Privacy Policy

Last updated: 6 April 2026

FraudDecoder (“we”, “us”, “our”) is a fraud detection service operated from Singapore. This policy explains what data we collect, why, and how we protect it. We comply with the Singapore Personal Data Protection Act (PDPA), the EU General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA) where applicable.

1. Data We Collect

Account Data

When you create an account, we collect your name, email address, and OAuth profile information. This is used to authenticate you and manage your account.

Waitlist Data

If you join our waitlist, we collect your email address. This is used solely to notify you when access is available.

User-Submitted Content

When you use FraudDecoder, you may submit suspicious emails, screenshots, email headers, and business context for analysis. This content is processed by our AI pipeline and stored as part of your case history.

Analysis Outputs

Our service generates risk scores, verdicts, red flags, recommended actions, and PDF reports. These are stored securely and accessible only to you and your team.

Usage and Analytics Data

We collect anonymized product analytics (pages visited, features used, device type) to improve the product. We do not use third-party advertising trackers.

Billing Data

Payments are processed by a PCI-compliant third-party payment processor. We do not store credit card numbers.

2. How We Use AI

FraudDecoder uses large language models (LLMs) to analyze suspicious communications. When you submit content for analysis, it is processed by our AI infrastructure.

• •We do not use your data to train or fine-tune any AI model. We may use anonymized patterns from analysis results to improve our detection prompts and accuracy.
• •Your submitted content is processed in real time and not retained by our AI providers beyond the analysis session.
• •We may conduct human review of analysis results for quality assurance, but never share your data externally.

3. Third-Party Services

We use trusted third-party service providers to operate FraudDecoder, including for authentication, cloud hosting, data storage, AI inference, payment processing, and analytics. Each provider processes data under their own privacy policies and data processing agreements.

We do not sell your personal data to any third party. We do not share data for cross-context behavioral advertising.

4. Data Retention

We retain your data only for as long as necessary to provide the service and fulfil the purposes described in this policy. When data is no longer needed, it is deleted or anonymized. You may request deletion of your data at any time by contacting us.

5. International Data Transfers

Your data may be processed in the United States, European Union, or other regions where our service providers operate. We ensure appropriate safeguards are in place, including Standard Contractual Clauses (for GDPR) and PDPA-compliant transfer mechanisms.

6. Security

We implement appropriate technical and organisational measures to protect your data, including encryption in transit and at rest, access controls, and authentication. No system is 100% secure, but we are committed to protecting your information. In the event of a confirmed data breach, we will notify affected users and relevant authorities within 72 hours, as required by applicable law.

7. Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal data:

Singapore (PDPA)

Access, correction, and withdrawal of consent. You may contact our Data Protection Officer to exercise these rights.

European Union (GDPR)

Access, rectification, erasure, data portability, restriction of processing, and the right to object. You may also lodge a complaint with your local supervisory authority.

California (CCPA)

Right to know what data is collected, right to delete, and right to opt out of the sale of personal data. We confirm that we do not sell personal data. We do not discriminate against users who exercise their privacy rights.

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

8. Cookies

We use essential cookies for authentication and analytics cookies for product improvement. We do not use third-party advertising cookies. You can manage cookie preferences in your browser settings.

9. Children’s Privacy

FraudDecoder is a business tool and is not directed at individuals under 18. We do not knowingly collect personal data from children.

10. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via email or an in-app notification. The “last updated” date at the top of this page will always reflect the most recent version.

11. Contact Us

If you have questions about this privacy policy or wish to exercise your data rights, contact our Data Protection Officer:

Email: [email protected]

This policy is governed by the laws of Singapore. If you are unsatisfied with our response, you may file a complaint with the Personal Data Protection Commission (PDPC) of Singapore.