PRIVACY POLICY

Last Updated: December 29, 2024

Your privacy is very important to us. This policy outlines how we collect, use, disclose, manage and safeguard data when you use our services, browse our website, or interact with our API.

What personal data we collect and why:

1. Information from Website Users

   When you register for or use our website, we collect:

   • Company name
   • Website address
   • Business email
   • Business phone number
   • IP address
   • Browser information
   • Access timestamps

2. Incident Report Data

   Through our API, we collect:

   • Encrypted observables (email addresses, phone numbers, IP addresses, digital device fingerprints)
   • Location information (country, state/province, city, postal code)
   • Incident details (description, date, time, category)
   • Supporting documentation references

All observables are encrypted using SHA256 before storage. We never store this data in plain text.

How we use the data we collect:

We only collect data necessary to:

• Maintain our community-powered risk database
• Enable API access for fraud prevention
• Process and respond to queries
• Generate risk alerts
• Support our legitimate business interests
• Comply with legal obligations

How we may share your data:

We do not sell, rent, or disclose collected data except in the following circumstances:

1. API Partners

   • Verified partners accessing our database through secure API integration
   • Partners must comply with our security requirements and data protection standards

2. Service Providers

   • Cloud infrastructure providers
   • Security service providers
   • Technical support providers

   All providers are contractually obligated to protect information according to our privacy standards.

3. Legal Requirements

   We will disclose data when:

   • Required by law
   • Responding to legal process
   • Complying with court orders
   • Protecting our legal rights
   • Preventing harm or illegal activities

How we secure your data:

We implement comprehensive security measures including:

• SHA256 encryption for all observables
• Secure AWS infrastructure in US-East-1 region
• Industry-standard security protocols
• Access controls and monitoring
• Regular security audits

Where we store your data:

All data is stored on Amazon Web Services (AWS) servers located in the United States (US-East-1 region).

How long we retain your data:

We retain data for as long as necessary to:

• Fulfill our services
• Comply with legal obligations
• Support legitimate business needs
• Meet contractual requirements

Your rights:

You have the right to:

• Know if your information is in our database
• Request access to your data
• Request corrections to inaccurate data
• Submit removal requests
• File complaints about data processing

To exercise these rights, contact privacy@screening.exchange. We will respond within 30 days.

Children's Privacy:

Our services are not directed to individuals under 18. We do not knowingly collect or maintain information about minors.

Changes to this Policy:

We may update this policy periodically. Material changes will be communicated through:

• Email notifications
• Website notices
• API status updates

Contact Information:

• Privacy matters: privacy@screening.exchange
• Security issues: security@screening.exchange
• General support: support@screening.exchange

Response times:

• Security issues: 24 hours
• Privacy matters: 48 hours
• General support: 72 business hours