Personal Data Processing Policy
This document serves a dual purpose: it is Frauddi's Personal Data Processing Policy under Law 1581 of 2012 (Colombia) and it serves as a Privacy Notice under the LFPDPPP (Mexico), since data subjects come from both countries.
1. Introduction and identity of the controller
The data controller is Frauddi S.A.S., a Colombian company identified with tax ID (NIT) 901.838.992-7, with its registered office in Bogotá D.C., Colombia. Contact: support@frauddi.com. Frauddi operates an anti-fraud platform for businesses (mainly fintechs and payment companies) that delivers risk scores and recommendations.
2. Scope
This policy applies to the processing of personal data carried out by Frauddi in connection with its website, its commercial funnel and its platform. We distinguish two roles, described below, because obligations and purposes differ by role.
3. Dual role: Processor and Controller
Frauddi acts as PROCESSOR when it processes end-consumer personal data on behalf of its fintech customers (for example, when evaluating transactions). In that case, the customer is the controller and defines the purposes; Frauddi processes the data according to the customer's instructions and a Data Processing Agreement (DPA) signed separately. The details of that processing are governed by the DPA, not by this policy.
Frauddi acts as CONTROLLER with respect to the data it collects directly: website visitors, demo-form leads, dashboard users and its employees. For that data, Frauddi defines the purposes described in this policy.
4. Data we process
As Controller, we process the following categories of data:
| Data subject | Data |
|---|---|
| Website visitors | Browsing and analytics data and technical data such as the IP address (see the Cookies section). |
| Demo-form leads | Name, corporate email, company, role/title (optional) and any message you choose to send us (optional). |
| Dashboard users | Identification and account data needed for access, support and billing. |
| Employees and candidates | Employment and contact data, processed under the corresponding relationship. |
As Processor, we process the end-consumer data each customer transmits to us for providing the anti-fraud service (for example, transaction identifiers, device signals, behavior and payment-method hashes). Frauddi never stores the card number (PAN), only hashes.
5. Purposes, by role
As Controller:
- Operate and improve the site and measure its usage (visitors).
- Contact you, schedule the demo and follow up commercially (leads). For marketing communications, this purpose requires your consent.
- Provide the service, authentication, support and billing (dashboard users).
- Manage the employment or recruitment relationship (employees and candidates).
As Processor (on behalf of the customer and under the DPA): process the data to provide the anti-fraud service (scores, recommendations, rules, lists, graphs) and, additionally, generate aggregated, anonymized or de-identified data and use it to improve and train Frauddi's fraud-detection models and collaborative anti-fraud intelligence network. Once anonymized, this data ceases to constitute personal data.
6. Data subject authorization
By providing us your data (for example, by completing the demo form) or by using the service, you authorize its processing in accordance with this policy. Where required by law, we will obtain your prior, express and informed consent, particularly for marketing purposes.
7. Your rights (ARCO rights)
As a data subject you have the right to access your data, rectify it, cancel/erase it and object to its processing (ARCO rights), as well as to know, update and revoke the authorization. To exercise them, write to support@frauddi.com.
Response times (Colombia): inquiries are handled within a maximum of ten (10) business days and complaints within a maximum of fifteen (15) business days, extendable as provided by law. When we act as Processor, we will channel your request to the relevant controller customer.
8. Revoking consent and limiting use
You may revoke your consent at any time and request to limit the use or disclosure of your data (for example, to stop receiving marketing communications), by writing to support@frauddi.com or using the unsubscribe link in our communications. Revocation has no retroactive effect and does not apply where processing is necessary to comply with a legal or contractual obligation.
9. Security measures
We apply technical and organizational measures to protect data: infrastructure on AWS, AES-256 encryption at rest and TLS 1.3 in transit, role-based access control and audit logs. (Frauddi never stores the card number (PAN), only hashes.)
10. Transfers, transmissions and sub-processors
To provide the service we rely on providers that may process data on our behalf (transmissions), including:
- Amazon Web Services (AWS) — infrastructure and storage.
- Auth0 (Okta) — dashboard user authentication.
- Web3Forms — processing of demo-form submissions.
- Google — site analytics (Google Analytics) and web fonts.
- AI providers — for service capabilities (agentic layer).
Since part of the infrastructure is located outside Colombia and Mexico, some data may be processed or stored abroad. In those cases we adopt the safeguards required by applicable law.
11. National Database Registry (RNBD)
Where applicable under Colombian regulations, Frauddi will register its databases in the National Database Registry (RNBD) administered by the Superintendence of Industry and Commerce (SIC).
12. Cookies and tracking technologies
Our site uses Google Analytics, which sets cookies (for example _ga and _gid) to measure, in aggregate, how the site is used. These cookies are non-essential: they load only if you accept them in the consent banner shown on arrival. You may reject them, in which case Google Analytics will not load. We also use Google Fonts for typography (no tracking cookies). The demo form is processed through Web3Forms.
13. Data retention
We retain data only for as long as necessary for the purposes described or as required by law. In particular, lead data is retained until the commercial opportunity closes or, failing that, until 24 months of inactivity, after which it is deleted or anonymized.
14. Term and changes
This policy is effective as of its publication date. We may update it; we will reflect changes with a new "Last updated" date and version, and publish the current version on this page. If the changes are material, we will make a reasonable effort to communicate them.
15. Legal framework
This policy is based, among others, on the following Colombian rules: Political Constitution (Art. 15), Law 1266 of 2008, Law 1273 of 2009, Law 1581 of 2012, Decrees 1377 of 2013, 886 of 2014 and 1074 of 2015, and the SIC's Single Circular. For data subjects in Mexico, the LFPDPPP also applies.
16. Dual function and authorities
This document serves as a Data Processing Policy for data subjects in Colombia and as a Privacy Notice for data subjects in Mexico. The supervisory authority in Colombia is the Superintendence of Industry and Commerce (SIC). In Mexico, following the dissolution of INAI in 2025, the related functions would correspond to the Secretaría Anticorrupción y Buen Gobierno (Ministry of Anti-Corruption and Good Governance).
17. Contact
For any data protection matter, or to exercise your rights, contact us at support@frauddi.com.