Last Updated: October 1, 2025

1. Introduction

Welcome to BadActors ("we," "our," or "us"). We operate badactors.io and provide fraud prevention services to e-commerce merchants. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our services.

By using our services, you agree to the collection and use of information in accordance with this policy.

2. Definitions

Merchant: E-commerce business owners who use our fraud prevention service.

Customer: End consumers who make purchases from Merchants.

Fraud Report: Information submitted by Merchants documenting suspected fraudulent activity by Customers.

Services: Our fraud prevention platform, including order scanning, fraud database, and merchant tools.

3. Information We Collect

3.1 Information from Merchants

When you register as a Merchant, we collect:

Business information (business name, address, tax ID)
Contact information (name, email address, phone number)
Account credentials (email and encrypted password)
E-commerce platform integration data (API credentials, store URL)
Payment information (processed by our third-party payment processor)
Order data necessary for fraud screening
Fraud Reports submitted by you

3.2 Information from Merchant Customers

We receive limited Customer information solely for fraud prevention purposes, including:

Order identification numbers
Transaction details (date, amount, items purchased)
Customer identifiers (email address, billing/shipping address, phone number)
Delivery confirmation data
Chargeback and return information

Important: We do NOT receive or store full payment card information (credit card numbers, CVV, etc.). Payment processing is handled by Merchants' existing payment processors.

3.3 Automatically Collected Information

When you visit our website or use our Services, we automatically collect:

IP address
Browser type and version
Device information
Pages visited and time spent
Referring website
Cookies and similar tracking technologies

4. How We Use Information

4.1 Merchant Information

We use Merchant information to:

Provide and maintain our fraud prevention Services
Process payments and manage subscriptions
Communicate about your account and service updates
Provide customer support
Improve our Services
Comply with legal obligations
Detect and prevent fraud against our platform

4.2 Customer Information

We use Customer information ONLY to:

Screen orders against our fraud database
Generate fraud alerts for Merchants
Maintain fraud prevention records
Aggregate anonymous statistics about fraud trends

We do NOT:

Sell Customer information to third parties
Share Customer information with other Merchants beyond what they already possess from their own customer transactions
Use Customer information for marketing purposes
Share identifiable Customer data publicly

4.3 Fraud Reports

When a Merchant submits a Fraud Report:

The report is added to our fraud database
The Customer information in the report is flagged for fraud screening
Other Merchants receive alerts ONLY when that Customer places an order on their own store
Merchants only see information about their own customers and fraud alerts, not other Merchants' customer data

5. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), our legal basis for collecting and using information depends on the data and context:

Contract Performance: Processing necessary to provide Services you requested
Legitimate Interests: Fraud prevention, improving Services, security
Consent: Where you have given clear consent for specific purposes
Legal Obligation: Compliance with laws and regulations

6. Information Sharing and Disclosure

6.1 We Do NOT Share Customer Data With Other Merchants

Critical Limitation: We do NOT share Customer purchase history, contact information, or transaction details from one Merchant with other Merchants. Each Merchant only has access to information about their own customers and receives fraud alerts when a flagged Customer places an order with them.

6.2 Service Providers

We share information with third-party service providers who assist us:

Cloud hosting providers
Payment processors
Email service providers
Analytics providers
Customer support tools

These providers are contractually obligated to protect your information and use it only for specified purposes.

6.3 Legal Requirements

We may disclose information if required to:

Comply with legal obligations (subpoenas, court orders)
Protect our rights and property
Investigate fraud or security issues
Protect personal safety

6.4 Business Transfers

If we are involved in a merger, acquisition, or asset sale, your information may be transferred. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

7. Data Retention

Merchant Accounts: We retain Merchant account information while your account is active and for a reasonable period after closure for legal and operational purposes.

Fraud Reports: We retain Fraud Reports for 2 years or as required by law to maintain the integrity of our fraud database.

Customer Information: We retain Customer information in fraud reports for the duration necessary to provide fraud prevention services, typically 2 years from the date of the last reported incident.

Anonymized Data: We may retain anonymized, aggregated data indefinitely for analytical purposes.

8. Data Security

We implement appropriate technical and organizational measures to protect your information:

Encryption in transit (TLS/SSL)
Encryption at rest for sensitive data
Regular security assessments
Access controls and authentication
Employee confidentiality agreements
Secure data centers

However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

9. Your Rights and Choices

9.1 Merchant Rights

You have the right to:

Access your account information
Correct inaccurate information
Delete your account (subject to legal retention requirements)
Opt out of marketing communications
Object to certain data processing

9.2 Customer Rights

If you are a Customer whose information appears in a Fraud Report, you have rights under applicable privacy laws:

Access: Request confirmation of whether we process your information
Correction: Request correction of inaccurate information
Deletion: Request deletion under certain circumstances
Objection: Object to processing based on legitimate interests
Portability: Receive your information in a portable format

To exercise these rights: Contact us at fraud-review@badactors.io. We will verify your identity and respond within the timeframe required by law.

Important: If your information is in a Fraud Report, deletion may be limited if:

The Merchant has a legitimate interest in maintaining the record
We have a legal obligation to retain the information
The information is necessary for fraud prevention

9.3 Do Not Sell My Personal Information (CCPA)

We do NOT sell personal information as defined by the California Consumer Privacy Act (CCPA).

10. Cookies and Tracking Technologies

We use cookies and similar technologies to:

Maintain your login session
Remember your preferences
Analyze site usage
Improve our Services

You can control cookies through your browser settings. Disabling cookies may limit functionality.

Cookie Types:

Essential Cookies: Necessary for site operation
Functional Cookies: Remember your preferences
Analytics Cookies: Understand how you use our site
Marketing Cookies: Deliver relevant advertisements (if applicable)

11. Third-Party Links

Our Services may contain links to third-party websites. We are not responsible for the privacy practices of these sites. We encourage you to read their privacy policies.

12. Children's Privacy

Our Services are not intended for individuals under 18. We do not knowingly collect information from children. If we discover we have collected information from a child, we will delete it promptly.

13. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including:

Standard Contractual Clauses (EU)
Adequacy decisions
Other approved mechanisms

14. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of material changes by:

Posting the new policy on this page
Updating the "Last Updated" date
Sending email notification for significant changes

Continued use of our Services after changes constitutes acceptance.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy:

Email: info@badactors.io

Data Protection Officer (if applicable): [DPO contact information]

16. Jurisdiction-Specific Rights

16.1 European Economic Area (EEA) and UK

If you are in the EEA or UK, you have additional rights under GDPR:

Right to lodge a complaint with a supervisory authority
Right to withdraw consent at any time
Right to data portability
Right to restrict processing

EU Representative: [If required, provide EU representative contact]

16.2 California Residents (CCPA/CPRA)

California residents have specific rights including:

Right to know what personal information is collected
Right to know if personal information is sold or shared
Right to opt out of sale/sharing
Right to correct inaccurate information
Right to limit use of sensitive personal information
Right to non-discrimination

Contact for California requests: [California-specific contact]

16.3 Other Jurisdictions

We comply with applicable privacy laws in all jurisdictions where we operate. Contact us for jurisdiction-specific information.

---

Consent Acknowledgment

By using our Services, you acknowledge that you have read, understood, and agree to this Privacy Policy.