Services Privacy Policy

Overview

This section provides an overview of Forter and the Forter Services and a summary of the information provided below in the full version of this Privacy Policy. The full version of this Privacy Policy contains more detailed information regarding our privacy practices.

If you have any questions or concerns about this Privacy Policy or our privacy practices, please contact us at [email protected].

Who we are and what we do

Forter is a global company that provides fraud and abuse detection and trust-based products and services (the “Forter Services”) designed to help e-commerce merchants (our “Merchants”) detect and prevent fraud and abuse on their websites, mobile applications and other digital assets (the “Merchant Sites”), using our proprietary machine learning technology. In order to provide the Forter Services to our Merchants, we need to collect and process certain information about individuals who visit and interact with their Merchant Sites as end users (“End Users”), which information may include data that identifies or can be used to identify End Users, including name, address, telephone number and email address, and transaction, behavioral, device and connection data, as well as other information about End Users that is associated with or linked to any of the foregoing data (such data, “Personal Data”). Our proprietary machine learning technology uses this information to detect and prevent fraud and abuse on the Merchant Sites in real time. You can learn more about our products here.

How the Forter Services work

Our Merchants provide us with data and information about End Users and their interactions on their Merchant Sites through our Application Programming Interfaces (APIs). We also collect behavioral, device and connection data directly from End Users through standard tracking technologies (our JavaScript and mobile SDK), which are embedded on the Merchant Sites (collectively, “End User Data”). End User Data may include Personal Data. We do not collect any “special categories” of personal data about End Users (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, or information about your health or genetic or biometric data).

Once we have collected relevant End User Data, we process this data through our machine learning platform to return a recommendation to our Merchants as to whether to approve or decline a transaction or other event (e.g., an account signup or login event or abuse of a Merchant’s policies), or make a recommendation (e.g., for additional verification), on a particular Merchant Site. In addition to these decisions, we provide our Merchants with aggregated reporting and insights into transactions and other relevant events on their Merchant Sites.

Our recommendations, reporting and insights are used by our Merchants to assist them in detecting and preventing fraud and abuse on their Merchant Sites. It is ultimately up to our Merchants to decide what action to take or not to take using the information and insights we provide.

We also use End User Data (including Personal Data) across our network of Merchants to improve our modeling and algorithms and to provide more accurate recommendations for all of our Merchants. While we use End User Data for such purposes, we never share End User Data between our Merchants.

Overview of our privacy practices

We collect End User Personal Data when you interact with the Merchant Sites, through our APIs and standard tracking technologies, as further described below.  

We rely on our and our Merchants’ legitimate interests in detecting and preventing fraud and abuse as the legal basis for our processing of End User Personal Data, as further described below. 

We do not rent or sell your Personal Data, and we do not share your Personal Data with third parties, other than with select trusted third party service providers, to provide the Forter Services, to comply with applicable law or the request of a governmental entity, in connection with certain corporate transactions, and in connection with litigation and compliance monitoring, as further described below.

We employ industry best practices and regularly commission third party audits and certifications to ensure the security and confidentiality of your Personal Data and to protect your Personal Data from unauthorized access and improper use.

Full Services Privacy Policy

Introduction

This Privacy Policy describes what Personal Data Forter collects in connection with the Forter Services from End Users, how we use your Personal Data, who we share it with, how we safeguard your Personal Data, certain rights you may have with respect to your Personal Data, and how to contact us about our privacy practices. 

Please read this Privacy Policy carefully.

What type of information we collect from End Users

We collect your Personal Data when you interact with the Merchant Sites through our APIs and standard tracking technologies, as further described below. We also collect certain information from third party sources, as further described below.

1. Information provided by our Merchants

Our Merchants provide us with data and information about End Users and their interactions on their Merchant Sites through our Application Programming Interfaces (APIs) (described below). Our Merchants ultimately decide what Personal Data to send to us for use in connection with the Forter Services. Our legal and product teams work closely with our Merchants to assess the scope of Personal Data that will be shared with us through our APIs, and ultimately only send such Personal Data that is necessary for us to provide the Forter Services used by a particular Merchant.

While the exact nature and scope of Personal Data sent to us by our Merchants through our APIs will vary depending on the particular Forter Services provided, Personal Data sent by our Merchants via our APIs typically includes the following:

• Contact information: this includes information such as your name, phone number, email and mailing address.
• Transaction data: this includes information about a transaction you have completed on a Merchant Site, including your name, email address, billing and shipping mailing addresses, items purchased, price paid, order status and chargeback information. We also receive basic information about your payment and billing method, but do not collect or keep your complete credit card details.
• Account information: this includes information about your account and preferences on a Merchant Site.
• Browser, device and connection data: this includes information about the personal computer or mobile device you use to access the Merchant Sites. Such information may include technical information transmitted by your device, including certain software and hardware information such as the browser used to access the Merchant Site, the device model and operating system, unique device identifiers, and the Internet Protocol (IP) address through which you accessed the Merchant Site.

2. Information we automatically collect when you visit a Merchant Site

We use standard tracking technologies (described below) to automatically collect certain behavioral, device and connection data while you are interacting with a Merchant Site.

