Privacy Policy
At Defleckt, your privacy and the security of your merchant data are our highest priorities. This comprehensive policy outlines our rigorous standards for data collection, processing, and protection.
1. Information We Collect
In the course of providing our revenue protection services, Defleckt collects several categories of data from our merchants and their transaction flows. This information is vital for the identification of fraudulent patterns and the successful representment of disputed charges.
1.1 Merchant Account Data
We collect business names, tax IDs, contact information, and payment processing details necessary to facilitate our auditing and dispute management services. This also includes credentials for integrated platforms such as Shopify, Stripe, or high-level ERP systems.
1.2 Transactional Data
To defend against chargebacks, we process transaction data points including but not limited to: order amounts, timestamps, IP addresses, shipping destinations, and masked card identifiers (Last 4 digits). We strictly adhere to PCI-DSS standards and never store full credit card numbers or sensitive CVV data.
1.3 Behavioral and Digital Identity Markers
Our agentic AI analyzes non-personal behavioral patterns such as device fingerprints, browser configurations, and site navigation velocity. These markers are used solely for identifying bot behavior and verifying human intent during the purchase process.
2. Purpose of Data Processing
Defleckt processes data under the legal basis of "Contractual Necessity" and "Legitimate Interest" to protect the financial integrity of global commerce. The primary purposes include:
- Identifying and mitigating "Friendly Fraud" and malicious dispute attempts.
- Generating and submitting evidence packages to issuing banks and payment networks.
- Improving our predictive fraud detection models through aggregate, anonymized data analysis.
- Ensuring compliance with regional payment regulations and card network operating rules.
3. Data Retention and Security
We maintain enterprise-grade security protocols (ISO 27001) to safeguard all processed data. Our infrastructure is hosted on secure, distributed cloud environments with 256-bit encryption at rest and in transit.
Retention Policy: Transactional data used for representment is typically retained for 18 months, aligning with the maximum dispute window for major card networks. Anonymized behavioral markers may be retained indefinitely to improve global fraud prevention efforts.
4. International Data Transfers
As a global provider, Defleckt may transfer data across international borders to facilitate dispute resolution with banks located in various jurisdictions. These transfers are conducted under Standard Contractual Clauses (SCCs) and in full compliance with GDPR and other regional data protection frameworks.
5. Your Rights and Contact
Under various global privacy laws, you have the right to access, correct, or request the deletion of your personal data held by Defleckt.
Data Protection Officer:
Email: privacy@defleckt.com
Defleckt Protection Ltd.
124 Security Plaza, London, EC1V 2NX