website and/or Services or submit any data through them if you do not agree to any of the terms hereunder. This Privacy Policy shall not be construed in any manner to derogate from the terms and conditions of the Website, or any other agreement or understanding between Fraud Deflect and you.


The English language version of this Privacy Policy shall be controlling in all respects and shall prevail in case of any inconsistencies or discrepancies with translated versions of this Privacy Policy (including any related documents).


THE HIGHLIGHTS:
● Our Website and Services are intended for Users over the age of 16, or equivalent minimum age for either providing consent to processing of Personal Data or using the Services in the relevant jurisdiction. Users under such age are not permitted to use the Services. In certain jurisdictions using the Services may be restricted for Users under the age of 21.

● In certain jurisdictions, you will be entitled under applicable law to request; review access; amend, correct, erase; restrict; or port the Personal Data processed by us. Please note that in case you request to erase, or restrict the processing, or withdraw consent to the processing of your Personal Data, your use of the Services may be restricted or disabled. You may be entitled to exercise additional

rights under the CCPA.

● We do not sell, trade, or rent Users’ Personal Data to third parties. We only share Personal Data with third parties in connection with the provision of the Services to our Users, or other limited circumstances as specified herein.

● If you have any questions or requests regarding your Personal Data, or would otherwise like to contact us in connection with this Privacy Policy, please send us an email to: privacy@frauddeflect.com.


  1. What is Personal Data, and what data is collected about me by Fraud Deflect?
    “Personal Data” or “Personal Information” (will be referred together as “Personal Data”), means any information about an identifiable individual or that identifies or can be used to identify a natural person, directly or indirectly, including, but not limited to, first and last name, phone number, email address, online identifiers, IP address or other online identifiers, billing information, information concerning households, devices etc. “Non-Personal Data”, means non-identifiable aggregated data or anonymized data that falls outside the definition of Personal Data. This data is not used to identify individuals.


  2. For what purposes and based on which legal bases do we process your Personal Data?
    In general, we may use certain of the Personal Data mentioned herein for the scenarios described below.

Fraud Deflect is committed to your right to privacy. Reference to “Fraud Deflect,” “we,” “us,” “our” or the “Company” is a reference to Fraud Deflect, LLC, the data controller. We may also process your data through relevant affiliates of Fraud Deflect, LLC involved in the data processing activity, including the collection, holding use and disclosure of Personal Data. Our representative in the EU is privacy@frauddeflect.com.


This privacy policy “the “Privacy Policy”) is an integral part of our terms and conditions applicable to you and governs the data collection, processing, use, transfer and disclosure made by us in connection with processing activities where we act as a controller. When we act as a controller, the processing activities are related to:


(i) Visitors to our website: www.frauddeflect.com (respectively, “Visitor” and “Website”);
(ii) Fraud Deflect customers, including merchants and retailers that utilize the services provided by Fraud Deflect, including fraud detection and prevention services (respectively, “Merchants” and the “Fraud Deflect Solution”); and
(iii) Other related services and applications (collectively, the “Services”).


When we act as a processor, we process Personal Data on behalf of Merchants with respect to transactions made by Merchant’s customers (a “Customer”), which are monitored by the Fraud Deflect Solution. If you are a Customer, we are a data processor of your Personal Data on behalf of the Merchant, who is the data controller. Please refer to Merchant’s privacy policy for more information on the processing of your data.


This Privacy Policy shall not be construed in any manner to derogate from the terms and conditions of the Website, or any other agreement or understanding between Fraud Deflect and you.

Except as required by local law, the English language version of this Privacy Policy shall be controlling in all respects and shall prevail in case of any inconsistencies or discrepancies with translated versions of this Privacy Policy (including any related documents).


THE HIGHLIGHTS:
● Our Website and Services are intended for Users over the age of 16, or equivalent minimum age for either providing consent to processing of Personal Data or using the Services in the relevant jurisdiction. Users under such age are not permitted to use the Services. In certain jurisdictions using the Services may be restricted for Users under the age of 18 or 21.
● In certain jurisdictions, such as the European Union and the United Kingdom, you will be entitled under applicable law to request; review access; amend, correct, erase; restrict; or port the Personal Data processed by us. Please note that in case you request to erase, or restrict the processing, or withdraw consent to the processing of your Personal Data, your use of the Services may be restricted or disabled.
● We do not sell, trade, or rent Users’ Personal Data to third parties. We only share Personal Data with third parties in connection with the provision of the Services to our Users, or other limited circumstances as specified herein.
● If you have any questions or requests regarding your Personal Data, or would otherwise like to contact us in connection with this Privacy Policy, please send us an email to: privacy@frauddeflect.com.


  1. What is Personal Data, and what data is collected about me by Fraud Deflect? “Personal Data” or “Personal Information” (will be referred together as “Personal Data”), means any information about an identifiable individual or that identifies or can be used to identify a natural person, directly or indirectly, including, but not limited to, first and last name, phone number, email address, online identifiers, IP address or other online identifiers, billing information, information concerning households, devices etc. “Non-Personal Data”, means non-identifiable aggregated data or anonymized data that falls outside the definition of Personal Data. This data is not used to identify individuals.

