Deduce Services Privacy Policy

Effective as of August 11, 2022

1. APPLICABILITY OF THIS PRIVACY POLICY

Thank you for visiting the privacy page. Deduce, Inc., including any affiliates and subsidiaries (“Deduce,” “we,” “us,” or “our”) values the trust you place in us when you use our products, and services. This Privacy Policy describes our collection, use, disclosure, and retention of information we collect from or about you through our products and services,  or from our customers that use our products and services as well as what your rights are. This Privacy Policy applies to our customer contracts and our products and services regardless of how you access or use them, including through mobile devices. This Privacy Policy does not apply to the use of Deduce’s website at www.Deduce.com, which use is governed by the Deduce Website Privacy Policy available on our Site Privacy Policy page.

Information We Collect on Behalf of Our Customers 

Deduce provides fraud prevention services which include  cybersecurity, trust verification, and risk scoring (the “Services”) to our customers, who are third party businesses and other entities. If you have a relationship with one of our customers, it may be that Deduce’s hardware, software or plugins are integrated with that customer’s application and associated logs or otherwise made available in the customer’s network, or may be made a part of a customer’s website. In those instances Deduce’s technology may collect certain personal data about you on behalf of our customers. We use any personal data in accordance with our contractual obligations to customers, which includes (1) providing the Services to customers; and (2) generating pseudonymized data (“Customer-Generated Data”); and (3) preventing fraud and/or providing security research. Where permissible either contractually or under the law, we may also use such Customer-Generated Data in a non-anonymized manner for purposes of fraud prevention and cybersecurity, and internal benchmarking. Other than with respect to a Deduce customer that you have an existing contractual relationship with, Deduce will not share identifiable information about you with any third parties and any disclosures made to Deduce customers as part of our Services will be in the form of aggregated data and risk scores. For information about how we use information that we collect from you, please see the “How We Use Information We Collect From Or About You” section below.  

IF YOU HAVE A CONTRACTUAL RELATIONSHIP WITH OUR CUSTOMER AND THAT CUSTOMER COLLECTS YOUR DATA UTILIZING DEDUCE TECHNOLOGY, THE COLLECTION AND USE OF YOUR DATA MAY BE GOVERNED BY THE AGREEMENTS AND/OR PRIVACY POLICIES THAT YOU ENTER INTO WITH SUCH CUSTOMER AND NOT BY THE TERMS OF THIS PRIVACY POLICY.  

If you use our Websites outside of the United States, you understand and consent to the transfer of information we collect from or about you to, and the collection, processing, and storage of information about you in, the United States and elsewhere. The laws in the U.S. and these countries may be different than the laws of your country.

With respect to our Services, under the EU General Data Protection Regulation (“GDPR”) and other similar laws, Deduce may be considered a “controller” of personal data . 

This means that Deduce handles personal data solely pursuant to the relevant customer’s instructions, unless legally required to do otherwise. As a result you should refer to any agreement or privacy policy you have entered into with the customer for whom we are processing data.  If we receive your personal data from a non-customer licensor of data, we process such data strictly in accordance with the processing limitations set forth in our agreements with such licensors.  

By way of example, Deduce offers an alerting service where we can assist our customers and their end users review and verify when an attempt has been made to log in to a user account in a potentially unauthorized manner. With respect to personal data about a user that comes from the user’s interactions with our customer’s online properties, such as login and account information, hashed credentials, or location, Deduce acts as a processor and/or a controller of personal information.  As part of our efforts to prevent fraudulent account access, we may compare that user data with information residing in our existing “identity graph” which contains information about unauthorized login attempts, potentially malicious actors, and IP addresses associated with fraudulent activities. That information is provided by our customers, data licensors, security researchers and by Deduce as we perform services for our customers.  

Your rights: You may have the right to know what we know about you. You can make a request via email to: [email protected]. Please include your name, email address in question and city, state and country of residence. We will confirm which rights- access, deletion, portability or rectification- we are obligated to fulfil.  We may then collect further information to verify your identity. Please allow up to 45 days for this process to be completed. 

This Privacy Policy applies to the personal data we collect about you in connection with:

  • The performance of our Services
  • Sales, including our sale of products through resellers, distributors, partners, and third-party marketplaces.
  • Investor relations.

