PRIVACY POLICY

Effective Date: March 7, 2025

Version: 2.1

1. INTRODUCTION AND SCOPE

Finrecovra (“we,” “us,” or “our”) provides industry-leading online fraud prevention, identity verification, and risk management services. We understand that our mission to protect the digital economy relies on the highest standards of data integrity and transparency.

This Privacy Notice explains how we collect, use, and protect information when:

• You visit our website (Finrecovra.com).
• You use our platform as a business client.
• Our technology processes data on behalf of our clients to detect and prevent fraudulent transactions.

2. OUR ROLES IN DATA PROCESSING

Finrecovra operates in two distinct capacities under global privacy laws:

• As a Data Controller: We are responsible for the data of our website visitors, marketing leads, and the “Global Threat Intelligence” data we collect to identify cross-platform fraud patterns.
• As a Data Processor: When our clients (merchants/businesses) use our API to scan their customers’ transactions, we process that data strictly according to the Data Processing Agreement (DPA) with that client. In these instances, our client is the Data Controller.

3. INFORMATION WE COLLECT

A. Information You Provide to Us

• Account & Contact Data: Name, business email, job title, company name, and phone number when you request a demo or register for an account.
• Payment Data: For billing our clients, we collect billing addresses and payment details (processed securely via PCI-DSS compliant third-party providers).

B. Technical Data & Fraud Intelligence (The “Fraud Signal”)

To distinguish legitimate users from bots or fraudsters, we collect:

• Device Identifiers: Browser type/version, operating system, hardware specifications (CPU, RAM), screen resolution, and device fingerprints.
• Network & Connection Data: IP address, ISP information, Precise Geolocation (City/Region level), and proxy/VPN/Tor/Datacenter detection.
• Digital Footprinting: Analysis of whether an email address or phone number is associated with established social media profiles or has appeared in historical data breaches.

C. Behavioral Biometrics

Our scripts monitor non-identifiable user interactions, such as:

• Mouse movements and scroll depth.
• Keystroke rhythm and touch pressure (on mobile devices).
• Purpose: This data is used solely to detect automated “bot” scripts and “human farm” fraud activity.

4. COOKIES, LOCAL STORAGE, AND TRACKING

We use “Tracking Technologies” (Cookies, Local Storage, and Pixels) to secure sessions and analyze risk.

A. Essential Security Technologies

These are “Strictly Necessary” and are used to identify a returning device or detect session hijacking.

• Persistent Identifiers: We may store an encrypted ID in your browser’s Local Storage or IndexedDB. Unlike standard cookies, these are harder for fraudsters to clear, ensuring higher security.
• Flash/Silverlight Cookies: In certain legacy environments, we use these to maintain device identification.

B. Categorization of Cookies

Category	Purpose	Legal Basis
Strictly Necessary	Used for security, bot detection, and load balancing.	Legitimate Interest
Functional	Remembers your login state and dashboard preferences.	Contractual Necessity
Analytics	Helps us improve website performance (e.g., Google Analytics).	Consent

5. HOW WE USE YOUR INFORMATION

We process data under the following legal bases:

1. Legitimate Interest: Preventing financial crime, protecting against Account Takeovers (ATO), and ensuring the security of our clients’ digital infrastructure.
2. Contractual Necessity: Providing the risk-scoring services requested by our clients.
3. Legal Obligation: Complying with Anti-Money Laundering (AML) and “Know Your Customer” (KYC) regulations.

6. DATA SHARING AND DISCLOSURE

Finrecovra does not sell personal data for money. We share data only with:

• The Requesting Client: We provide the risk score and analysis back to the merchant whose site you visited.
• Sub-Processors: Infrastructure providers (e.g., AWS, Google Cloud) who are contractually bound to high security standards.
• Law Enforcement: Only when presented with a valid subpoena or court order relating to a criminal investigation.

7. GLOBAL DATA TRANSFERS (GDPR/UK GDPR)

Finrecovra is a global service. Data may be transferred to and processed in countries outside the EEA/UK. In such cases, we ensure data is protected via:

• Standard Contractual Clauses (SCCs): Approved by the European Commission.
• Data Transfer Impact Assessments (DTIAs): To ensure the destination country provides an equivalent level of protection.

8. US PRIVACY RIGHTS (CCPA/CPRA/VCDPA)

Under US state laws, residents have specific rights:

• Right to Know/Access: You may request the categories and specific pieces of data we have collected.
• Right to Delete: You may request deletion of your data (subject to legal exceptions for fraud prevention data).
• Right to Opt-Out of “Sharing”: You may opt-out of the sharing of data for cross-contextual behavioral advertising.
• Notice at Collection: We collect IP addresses, device IDs, and email addresses for the business purpose of “Security and Fraud Detection.”

9. DATA RETENTION

We retain data only as long as necessary:

• Account Data: For the duration of the client relationship plus 7 years for tax/legal purposes.
• Transactional/Fraud Data: Typically retained for 12 to 24 months to identify long-term fraud patterns and “chargeback” cycles, after which it is deleted or anonymized.

10. AUTOMATED DECISION-MAKING

Finrecovra provides a “Risk Score.” While this process is automated, the final decision (e.g., to cancel an order) rests with our clients. Individuals who believe they have been wrongly flagged have the right to request a manual review from the merchant.

11. YOUR RIGHTS AND CONTACT

To exercise your rights (Access, Correction, Deletion, or Objection), please contact our Data Protection Officer:

Email: privacy@finrecovra.com

AAddress: Rene ct coldham’s road cambridge United Kingdom

Contact: +44 744 191 2279