  2. For what purposes and based on which legal bases do we process your Personal Data?
    In general, we may use certain of the Personal Data mentioned herein for the scenarios described below.


We may also process personal data in order to prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts and any other misuse of the Services. We may also use the Personal Data mentioned herein to enforce the agreement applicable to you, as well as to protect the security or integrity of our databases and Services. Such processing is based on our legitimate interests or based on legal obligation.


Below, we describe three scenarios where we may use Personal Data. In each scenario we separately describe (i) the type of user and type of data, (ii) the purposes for which we may collect, use or disclose this Personal Data, (iii) the legal basis under GDPR for collecting this information, if applicable, and (iv) the retention periods.


Scenario A

When acting as a controller of Merchants related data, Personal Data is only used for the purposes specified below:


Type of user and type of Data If you register as a Merchant to our Services, we will collect, use and disclose your information during the registration process. Such information includes, but is not limited to, your name, position, region, company, email address, contact details of your contact person, financial information (e.g., bank account details), etc. This information is collected from you directly when you engage with us (for instance when executing an agreement with us or signing a purchase order). We collect this information directly from you when you ask for a demo or when you engage with Fraud Deflect in a merchant agreement.

Fraud Deflect is committed to your right to privacy. Reference to “Fraud Deflect,” “we,” “us,” “our” or the “Company” is a reference to Fraud Deflect, LLC, the data controller. We may also process your data through relevant affiliates of Fraud Deflect, LLC involved in the data processing activity, including the collection, holding use and disclosure of Personal Data. Our representative in the EU is privacy@frauddeflect.com.


This privacy policy “the “Privacy Policy”) is an integral part of our terms and conditions applicable to you and governs the data collection, processing, use, transfer and disclosure made by us in connection with processing activities where we act as a controller. When we act as a controller, the processing activities are related to:


(i) Visitors to our website: www.frauddeflect.com (respectively, “Visitor” and “Website”);
(ii) Fraud Deflect customers, including merchants and retailers that utilize the services provided by Fraud Deflect, including fraud detection and prevention services (respectively, “Merchants” and the “Fraud Deflect Solution”); and
(iii) Other related services and applications (collectively, the “Services”).


When we act as a processor, we process Personal Data on behalf of Merchants with respect to transactions made by Merchant’s customers (a “Customer”), which are monitored by the Fraud Deflect Solution. If you are a Customer, we are a data processor of your Personal Data on behalf of the Merchant, who is the data controller. Please refer to Merchant’s privacy policy for more information on the processing of your data.


This Privacy Policy shall not be construed in any manner to derogate from the terms and conditions of the Website, or any other agreement or understanding between Fraud Deflect and you.

Except as required by local law, the English language version of this Privacy Policy shall be controlling in all respects and shall prevail in case of any inconsistencies or discrepancies with translated versions of this Privacy Policy (including any related documents).


THE HIGHLIGHTS:
● Our Website and Services are intended for Users over the age of 16, or equivalent minimum age for either providing consent to processing of Personal Data or using the Services in the relevant jurisdiction. Users under such age are not permitted to use the Services. In certain jurisdictions using the Services may be restricted for Users under the age of 18 or 21.
● In certain jurisdictions, such as the European Union and the United Kingdom, you will be entitled under applicable law to request; review access; amend, correct, erase; restrict; or port the Personal Data processed by us. Please note that in case you request to erase, or restrict the processing, or withdraw consent to the processing of your Personal Data, your use of the Services may be restricted or disabled.
● We do not sell, trade, or rent Users’ Personal Data to third parties. We only share Personal Data with third parties in connection with the provision of the Services to our Users, or other limited circumstances as specified herein.
● If you have any questions or requests regarding your Personal Data, or would otherwise like to contact us in connection with this Privacy Policy, please send us an email to: privacy@frauddeflect.com.


  1. What is Personal Data, and what data is collected about me by Fraud Deflect? “Personal Data” or “Personal Information” (will be referred together as “Personal Data”), means any information about an identifiable individual or that identifies or can be used to identify a natural person, directly or indirectly, including, but not limited to, first and last name, phone number, email address, online identifiers, IP address or other online identifiers, billing information, information concerning households, devices etc. “Non-Personal Data”, means non-identifiable aggregated data or anonymized data that falls outside the definition of Personal Data. This data is not used to identify individuals.

  2. For what purposes and based on which legal bases do we process your Personal Data?
    In general, we may use certain of the Personal Data mentioned herein for the scenarios described below.


We may also process personal data in order to prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts and any other misuse of the Services. We may also use the Personal Data mentioned herein to enforce the agreement applicable to you, as well as to protect the security or integrity of our databases and Services. Such processing is based on our legitimate interests or based on legal obligation.


