Legal

Privacy Policy

Last updated: April 12, 2026 · Effective: April 12, 2026
Questions? support@getfraudsense.com

Summary: FraudSense collects device intelligence signals to detect fraud on behalf of our clients. We do not sell data. We do not share data with third parties except as required to operate the service. Enterprise clients can request on-premise or sovereign cloud deployment where no data leaves their jurisdiction.

1. Who we are

FraudSense is a device intelligence and fraud prevention platform operated by FraudSense ("we", "us", "our"). Our API and SDK are used by banks, fintechs, and digital payment platforms to detect fraudulent activity on mobile applications.

Contact: support@getfraudsense.com · getfraudsense.com

2. What data we collect

We collect two categories of data:

A. Client account data — information you provide when creating a FraudSense account:

Company name and email address
Password (stored as a bcrypt hash — never in plain text)
Billing information (processed by Stripe — we never store card numbers)

B. Device intelligence data — signals collected by the FraudSense SDK running inside your client's mobile application:

Device fingerprint (SHA-256 hash — cannot be reversed to identify a person)
Device model, OS version, and environment signals
Network type and IP address (for IP intelligence)
GPS coordinates (only if your application requests location permission)
Behavioral signals (touch patterns, typing speed, session duration)
Battery and sensor readings

We do not collect names, national ID numbers, passport numbers, financial account numbers, or any other personally identifiable information directly.

3. How we use data

To calculate real-time fraud risk scores for your application's transactions
To maintain device history and risk trend analysis per device
To detect and prevent replay attacks and session abuse
To provide usage statistics and billing information in your dashboard
To send transactional emails (account verification, API key delivery)

We do not use your data for advertising. We do not build profiles on end users. We do not sell data to any third party.

4. Data sharing

We share data only with the following categories of service providers, strictly to operate the FraudSense platform:

Railway — cloud hosting and database infrastructure
Resend — transactional email delivery
Stripe — payment processing (subject to Stripe's own privacy policy)
ip-api.com — IP geolocation lookups (IP address only, no other data shared)

We do not share data with any other third parties. We do not sell data. We do not share data with government authorities except where required by applicable law.

5. Data residency

By default, FraudSense processes and stores data on infrastructure located in the United States and European Union (Railway/AWS).

For clients with data residency requirements, we offer:

UAE Sovereign Cloud — deployment on AWS Middle East (UAE) or Azure UAE North. All data stays within UAE jurisdiction.
Saudi Cloud — deployment on AWS Riyadh region.
On-Premise — FraudSense deployed entirely within your own infrastructure. No data leaves your network.

Contact support@getfraudsense.com to discuss data residency options.

6. Data retention

Device session data is retained for 12 months from the date of the session
Account data is retained for the lifetime of your account plus 90 days after deletion
Usage logs are retained for 24 months for billing and audit purposes
You may request deletion of your data at any time by contacting us

7. Security

We implement industry-standard security measures including:

TLS 1.3 encryption for all data in transit
AES-256 encryption for data at rest
bcrypt password hashing with cost factor 12
API key authentication with rate limiting
JWT tokens with 7-day expiry
Replay attack detection on all API calls

See our Security page for full details.

8. Your rights

Depending on your jurisdiction, you may have the right to:

Access the personal data we hold about you
Request correction of inaccurate data
Request deletion of your data
Request a copy of your data in a portable format
Object to certain types of processing

To exercise any of these rights, contact support@getfraudsense.com. We will respond within 30 days.

9. Cookies

The FraudSense developer portal does not use tracking cookies. We use localStorage to store your authentication token on your browser. This token is removed when you log out.

10. Compliance

UAE Personal Data Protection Law (PDPL) — aligned
Saudi Arabia Personal Data Protection Law (PDPL) — aligned
EU General Data Protection Regulation (GDPR) — aligned
SAMA Cybersecurity Framework — aligned (upon request)
CBUAE guidance on outsourcing and cloud — aligned (upon request)

11. Changes to this policy

We may update this policy from time to time. We will notify registered clients by email of any material changes. Continued use of the service after changes constitutes acceptance of the updated policy.

12. Contact

For privacy-related inquiries: support@getfraudsense.com