2. TYPES OF PERSONAL DATA WE COLLECT

We collect several types of information from and about users of our services, including information:

  • By which you may be personally identified, such as your: name, postal address, e-mail address, telephone number or any other identifier by which you may be contacted online or offline and which is defined as person or personally-identifiable information under an applicable law. This includes any personally identifiable information you disclose on our social media platforms and sites when you browse or interact with our products and services.
  • About you or your customers’ experiences with Deduce’s products and services, including with our website and mobile services.
  • Concerning the interactions between you and our customers’ online properties, including any usage and security-related data such as information about authorized or unauthorized log-in attempts.
  • Information you provide us whether as an actual or prospective customer, or through our interactions with your employees, such as your customer services team responsible for fraud prevention or detection.
  • Unique device identifiers and device attributes such as the IP address, operating system, user agent and unique advertising identifier which are assigned to a device that is being used to access the website and mobile properties where Deduce customers have implemented our technologies.  
  • When you, your customers or visitors to your online properties navigate through and interact with the websites, platforms, mobile apps, plugins, software, hardware and other platforms that utilize our Services we may use automatic data collection technologies such as cookies, web beacons and JavaScript and other computer code to collect certain information about your equipment, browsing actions, and patterns. Please see below for more details on these automated means. 
  • From third parties and offline sources, such as our partners, vendors, data brokers, marketing and analytics providers, referral information that may have been provided from our other customers. 
  • From publicly available sources.

When necessary to meet our obligations under applicable law, we may also collect personal data and in turn may notify our customers to do the same. 

3. HOW WE USE INFORMATION WE COLLECT FROM OR ABOUT YOU

Deduce may process personal data for the following types of purposes:

  • To provide, review and improve Deduce’s Services and operations.  
  • Responding to requests for information as required by applicable laws.
  • For security, IT management, and related research, including for the collective defense of fraud prevention, fraud detection and cybersecurity threats.
  • To comply with any law, court order, legal process or legal terms, or based on our good-faith belief that it is necessary to conform or comply with any law,  court order, legal process or legal terms; to cooperate with police and other governmental authorities; or to protect the rights, property or safety of our customers and other platforms through which our Services are offered to the public. 
  • To process or engage in a sale of all or part of our business, or if we go through a reorganization, merger or a comparable event.  
  • For communicating with you in response to requests you have made for further information.
  • To prevent activities that may violate our policies or be fraudulent or illegal

Data Quality: In processing personal data, we may use personal data that we have gathered from one type of Service and use it in combination with other services and products we offer. We may also use or combine the personal data with information that we collect offline or we collect or receive from third-party sources for any number of reasons, including to enhance, expand, and check the accuracy of our records. Additionally, information collected from a particular browser or device may be used with another computer or device that is linked to the browser or device on which such information was collected.

Data Retention: We may retain information we collect from or about you for as long as reasonably required to satisfy the purposes for which we have collected the information, or as contractually obligated, or as required by law, whichever is longer. This means we will retain information about you both while you are an active user of our Services or the products and services of our customers that utilize our Services, and after you cease to be an active user.

4. HOW WE SHARE INFORMATION WE COLLECT FROM OR ABOUT YOU 

We may share personal data with, for example: 

  • Our customers with whom you have an existing business or contractual relationship; we may share information that personally identifies you with entities that use our service.
  • Third party service providers, including our subcontractors, strictly as necessary to provide our Services: we may engage third-party service providers to perform functions on our behalf such as hosting and technical integration,. These third parties may have access to information about you when needed to perform their functions.
  • Law enforcement or other entities involved in legal processes: we may use or disclose information we collect from or about you if required to do so by law or on the good-faith belief that such action is necessary to (a) conform to applicable law or comply with legal process served on us or in connection with our Services; (b) protect and defend our rights or property, our Services, or our users; (c) respond to a third party that alleges that you or any of customers have infringed their intellectual property rights; or (d) act to protect the personal safety of us, users of our Services, or for the welfare of the public.
  • Sales of our business, assignments or changes of control: We may change our ownership or corporate organization while providing our Services. We may transfer some or all information about you in connection with any merger, acquisition, sale of assets, or any line of business, change in ownership control, or financing transaction. Under such circumstances, we will request the acquiring party to follow the practices described in this Privacy Policy with respect to previously collected information. Nevertheless, we cannot promise that an acquiring party or the merged entity will have the same privacy practices or treat information about you in the same way as described in this Privacy Policy.

Our uses and disclosures of your personal data are also subject to our contractual obligations.

5.DEDUCE’S LEGAL BASIS FOR THE COLLECTION, USE AND SHARING OF PERSONAL DATA

Deduce’s lawful basis of processing is as follows:

  •  Legitimate interests: We handle personal data because it furthers the legitimate interests of Deduce, its customers, business partners, and its third party vendors in business activities such as the ones listed below:
    • Fraud prevention and detection
    • By allowing us to enhance our customers’ cybersecurity and the cybersecurity of their online properties and other information technology assets
    • To protect our customers, their business activities and/or their customers 
    • Providing customer service, namely collecting the data, analyzing it, and providing risk scores and related data to our customers to assist them with protecting the security of their online properties. Depending on the customer, this processing is also justified by its necessity for the performance of a task carried out in the public interest (i.e., cybersecurity, including the protection of personal data).    
    • To analyze trends and conduct research about improving Deduce’s services and products 
    • Identifying business and legal risks and conducting assessments of the same

We do not believe that our handling of data unduly impact your interests, rights, and freedoms.