Below, we describe three scenarios where we may use Personal Data. In each scenario we separately describe (i) the type of user and type of data, (ii) the purposes for which we may collect, use or disclose this Personal Data, (iii) the legal basis under GDPR for collecting this information, if applicable, and (iv) the retention periods.


Scenario A

When acting as a controller of Merchants related data, Personal Data is only used for the purposes specified below:


Type of user and type of Data If you register as a Merchant to our Services, we will collect, use and disclose your information during the registration process. Such information includes, but is not limited to, your name, position, region, company, email address, contact details of your contact person, financial information (e.g., bank account details), etc. This information is collected from you directly when you engage with us (for instance when executing an agreement with us or signing a purchase order). We collect this information directly from you when you ask for a demo or when you engage with Fraud Deflect in a merchant agreement.

Type of user and type of Data

Purposes for which we may collect, use or disclose this Personal Data

Merchants onboarding. If you register as a Merchant to our Services, we will collect, use and disclose your information during the registration process. Such information includes, but is not limited to, your name, position, region, company, email address, contact details of your contact person, financial information, etc. This information is collected from you directly when you engage with us (for instance when executing an agreement with us or signing a purchase order). We collect this information directly from you when you ask for a demo or when you engage with Fraud Deflect in a merchant agreement.

● To onboard you to our Services and/or implement the Fraud Deflect Solution within your platform;

● To provide you with the Services;

● To identify authorized Users to access the Services;

● To resolve any disputes, communicate with you regarding customer service and support issues, and to respond to questions or comments and help resolve any problems.

● Technical Information, Geolocation and Online Identifiers

We collect technical information transmitted by your device when using the Website, this information includes: type of the operating system and device used to access the Website, date and time stamp, language preferences, approximate geolocation (i.e., country/state), and your actions such as page views, search queries, etc. This information is collected automatically from you when you are using the Website.

● Technical Information, Geolocation and Online Identifiers

We collect technical information transmitted by your device when using the Website, this information includes: type of the operating system and device used to access the Website, date and time stamp, language preferences, approximate geolocation (i.e., country/state), and your actions such as page views, search queries, etc. This information is collected automatically from you when you are using the Website.

● Technical Information, Geolocation and Online Identifiers

We collect technical information transmitted by your device when using the Website, this information includes: type of the operating system and device used to access the Website, date and time stamp, language preferences, approximate geolocation (i.e., country/state), and your actions such as page views, search queries, etc. This information is collected automatically from you when you are using the Website.

● To identify authorized users of the Services;

● To access and use the Services.

● To resolve any disputes, communicate with you regarding customer service and support issues, and to respond to questions or comments and help resolve any problems.

Consumers Using the Fraud Deflect Solution. When Merchants use the Services, namely the Fraud Deflect Solution to detect and prevent fraud, we collect use and disclose certain information about you. Such information includes your full name, user ID, email, phone number, billing address supplied by you. We will collect use and disclose additional information about Merchant’s consumers, including device and network data (e.g., IP addresses, user agent strings, device identifiers, cookies, session IDs, referrers), transaction and account data (e.g., order IDs, payment instrument tokens, billing and shipping addresses, account metadata, charge outcomes), Behavioral and risk signals (e.g., timestamps, event type, geolocation approximations, velocity, link analysis, model features and scores) and support artifacts (e.g., logs, screenshots, tickets, and similar records).

● To provide you with the Services, and enable you to detect and prevent fraud, therefore we will share with our Merchants information we collected from you.

● To resolve any disputes, communicate with you regarding customer service and support issues and to respond to questions or comments and help resolve any problems.

Contact Us Information. If you contact us via the “Contact Us” or “Book a Demo” feature available through the Website our otherwise, we may collect certain information regarding you, such as your full name, your email address, your phone number, your company, and how many chargebacks you receive a month on average. We collect this information directly from you when you contact us.

● To answer your queries and provide you with the services you requested from us.


  1. Does Fraud Deflect use cookies?
    Yes, we use data files such as cookies, pixel tags, “Flash cookies” or other local storage files provided by your browser or associated applications. We use these technologies for different purposes such as in order to recognize you as a user; customize our Site and Services, content, and advertising; measure promotional effectiveness; help ensure that your account security is not compromised; mitigate risk and prevent fraud; and to promote trust and safety across our Website and Services. These cookies also help us track how visitors use the Site and our Services.

  2. Will Fraud Deflect Share My Personal Data With Others?
    WE DO NOT SELL OR RENT ANY OF YOUR PERSONAL DATA TO NON-AFFILIATED THIRD PARTIES FOR THEIR MARKETING PURPOSES.

    4.1 Non-Personal Data, aggregate and statistical or otherwise anonymized data may be shared without limitation with third parties at our discretion. This information does not contain Personal Data and is used to improve fraud detection and prevention, account security, abuse and incident response and service integrity for our Merchants.

