Fraudfinder Logo

Fraudfinder Ltd – Privacy Notice

Last updated: 12 November 2025

Fraudfinder Ltd (“Fraudfinder”, “we”, “us”) is a private limited company registered in England and Wales (Company No. 10531940) with its registered office in London, UK. We provide AI-powered document-fraud-detection and risk-analysis technology through our portal, APIs, and authorised partners (the “Platform”).

For data-protection purposes, Fraudfinder acts:

  • as a Processor when handling documents and data supplied by our business clients; and

  • as a Joint Controller with those clients in relation to aggregated analytics, fraud-pattern intelligence, and AI-model training derived from those documents.

You can contact us at support@fraudfinderai.com for any privacy-related query.

We process personal data contained in financial, identity, and utility documents uploaded by our clients or their end-users. Typical categories include:

We also collect technical data (IP address, device type, browser, usage logs) for security and service monitoring.

We use personal data to:

  1. Deliver, maintain, and improve our Services.

  2. Detect, prevent, and investigate fraud or misuse.

  3. Develop and train AI models using anonymised or aggregated data.

  4. Provide customer support and account management.

  5. Comply with legal and regulatory obligations.

Lawful Bases (Article 6 UK GDPR)

  • Contractual necessity - processing required to deliver Services.

  • Legitimate interests - security, analytics, model improvement, and fraud prevention.

  • Consent - for optional marketing communications.

  • Legal obligation - where disclosure is required by law or regulator.

For aggregated and AI-training purposes, Fraudfinder and each business client jointly determine:

  • what categories of anonymised data contribute to model training;

  • how that data is aggregated or pseudonymised; and

  • the safeguards applied.

Fraudfinder is solely responsible for managing the AI-model environment, and the client remains responsible for the legality of initial data collection. Derived datasets, machine-learning weights, and related analytics are owned exclusively by Fraudfinder.

We engage carefully selected subprocessors for hosting, processing, and communications:

All subprocessors are bound by written data-processing agreements consistent with UK GDPR Article 28.

Limited metadata is transferred to OpenAI (United States) under the UK–US Data Bridge and Standard Contractual Clauses approved by the ICO. All other data is stored and processed within the United Kingdom or EEA.

Client Data is retained for up to six years from the date of upload unless deleted sooner on request. Enterprise clients may request on-demand deletion at any time. Aggregated or anonymised data used for model training may be retained indefinitely, as it no longer constitutes personal data.

Fraudfinder applies controls aligned with ISO 27001 and NCSC guidance:

  • AES-256 encryption at rest and TLS 1.2+ in transit;

  • role-based access control and multi-factor authentication;

  • continuous monitoring and penetration testing;

  • daily backups and tested disaster-recovery plans.

Individuals have the following rights under UK data-protection law:

  • Access - receive a copy of your data.

  • Rectification - correct inaccurate information.

  • Erasure - request deletion where legally possible.

  • Restriction - limit processing in specific circumstances.

  • Portability - receive your data in a structured format.

  • Objection - object to processing based on legitimate interests.

  • Complaint - lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.

Requests can be sent to support@fraudfinderai.com.

Fraudfinder’s models generate probabilistic scores and indicators that assist clients in identifying potentially fraudulent documents. Decisions are not made solely by automated means; clients are expected to include human review before taking adverse action. We continuously test models for accuracy and fairness and do not use outputs for profiling individuals for marketing or credit purposes.

We may send service-related or administrative emails that you cannot opt out of, and optional marketing communications that require consent.

You can withdraw marketing consent at any time via unsubscribe links or by contacting us.

We may update this Privacy Notice to reflect operational or legal changes. The latest version will always appear at fraudfinderai.com/privacy and the revision date will be updated.

For all privacy queries or to exercise your rights:Email: support@fraudfinderai.comPost: Fraudfinder Ltd, 71-75 Shetron Street, WC2H 9JQ, London, United Kingdom