    • Contractual Obligations: In many instances, our handling of personal data is necessary to meet our contractual obligations, or because we are planning to enter into a contract.  
    • Legal compliance: Disclosure and use of personal data may be required to ensure our compliance with our legal obligations under applicable laws.
  • Legal claims: Disclosure and use of personal data may be required to investigate claims (including claims of fraud), and/or legal actions, violations of law or agreements, including this Privacy Policy.

6. COOKIES AND OTHER TRACKING TECHNOLOGIES

Like many comparable products, services, we use tracking technologies such as cookies, web beacons, JavaScript and similar technologies to record your preferences, track the use of our Services. Most web browsers automatically accept cookies but, if you prefer, you can usually modify your browser setting to disable or reject cookies. In addition, you may also render some web beacons unusable by rejecting or removing their associated cookies. If you delete your cookies or if you set your browser to decline cookies, some features of the applicable product, service or website may not work or may not work as designed.

We may use third-party analytics services to support our products and services and on our websites,. These analytics service providers use cookies or other tracking technologies to help us analyze how users interact with and use our Services, compile reports about activity concerning our Services, and provide us other services. The technologies may collect information such as your IP address, time of visit, whether you are a return visitor, any referring website, and other information. We do not use these analytics service providers to gather information that personally identifies you. The information generated by Google Analytics will be transmitted to and stored by Google and will be subject to Google’s privacy policies. To learn more about Google’s partner services and to learn how to opt out of tracking of analytics by Google click here.

Your browser or device may include “Do Not Track” functionality. Our information collection, disclosure practices, and the choices that we provide, will continue to operate as described in this Privacy Policy, whether or not a Do Not Track signal is received. As stated above, if you have a contractual relationship with our customer and that customer collects your data utilizing Deduce technology, the collection and use of your data on our customer’s website or mobile properties may be governed by the agreements and/or privacy policies that you enter into with such customer and not by the terms of this privacy policy. You should consult such policies for more information on your choices with respect to tracking technologies. 

7. INFORMATION FOR RESIDENTS OF CALIFORNIA

If you are a resident of California you can visit our State Policy page for more information on your rights with respect to our use of your data.  

8. INFORMATION FOR INDIVIDUALS LOCATED IN THE EU, SWITZERLAND, ICELAND, LIECHTENSTEIN, NORWAY AND THE UNITED KINGDOM

This section applies to our processing of personal data that we collect through from our clients when we provide our Services to them, as described above. We process personal data on the following legal bases: with your consent, to comply with laws applicable to us, and as necessary for our legitimate interests where those interests do not override your fundamental rights and freedoms related to data privacy. Personal data we collect may be transferred to, and stored and processed in, the United States or any other country in which we or our affiliates, subcontractors, or clients maintain facilities.

Individuals that reside in the EEA or Switzerland have the right to lodge a complaint about our data collection and processing actions with the supervisory authority concerned. Contact details for data protection authorities are available here.

If you are a resident of the EEA or Switzerland, you are entitled to certain rights. Please note: In order to verify your identity, we may require you to provide us with personal data prior to accessing any records containing information about you. These rights include the ability:

  • to request from us access to personal data held about you;
  • to ask for the information we hold about you to be rectified if it is inaccurate or incomplete;
  • to ask for data to be erased if the data is no longer necessary for the purpose for which it was collected, you withdraw consent and no other legal basis for processing exists, or you believe your fundamental rights to data privacy and protection outweigh our legitimate interest in continuing the processing; and
  • to request that we restrict our processing if we are processing your data based on legitimate interests or the performance of a task in the public interest as an exercise of official authority (including profiling); using your data for direct marketing (including profiling); or processing your data for purposes of scientific or historical research and statistics.

To submit a request to exercise your rights, please contact us at [email protected]. We may have a reason under the law why we do not have to respond to your request, or respond to it in a more limited way than you anticipated. If we do, we will explain that to you in our response.

9. OTHER IMPORTANT INFORMATION

Users Under Thirteen (13): Our Services are not intended for children under 13 years of age. No one under age 13 may provide any information through our Services. We do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information on or through any of Deduce’s Services, or provide any information about yourself to us, including your name, email address, telephone number, or any screen name or user name you may use. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at [email protected]

Changes to Our Privacy Policy:  It is our policy to post any changes we make to our privacy policy on this page with a notice that the privacy policy has been updated. If we make material changes to how we treat personal information, we will notify our customers by email and our customers should provide you with appropriate notice subject to their contractual obligations to you. The date the privacy policy was last revised is identified at the top of the page. 

For questions about our Privacy Policy, you can contact us at [email protected] or contact us at:

276 5th Ave Suite 704 #950, New York, NY 10001