    4.2 We share Personal Data only under the following limited circumstances:

    4.2.1 With partners who are an integral part of our Services, such as the card network, processor, gateway or ISO with whom our Merchants process payment transactions.

    4.2.2 With trusted third parties who assist us in operating the Services and conducting our business.

    4.2.3 As necessary to provide the Services, based on our legitimate interest in preventing illegal and fraudulent actions.

    4.2.4 To comply with a legal requirement, for the administration of justice, to protect your vital interests or the vital interests of others, to protect the security or integrity of our databases or the Services, to take precautions against legal liability, or in the event of a corporate sale, merger, reorganization, dissolution or similar event.

    4.2.5 Other third parties with your consent or direction to do so.


  3. Will Fraud Deflect transfer my Personal Data internationally?
    Personal Data will be held on servers located in the U.S. and may be processed by our team in Brazil. Therefore, your Personal Data may be stored or processed in countries in which the privacy laws provide for a different level of protection for your Personal Data than that which exists in your country of residence. If you would like to receive more information about our practices and policies with respect to our use of service providers and the jurisdictions in which they are located, by the contact information provided below.


  4. Will I receive promotional materials from Fraud Deflect?
    If you (e.g., a website user) provided us with your consent, we may send information on new products, features, activities, services and periodic announcements or newsletters. You may opt-out any time from such communications by either: (i) using an “unsubscribe” feature available within the message; or (ii) sending us an email to: privacy@frauddeflect.com asking to opt-out.


  5. Persons under 16
    Our Website is a general audience Website, which is not directed to persons under 16 years old. If a parent or guardian becomes aware that his/her child has provided us with Personal Data without their consent, he/she should contact us immediately. We do not knowingly collect or solicit Personal Data from people under 16 years old. If we become aware that a person under 16 years old has provided us with Personal Data, we will delete such data from our databases.


  6. Users rights with respect to Personal Data
    Subject to applicable law requirements, we will provide individuals with the opportunity to exercise their rights regarding their Personal Data. Notwithstanding anything here to the contrary, Individuals looking to assert their rights with respect to their Personal Data should contact their respective Merchants.


  1. How does Fraud Deflect protect my data?
    Fraud Deflect implements measures to reduce the risks of loss of information and unauthorized access or use of information. We adopt appropriate and generally accepted data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your Personal Data, including locks, unique access codes and closed circuit TV protection of relevant data storage sites. However, these measures are unable to provide absolute information security. Therefore, although efforts are made to secure your personal information, it is not guaranteed and you cannot reasonably expect that the Service and its related databases will be immune from any wrongdoings, malfunctions, unauthorized interceptions or access, or other kinds of abuse and misuse.


  2. . Data Retention
    Unless you instruct us otherwise and subject to applicable laws, we retain the information we collect for as long as needed to provide the Services and to comply with our legal obligations, resolve disputes and enforce our agreements if applicable. Upon customer request, we delete or return personal data within sixty (60) days.


  3. . Applicable Laws
    The provisions included in this Privacy Policy relating to matters that may be regulated under the Canadian privacy laws or the CCPA and therefore will apply only to the processing of Personal Data (or Personal Information) which is subject to the Canadian privacy laws or the CCPA in accordance with the applicability provisions contained therein. Additionally, collection and processing of certain Personal Data by Fraud Deflect may be regulated under Federal laws or other applicable laws, in such case this data may be exempted from CCPA requirements.


  4. . Questions or concerns regarding privacy
    If you have any questions or concerns regarding privacy issues, please send us a detailed message to privacy@frauddeflect.com and we will make every effort to resolve your concerns without delay.
    Fraud Deflect may, at any time and from time to time, modify this Privacy Policy. Modifications to this Privacy Policy will be posted on the Website and shall be effective as of the date in which they are posted on the Website. If you require a copy of this Privacy Policy in a different format, such as a PDF or hard copy, please contact us at privacy@frauddeflect.com and we will take reasonable steps to comply with your request.


  5. . PRIVACY NOTICE FOR CALIFORNIA RESIDENTS UNDER THE CALIFORNIA CONSUMER PRIVACY ACT

    This section for California Residents under the California Consumer Privacy Act of 2018 (respectively, “Privacy Notice” and “CCPA”) supplements the information contained in our general Privacy Policy and applies solely to all visitors, users, and others who reside in the State of California (“consumers” or “you”), as defined under the CCPA. Any terms defined in the CCPA have the same meaning when used in this Privacy Policy. Further, this Privacy Notice is an integral part of our Privacy Policy and thus, definitions used herein but not defined herein shall have the meaning ascribed to them in our Privacy Policy.


    TYPES OF PERSONAL INFORMATION WE COLLECT

    Under the CCPA, “Personal Information” is defined as any information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household or device. The categories of Personal Information that we collect (and has collected within the last 12 months), are detailed in the table below. Please note that, under the CCPA Personal Information does not include: publicly available information from government records and de-identified or aggregated consumer information, information excluded from the CCPA’s scope (e.g., health or medical information covered by applicable laws such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA)); and information covered by certain sector-specific privacy laws (e.g., the California Financial Information Privacy Act (FIPA)).


