Skip to main content
Skip table of contents

Data Processing & Privacy Practices

Data Processing & Privacy

Is personal data processed by fraud0?

Personal data is all data that can identify a person. However, this also includes data that is attached to a person, e.g. preferences. Some of the fraud0 data therefore is personal data in the sense of the GDPR, such as the analyzed IP address.

What data is processed by fraud0?

We process two types of data: Customer data and User data.

  • User data are those that fraud0 customers collect from their website users when the fraud0 software is integrated.

  • Customer data is data of the fraud0’s customer himself. Such data to log in to the fraud0 dashboard.

A detailed list of processed data can be found in fraud0’s Data Processing Agreement.

Where does the processing of the data take place?

The processing and storage of customer and user data takes place in the Google Cloud. The processing entities are located in Frankfurt.

Is personal data passed on to third-party systems?

No personal data is passed on to third-party systems, i.e. the customer's marketing technologies. However, the fraud0 customer can pass on the detection of bot users to its ad systems through the settings at his Tag Manager.

Data Ownership, Access & Security

Who is the owner of the data?

The data owner is the customer as the commissioning party (data controller). For processing according to the customer’s specifications, a data processing contract is concluded with fraud0 (data processor).

Does fraud0 use subcontractors for the processing of the data?

For the purpose of hosting, fraud0 uses the cloud server services provided by Google (Google, Alphabet Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States or Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland for users from the EEA and Switzerland).

How does the customer retrieve the data?

Upon request of the customer, a data export can be arranged. In order to do so, the data is exported to Google Buckets (Google Cloud Storage). After verifying if the person is authorized to access the data, a link is generated specifically in order to download this data.

When is the data deleted?

Data is deleted after a retention period of 2 years (latest status). Regardless of this period, a customer can request the deletion of the stored data at any time.

Who has access to the solution/data? By which measures is the access protected?

Access to customer data is managed by customers themselves. In addition, a restricted group of users receives administrative permission from fraud0, e.g. in order to be able to assist with support requests.

How is the data transmitted and which encryption methods are employed?

The data transfer is carried out using HTTPS encryption (TLS 1.3). Data in idle mode is encrypted using AES256, with different codes used for each respective data packet.

Legal & Compliance

Based on which legal basis can the fraud0 service be used on the website?

fraud0 as a fraud detection and prevention software may be used under legitimate interest in the sense of Art. 6 lit f GDPR, as well as under the exception to obtain consent in the sense of § 25 II 2 TTDSG. However, it remains the responsibility of the fraud0 client to verify the legal basis for the data processing.

As support, we are happy to provide you with a detailed legal assessment. Please request via privacy@fraud0.com

Where can I find fraud0's Data Processing Agreement (DPA)?

You can find our DPA here: https://fraud0.com/dpa/

How can fraud0 be described in the privacy policy?

Proposed non-binding text for your data protection policy

We XXX as the website provider use fraud0, a service provided by fraud0 GmbH Sendlinger Straße 7, 80331 Munich, to detect invalid traffic and low-quality traffic and to prevent fraud on our website. By using the fraud0 service, we can detect invalid traffic on our site, improve our online marketing efforts, clean marketing-relevant statistics and improve the usability of our website. 

The data obtained from this service is only used for analysis and mitigation of invalid and low-quality traffic. fraud0 processes data on our behalf and is contractually committed to measures to ensure the confidentiality of the processed data. A data processing agreement with fraud0 has been concluded. The fraud0 technology uses JavaScript pixels. During your website visit, the following data are collected by or through the use of this service: 

Browser and device information, such as the device type and model, manufacturer, operating system type and version (e.g. iOS or Android), web browser type and version (e.g., Chrome or Safari), user-agent, flash version, location information, IP address, JavaScript support, pages visited, time zone, the network connection type, hardware-based identifiers (e.g. MAC address), referrer URL, number of fonts, fonts hash, number of plugins, plugins hash, screen height and width, colour depth, platform, whether the resolution has been tampered, language or OS, whether ad blocking is enabled, whether do not track is enabled.

End-user’s behaviour on Controller’s sites, information, such as click path, session ID, session start/stop time, timezone offset, date and time of visit, usage and behavioural data. 

In our admin interface From fraud0 we receive a classification for invalid and low quality traffic, no personal data. There is no transfer of data to third parties - except as otherwise stated in our data processing agreement with you. When invalid or low quality traffic is detected, we generate invalid audience lists using our tag manager to automatically de-targeted this traffic across all our major buying channels like GoogleAds, Facebook, DV360 etc. Data processing by fraud0 only continues until a classification is done. Data processing by fraud0 will only continue until a classification has been made. The data is stored for further bot analysis with a period of one year. 

Tracking across websites does not happen at any time. We process data by using the fraud0 bot detection service based on Art. 6 lit. f GDPR. It is in the interest of the website operator to classify the users of its website as valid or as invalid traffic. First and foremost, we are preventing fraud (recital 47 of the GDPR), but we can also correct the website statistics by removing invalid traffic shares from our statistics. This will allow us to use our online marketing budget more efficiently and therefore continue to provide our services (as usual/free of charge/at a reasonable price). In case of using additional fraud0 services, we may process your data on another legal basis such as your consent, see further information: https://fraud0.com/privacy-policy/ . The data processing is performed exclusively in the European Union and Data is stored on Google's servers within the European Union and is not intended to be transferred to Google servers in the USA. The User may object to the processing by fraud0 at any time. The privacy policy and contact details of fraud0's data protection officer can be found at the following link: https://fraud0.com/privacy-policy/

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close