Privacy Policy

1. Who We Are

Fraudcatchr LLC ("Fraudcatchr," "we," "us," or "our") is a Wyoming limited liability company. We operate the Fraudcatchr platform, including the web application at app.fraudcatchr.com, the client onboarding portal at onboarding.fraudcatchr.com, the browser extension ("Fraudcatchr Shield"), and the Fraudcatchr mobile application (collectively, the "Service").

This Privacy Policy describes how we collect, use, store, and share information about you when you use our Service. It applies to both Advisors (family members or caregivers who manage a subscription) and Clients (the individuals being protected, typically seniors).

2. Information We Collect

We collect information in the following categories:

Account Information (Advisors)

• Email address used to create your account
• Firebase authentication identifiers
• Stripe customer ID and subscription status (we do not store full payment card details)
• Device push notification tokens for alert delivery

Client Profile Information

• Client name, email address, and phone number (entered by the Advisor)
• Email account connection credentials (OAuth tokens, stored encrypted)
• Call forwarding setup confirmation
• Browser extension installation status

Monitoring Data (collected automatically during Service operation)

• Inbound phone call metadata: caller number, call duration, call timestamps
• Phone call transcripts generated in real time during calls
• Email metadata and content: sender, subject, body text, and URLs contained in emails
• Website URLs visited by the Client through the browser extension
• AI-generated fraud scores, risk assessments, signals, and reasoning for each monitored event

Technical Data

• IP addresses and device information associated with account access
• API usage logs for security and debugging purposes

3. How We Use Your Information

We use collected information exclusively for the following purposes:

• Fraud detection and protection: Analyzing calls, emails, and browsing activity to identify potential fraud, scams, or phishing attempts directed at the Client
• Real-time alerts: Notifying Advisors via push notification when suspicious activity is detected
• Account management: Creating and maintaining Advisor accounts, managing subscriptions, and processing payments
• Service improvement: Improving the accuracy of our fraud detection AI models using anonymized and aggregated data
• Legal compliance: Complying with applicable laws, regulations, and lawful requests from authorities
• Security: Detecting and preventing unauthorized access to the Service

We do not sell, rent, or trade your personal information or monitoring data to any third party for marketing or commercial purposes.

4. Call Monitoring & Consent

Fraudcatchr monitors inbound phone calls to the Client's forwarded number in real time. This monitoring includes transcription and AI analysis of call content.

Advisor Consent: By creating an account and setting up call monitoring for a Client, the Advisor consents to the monitoring of calls received on that Client's behalf and represents that they have the legal authority to consent on behalf of the Client, or that the Client has been informed of and consented to call monitoring.

Client Consent: The Client is informed of call monitoring during the onboarding process. By completing onboarding and enabling call forwarding, the Client consents to the monitoring of their incoming calls.

Third-Party Callers: Fraudcatchr's call monitoring may record or transcribe conversations involving third parties who call the Client. In some U.S. states, applicable law requires all parties to a call to consent to recording. It is the Advisor's and Client's responsibility to ensure compliance with applicable state wiretapping and call recording laws in their jurisdiction. Fraudcatchr is not responsible for obtaining consent from third-party callers.

Call transcripts are stored securely and are accessible only to the Advisor(s) linked to the Client's account.

5. Email Monitoring & Consent

When a Client connects their email account (Gmail, Outlook, or IMAP), Fraudcatchr accesses incoming emails to scan for fraud, phishing, and scam indicators.

What we access: Sender information, subject lines, email body text, and URLs contained within emails.

What we do not access: We do not access emails the Client sends, contacts lists, calendar data, or any other account data beyond incoming email messages.

By connecting an email account through the onboarding process, the Client (or Advisor on their behalf) explicitly consents to email scanning for fraud detection purposes. OAuth tokens used to access email accounts are stored encrypted and are used solely for the purpose of email fraud monitoring.

6. Browser Activity Monitoring

The Fraudcatchr Shield browser extension monitors URLs visited by the Client in their web browser. When the Client navigates to a website, the URL is sent to our servers for fraud and malware analysis using Google Safe Browsing and AI-based risk assessment.

What we collect: Website URLs visited through the monitored browser.

What we do not collect: Passwords, form inputs, page content, cookies, or any other browser data beyond the URL itself.

By installing the Fraudcatchr Shield extension through the onboarding process, the Client (or Advisor on their behalf) consents to URL monitoring for fraud protection purposes.

7. Third-Party Services

Fraudcatchr uses the following third-party services to operate the platform. Each service receives only the data necessary to perform its function:

• Google Cloud Platform & Firebase — Cloud infrastructure, database hosting, and user authentication. Google Privacy Policy
• Google Gemini AI — AI analysis of call transcripts, email content, and URLs for fraud scoring. Data is processed under Google's API terms.
• Google Safe Browsing API — URL threat detection.
• Twilio — Phone call routing, transcription, and email delivery. Twilio Privacy Policy
• Stripe — Payment processing and subscription management. Fraudcatchr does not store payment card information. Stripe Privacy Policy
• Microsoft Graph API — Used when Clients connect Outlook email accounts for monitoring.

We do not share monitoring data (call transcripts, email content, or browsing history) with third parties except as necessary to provide the fraud detection Service described above.

8. Data Retention

We retain your data for the following periods:

• Account data: Retained for the duration of your subscription plus 90 days after cancellation
• Monitoring data (sessions, events, transcripts): Retained for 12 months from the date of creation
• Resolved sessions: Retained for 12 months for audit and review purposes
• Payment records: Retained as required by applicable tax and financial regulations (typically 7 years)

Upon account deletion or subscription cancellation, we will delete all personal data within 90 days, except where retention is required by law.

9. Data Security

We implement industry-standard security measures to protect your data, including:

• AES-256 encryption for OAuth tokens and sensitive credentials at rest
• TLS encryption for all data in transit
• Role-based access controls limiting data access to authorized personnel only
• Google Cloud infrastructure with SOC 2 compliance
• Secure authentication via Firebase with multi-factor authentication support

While we take every reasonable precaution to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

In the event of a data breach affecting your personal information, we will notify affected users in accordance with applicable law.

10. Your Rights

Depending on your location, you may have the following rights with respect to your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate personal data
• Deletion: Request deletion of your personal data, subject to legal retention requirements
• Portability: Request your data in a portable format
• Opt-out of sale: We do not sell personal data. There is nothing to opt out of.

California Residents (CCPA): California residents have the right to know what personal information is collected, to request deletion, and to opt out of the sale of personal information. As stated above, we do not sell personal information. To exercise your rights, contact us at the address below.

To exercise any of these rights, please contact us at privacy@fraudcatchr.com. We will respond within 30 days.

11. Children's Privacy

Fraudcatchr is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected information from a child under 13, please contact us immediately and we will delete such information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify Advisors by email and update the "Last updated" date at the top of this page. Continued use of the Service after changes become effective constitutes acceptance of the updated policy.