  1. Does Fraud Deflect use cookies?
    Yes, we use data files such as cookies, pixel tags, “Flash cookies” or other local storage files provided by your browser or associated applications. We use these technologies for different purposes such as in order to recognize you as a user; customize our Site and Services, content, and advertising; measure promotional effectiveness; help ensure that your account security is not compromised; mitigate risk and prevent fraud; and to promote trust and safety across our Website and Services. These cookies also help us track how visitors use the Site and our Services.

  2. Will Fraud Deflect Share My Personal Data With Others?
    WE DO NOT SELL OR RENT ANY OF YOUR PERSONAL DATA TO NON-AFFILIATED THIRD PARTIES FOR THEIR MARKETING PURPOSES.

    4.1 Non-Personal Data, aggregate and statistical or otherwise anonymized data may be shared without limitation with third parties at our discretion. This information does not contain Personal Data and is used to improve fraud detection and prevention, account security, abuse and incident response and service integrity for our Merchants.

    4.2 We share Personal Data only under the following limited circumstances:

    4.2.1 With partners who are an integral part of our Services, such as the card network, processor, gateway or ISO with whom our Merchants process payment transactions.

    4.2.2 With trusted third parties who assist us in operating the Services and conducting our business.

    4.2.3 As necessary to provide the Services, based on our legitimate interest in preventing illegal and fraudulent actions.

    4.2.4 To comply with a legal requirement, for the administration of justice, to protect your vital interests or the vital interests of others, to protect the security or integrity of our databases or the Services, to take precautions against legal liability, or in the event of a corporate sale, merger, reorganization, dissolution or similar event.

    4.2.5 Other third parties with your consent or direction to do so.


  3. Will Fraud Deflect transfer my Personal Data internationally?
    Personal Data will be held on servers located in the U.S. and may be processed by our team in Brazil. Therefore, your Personal Data may be stored or processed in countries in which the privacy laws provide for a different level of protection for your Personal Data than that which exists in your country of residence. If you would like to receive more information about our practices and policies with respect to our use of service providers and the jurisdictions in which they are located, by the contact information provided below.


  4. Will I receive promotional materials from Fraud Deflect?
    If you (e.g., a website user) provided us with your consent, we may send information on new products, features, activities, services and periodic announcements or newsletters. You may opt-out any time from such communications by either: (i) using an “unsubscribe” feature available within the message; or (ii) sending us an email to: privacy@frauddeflect.com asking to opt-out.


  5. Persons under 16
    Our Website is a general audience Website, which is not directed to persons under 16 years old. If a parent or guardian becomes aware that his/her child has provided us with Personal Data without their consent, he/she should contact us immediately. We do not knowingly collect or solicit Personal Data from people under 16 years old. If we become aware that a person under 16 years old has provided us with Personal Data, we will delete such data from our databases.


  6. Users rights with respect to Personal Data
    Subject to applicable law requirements, we will provide individuals with the opportunity to exercise their rights regarding their Personal Data. Notwithstanding anything here to the contrary, Individuals looking to assert their rights with respect to their Personal Data should contact their respective Merchants.


  1. How does Fraud Deflect protect my data?
    Fraud Deflect implements measures to reduce the risks of loss of information and unauthorized access or use of information. We adopt appropriate and generally accepted data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your Personal Data, including locks, unique access codes and closed circuit TV protection of relevant data storage sites. However, these measures are unable to provide absolute information security. Therefore, although efforts are made to secure your personal information, it is not guaranteed and you cannot reasonably expect that the Service and its related databases will be immune from any wrongdoings, malfunctions, unauthorized interceptions or access, or other kinds of abuse and misuse.


  2. . Data Retention
    Unless you instruct us otherwise and subject to applicable laws, we retain the information we collect for as long as needed to provide the Services and to comply with our legal obligations, resolve disputes and enforce our agreements if applicable. Upon customer request, we delete or return personal data within sixty (60) days.


  3. . Applicable Laws
    The provisions included in this Privacy Policy relating to matters that may be regulated under the Canadian privacy laws or the CCPA and therefore will apply only to the processing of Personal Data (or Personal Information) which is subject to the Canadian privacy laws or the CCPA in accordance with the applicability provisions contained therein. Additionally, collection and processing of certain Personal Data by Fraud Deflect may be regulated under Federal laws or other applicable laws, in such case this data may be exempted from CCPA requirements.


  4. . Questions or concerns regarding privacy
    If you have any questions or concerns regarding privacy issues, please send us a detailed message to privacy@frauddeflect.com and we will make every effort to resolve your concerns without delay.
    Fraud Deflect may, at any time and from time to time, modify this Privacy Policy. Modifications to this Privacy Policy will be posted on the Website and shall be effective as of the date in which they are posted on the Website. If you require a copy of this Privacy Policy in a different format, such as a PDF or hard copy, please contact us at privacy@frauddeflect.com and we will take reasonable steps to comply with your request.


  5. . PRIVACY NOTICE FOR CALIFORNIA RESIDENTS UNDER THE CALIFORNIA CONSUMER PRIVACY ACT

    This section for California Residents under the California Consumer Privacy Act of 2018 (respectively, “Privacy Notice” and “CCPA”) supplements the information contained in our general Privacy Policy and applies solely to all visitors, users, and others who reside in the State of California (“consumers” or “you”), as defined under the CCPA. Any terms defined in the CCPA have the same meaning when used in this Privacy Policy. Further, this Privacy Notice is an integral part of our Privacy Policy and thus, definitions used herein but not defined herein shall have the meaning ascribed to them in our Privacy Policy.


    TYPES OF PERSONAL INFORMATION WE COLLECT

    Under the CCPA, “Personal Information” is defined as any information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household or device. The categories of Personal Information that we collect (and has collected within the last 12 months), are detailed in the table below. Please note that, under the CCPA Personal Information does not include: publicly available information from government records and de-identified or aggregated consumer information, information excluded from the CCPA’s scope (e.g., health or medical information covered by applicable laws such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA)); and information covered by certain sector-specific privacy laws (e.g., the California Financial Information Privacy Act (FIPA)).


  1. Does Fraud Deflect use cookies?
    Yes, we use data files such as cookies, pixel tags, “Flash cookies” or other local storage files provided by your browser or associated applications. We use these technologies for different purposes such as in order to recognize you as a user; customize our Site and Services, content, and advertising; measure promotional effectiveness; help ensure that your account security is not compromised; mitigate risk and prevent fraud; and to promote trust and safety across our Website and Services. These cookies also help us track how visitors use the Site and our Services.

  2. Will Fraud Deflect Share My Personal Data With Others?
    WE DO NOT SELL OR RENT ANY OF YOUR PERSONAL DATA TO NON-AFFILIATED THIRD PARTIES FOR THEIR MARKETING PURPOSES.

    4.1 Non-Personal Data, aggregate and statistical or otherwise anonymized data may be shared without limitation with third parties at our discretion. This information does not contain Personal Data and is used to improve fraud detection and prevention, account security, abuse and incident response and service integrity for our Merchants.

    4.2 We share Personal Data only under the following limited circumstances:

    4.2.1 With partners who are an integral part of our Services, such as the card network, processor, gateway or ISO with whom our Merchants process payment transactions.

    4.2.2 With trusted third parties who assist us in operating the Services and conducting our business.

    4.2.3 As necessary to provide the Services, based on our legitimate interest in preventing illegal and fraudulent actions.

    4.2.4 To comply with a legal requirement, for the administration of justice, to protect your vital interests or the vital interests of others, to protect the security or integrity of our databases or the Services, to take precautions against legal liability, or in the event of a corporate sale, merger, reorganization, dissolution or similar event.

    4.2.5 Other third parties with your consent or direction to do so.


  3. Will Fraud Deflect transfer my Personal Data internationally?
    Personal Data will be held on servers located in the U.S. and may be processed by our team in Brazil. Therefore, your Personal Data may be stored or processed in countries in which the privacy laws provide for a different level of protection for your Personal Data than that which exists in your country of residence. If you would like to receive more information about our practices and policies with respect to our use of service providers and the jurisdictions in which they are located, by the contact information provided below.


  4. Will I receive promotional materials from Fraud Deflect?
    If you (e.g., a website user) provided us with your consent, we may send information on new products, features, activities, services and periodic announcements or newsletters. You may opt-out any time from such communications by either: (i) using an “unsubscribe” feature available within the message; or (ii) sending us an email to: privacy@frauddeflect.com asking to opt-out.


  5. Persons under 16
    Our Website is a general audience Website, which is not directed to persons under 16 years old. If a parent or guardian becomes aware that his/her child has provided us with Personal Data without their consent, he/she should contact us immediately. We do not knowingly collect or solicit Personal Data from people under 16 years old. If we become aware that a person under 16 years old has provided us with Personal Data, we will delete such data from our databases.


  6. Users rights with respect to Personal Data
    Subject to applicable law requirements, we will provide individuals with the opportunity to exercise their rights regarding their Personal Data. Notwithstanding anything here to the contrary, Individuals looking to assert their rights with respect to their Personal Data should contact their respective Merchants.


  1. How does Fraud Deflect protect my data?
    Fraud Deflect implements measures to reduce the risks of loss of information and unauthorized access or use of information. We adopt appropriate and generally accepted data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your Personal Data, including locks, unique access codes and closed circuit TV protection of relevant data storage sites. However, these measures are unable to provide absolute information security. Therefore, although efforts are made to secure your personal information, it is not guaranteed and you cannot reasonably expect that the Service and its related databases will be immune from any wrongdoings, malfunctions, unauthorized interceptions or access, or other kinds of abuse and misuse.


  2. . Data Retention
    Unless you instruct us otherwise and subject to applicable laws, we retain the information we collect for as long as needed to provide the Services and to comply with our legal obligations, resolve disputes and enforce our agreements if applicable. Upon customer request, we delete or return personal data within sixty (60) days.


  3. . Applicable Laws
    The provisions included in this Privacy Policy relating to matters that may be regulated under the Canadian privacy laws or the CCPA and therefore will apply only to the processing of Personal Data (or Personal Information) which is subject to the Canadian privacy laws or the CCPA in accordance with the applicability provisions contained therein. Additionally, collection and processing of certain Personal Data by Fraud Deflect may be regulated under Federal laws or other applicable laws, in such case this data may be exempted from CCPA requirements.


  4. . Questions or concerns regarding privacy
    If you have any questions or concerns regarding privacy issues, please send us a detailed message to privacy@frauddeflect.com and we will make every effort to resolve your concerns without delay.
    Fraud Deflect may, at any time and from time to time, modify this Privacy Policy. Modifications to this Privacy Policy will be posted on the Website and shall be effective as of the date in which they are posted on the Website. If you require a copy of this Privacy Policy in a different format, such as a PDF or hard copy, please contact us at privacy@frauddeflect.com and we will take reasonable steps to comply with your request.


  5. . PRIVACY NOTICE FOR CALIFORNIA RESIDENTS UNDER THE CALIFORNIA CONSUMER PRIVACY ACT

    This section for California Residents under the California Consumer Privacy Act of 2018 (respectively, “Privacy Notice” and “CCPA”) supplements the information contained in our general Privacy Policy and applies solely to all visitors, users, and others who reside in the State of California (“consumers” or “you”), as defined under the CCPA. Any terms defined in the CCPA have the same meaning when used in this Privacy Policy. Further, this Privacy Notice is an integral part of our Privacy Policy and thus, definitions used herein but not defined herein shall have the meaning ascribed to them in our Privacy Policy.


    TYPES OF PERSONAL INFORMATION WE COLLECT

    Under the CCPA, “Personal Information” is defined as any information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household or device. The categories of Personal Information that we collect (and has collected within the last 12 months), are detailed in the table below. Please note that, under the CCPA Personal Information does not include: publicly available information from government records and de-identified or aggregated consumer information, information excluded from the CCPA’s scope (e.g., health or medical information covered by applicable laws such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA)); and information covered by certain sector-specific privacy laws (e.g., the California Financial Information Privacy Act (FIPA)).

Category

Examples

Collected

A. Identifiers.

A real name, billing address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers.

Yes

B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

A name, signature, telephone number, bank account number, credit card number, debit card number, or any other financial information. Some personal information included in this category may overlap with other categories.

Yes

C. Protected classification characteristics under California or federal law.

Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

No

D. Commercial information.

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

No

E. Biometric information.

Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.

No

F. Internet or other similar network activity.

Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.

Yes

G. Geolocation data.

Physical location or movements.

Yes

H. Sensory data.

Audio, electronic, visual, thermal, olfactory, or similar information.

No

I. Professional or employment-related information.

Current or past job history or performance evaluations.

No

J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).

Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.

No

K. Inferences drawn from other personal information.

Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

No

HOW WE COLLECT INFORMATION

Depending on the nature of your interaction with us, we may collect the above detailed information from you, as follows: (i) directly from you, for example, when you integrate into Fraud Deflect’s platform; (ii) automatically when you visit our Website; (iii) from third-party business partners such as card networks, processors, gateways or ISOs with whom our Merchants process payment transactions.


USE OF PERSONAL INFORMATION

We may use, or disclose the Personal Information we collect for one or more of the following business purposes:
● To fulfill or meet the reason you provided the information. For example, if you contact us with an inquiry and share your name and contact information, we will use that Personal Information to respond to your inquiry.
● To provide, support, personalize, and develop our Website and Services, as well as improve our Website and Services.
● To provide, maintain and improve fraud detection and prevention, account security, abuse and incident response, and service integrity.
● For testing, research, analysis, and product development, including to develop and improve our Website and Services.
● To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
● As described to you when collecting your Personal Information or as otherwise set forth in the CCPA.

We will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

SHARING AND SELLING DATA

We may disclose your Personal Information to a third party for a business purpose. When we disclose Personal Information for a business purpose, we enter a contract that describes the purpose and requires the recipient to
both keep that Personal Information confidential and not use it for any purpose except performing the contract. We share your Personal Information with the following categories of third parties:


  1. We share your Personal Information with our service providers (such as AWS our cloud storage services and our customer support call center service provider)

  2. We share your Personal Information data aggregators (such as Google Analytics)

  3. We share your Personal Information to our business partners (such as processors, gateways or ISOs with whom our Merchants process payment transactions).


DISCLOSURES OF PERSONAL INFORMATION FOR A BUSINESS PURPOSE OR FOR SELLING PURPOSES

In the preceding twelve (12) months, the Company has disclosed the following categories of Personal Information for a business purpose: Category A: Identifiers. Category B: Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). Category D: Commercial information: Commercial Information Category F: Internet or other similar network activity. Category G: Geolocation data.


SALES OF PERSONAL INFORMATION

In the preceding twelve (12) months, Company has not sold Personal Information.


YOUR RIGHTS REGARDING YOUR PERSONAL INFORMATION

The CCPA provides consumers with specific rights regarding their Personal Information.


You may exercise any or all of your above rights in relation to your Personal Information by filling out the DSR Form and send it to our privacy team at: privacy@frauddeflect.com.


DATA SUBJECT REQUEST FORM (“DSR”)

Last Updated: October 2025


Fraud Deflect, Inc., and its relevant affiliated companies involved in the processing of personal data (and personal information as defined under CCPA) (“Company”) values the privacy rights of its users, customers, consumers, users, and others. As required by the EU General Data Protection Regulation (“GDPR”) and by the California Consumer Privacy Act of 2018 ("CCPA") (collectively “Data Protection Law”). European Union residents and California residents, respectively, are permitted to make certain requests regarding our processing of personal data. In order to submit a data subject request pursuant to the Data Protection Law, please complete this form. Upon receipt of your completed request, we will process it and respond within the timelines required under applicable Data Protection Law. If additional information is necessary, we will contact you using the contact information you provided in this form. Information provided in connection with this request will be processed only for the purpose of processing and responding to your request and will be deleted immediately thereafter. For more information please review our Privacy Policy and User Rights Policy.


For the purpose of this form Personal Data shall include Personal Information.


Any DSRs submitted to us shall be processed by us in our capacity as a “Data Controller”. Please note that if you are an individual user of the Fraud Deflect solution (i.e. a Consumer as defined in the Privacy Policy) the “Data Controller” is the Merchant you purchased the product from. If we receive a DSR by a Consumer, we will notify the Merchant and will refer the Consumer to the relevant Merchant. We will act in accordance with the Merchant’s instructions in relation to Consumer requests.


Full Name:___________________________________________________________________________________________________________________________

Address (including ZIP): _____________________________________________________________________________________________________________

Email Address: ______________________________________________________________________________________________________________________

Phone _______________________________________________________________________________________________________________________________

Number:_____________________________________________________________________________________________________________________________


Please check the applicable box:

▢ I would like to receive information of why and how you are processing my information.

▢ I would like to receive a copy of the personal data you process on me.*

▢ I would like you to delete the personal data you hold on me.

▢ I would like you to stop processing my personal data.

▢ I would like to receive a copy of my data and transfer it to a third party.*

▢ I would like you to stop sending me direct marketing.

▢ I want to withdraw my consent for processing my personal data (applicable under the

GDPR).

▢ I would like to object to the processing of my personal data (applicable under the GDPR).

▢ I believe the data you hold on me is incorrect and I would like to correct it (applicable

under the GDPR).

▢ Other.


Substantiate the request- please provide additional information about your request:

____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________

______________________________________________________________________________________________________________________________________

______________________________________________________________________________________________________________________________________


What is your relationship with us (e.g. Consumer (user of the Fraud Deflect solution), Fraud Deflect website visitor, business contact, etc.):

______________________________________________________________________________________________________________________________________

______________________________________________________________________________________________________________________________________

______________________________________________________________________________________________________________________________________

______________________________________________________________________________________________________________________________________


Verification of Identity

In order to keep the privacy of individuals safe we need to make sure you are indeed who you say you are, for this reason we need to verify your identity.


Please provide us with a photo ID document (e.g., driver license, passport).


For users exercising their rights under the CCPA

Please provide proof of address so we can confirm you are a California resident (upload one of the following: utility bill, bank statement, driving license, or tax document)

Thank you for filling in the form, we will process the request by the time specified in the Data Protection Law, we reserve the right to extend the aforementioned period by the time specified in the Data Protection Law if the request is complex or numerous or we require additional information.

The processing of the request is free of charge; however, we may want to reserve the right to charge a reasonable fee to cover certain administrative costs (such as providing additional copies of the data) or for handling manifestly unfounded or excessive requests

*Under the CCPA your rights only apply to the Personal Information (as defined therein) collected 12 months prior to the request and you are not entitled to submit more than 2 requests in a 12 months period.


By submitting this question or request, I am confirming that: (i) the information I have provided is true and accurate; (2) I understand the information will be handled by the Company in accordance with its privacy policy; and (3) the Company may contact me to verify my identity and to process this request.


***Note: To submit please print and email this form and supporting documentation to: privacy@frauddeflect.com.***


CONTACT US

If you have any questions about this Privacy Policy, you may contact us as follows: By sending us an email at: privacy@frauddeflect.com.