Our Merchants ultimately decide what pages on their Merchant Sites to embed our tracking technologies. Our legal and product teams work closely with our Merchants to assess the scope of Personal Data that will be automatically collected by us through our tracking technologies, and our tracking technologies are ultimately only placed on the Merchant Sites where such placement is necessary for us to provide the Forter Services.

While the exact nature and scope of Personal Data that is automatically collected by us through our tracking technologies will vary depending on the particular Forter Services provided, Personal Data collected through our tracking technologies typically includes the following:

• Browser, device and connection data: this includes information about the personal computer or mobile device you use to access the Merchant Sites. Such information may include technical information transmitted by your device, including certain software and hardware information such as the browser used to access the Merchant Site, the device model and operating system, unique device identifiers, and the Internet Protocol (IP) address through which you accessed the Merchant Site.
• Behavioral data: this includes information regarding your activity on a Merchant Site, such as the time and frequency of access, the referrer page domain, pages viewed.

We may use the following standard tracking technologies on our Merchant Sites. Which of the below technologies a Merchant ultimately integrates with depends on the nature of the Forter Services provided.

• JavaScript: a JavaScript code is a tiny snippet of code inserted into the content of a Merchant Site. This allows Forter to collect the information described above. 
• Mobile SDKs: mobile SDKs (or ‘software development kits’) are blocks of code embedded into the mobile version of a Merchant Site. This allows Forter to collect the information described above.

• Information collected from third party sources

In some cases, we may combine or enhance the information we collect about you (via our APIs and tracking technologies) with information we receive from third parties. For example, we may receive information from third parties regarding the type of phone associated with your phone number (e.g., mobile or landline), geographic coordinates of your billing and shipping address, and complementary details about your phone number and address.

How we use your information and legal bases for processing

We only use End User Personal Data (i) to provide the Forter Services to our Merchants and (ii) to improve the Forter Services to provide more accurate recommendations for our Merchants. We may also use End User Personal Data to comply with our legal obligations. We never share End User Data between our Merchants.

We rely on the following legal bases to process End User Personal Data: (i) our legitimate interest in providing the Forter Services and improving the detection and prevention of fraud and abuse on the Merchant Sites; and (ii) our and our Merchants’ legitimate interest in detecting and preventing fraud and abuse on the Merchant Sites and ensuring a secure customer journey on the Merchant Sites for our Merchants and End Users.

We may also process End User Personal Data as necessary to comply with our legal obligations.

Automated decision-making

The proprietary machine learning technology that powers the Forter Services relies on the automated processing of End User Personal Data to evaluate certain personal aspects relating to you, in particular to detect and prevent fraudulent and abusive behavior on the Merchant Sites. This means that our recommendations to our Merchants as to whether to approve or decline a transaction or other event on a Merchant Site as part of the Forter Services is typically made without human review or intervention. All automated decision-making by Forter is done in compliance with applicable data protection laws.

Who we share your information with

We do not rent or sell your Personal Data, or share your Personal Data with third parties, except as described below. All third party service providers we use are evaluated by both our legal and security teams prior to engagement, to ensure such providers implement and maintain appropriate measures to protect your Personal Data.

We may share your Personal Data with the following third parties:

• Forter Affiliates: we may share your Personal Data between and among Forter Ltd and its affiliates. Those affiliates are listed under “How to Contact Us” at the end of this Privacy Policy. 
• Trusted third party service providers:  we may share your Personal Data with trusted third-party service providers that we have engaged to assist us in performing the Forter Services (e.g. data hosting providers), as necessary for such third parties to provide services to us. Prior to sharing your Personal Data with our third-party service providers, we ensure that such third parties commit to protecting the security and confidentiality of your Personal Data. 
• Data enrichment providers:  we may share End User Personal Data with trusted third parties (e.g., location data or identity verification providers) for data enrichment purposes. Enriching End User Personal Data allows us to make more informed recommendations about your activity on the Merchant Sites. When we share your Personal Data with our data enrichment providers, we require that such data is only used for the purpose of providing a service to us and not for any other purpose. We also ensure that such third parties commit to protecting the security and confidentiality of your Personal Data.

We may also disclose your Personal Data to third parties if we believe disclosure of such data is necessary to: (i) comply with applicable law or a request from a court, regulator, or other governmental entity; (ii) enforce our contractual rights and our policies, including in connection with investigations of potential violations thereof; (iii) establish or exercise our rights to defend against legal claims; or (iv) enforce our intellectual property or other legal rights.

Additionally, we may share your Personal Data with third parties in connection with an actual or contemplated corporate transaction involving Forter, such as a merger, acquisition, divestiture, reorganization, financing or sale of our assets, as well as in connection with an insolvency, bankruptcy or similar proceeding involving us. Any entity that acquires us (in whole or in part) shall be permitted to continue to use your Personal Data as set forth in this Privacy Policy and shall assume our rights and obligations with respect to your Personal Data, as described herein.

Categories of Personal Data Collected and Disclosed

The table below describes the categories of Personal Data we have collected from our Merchants in the past twelve months and the categories of third parties to whom we disclose such Personal Data for a business purpose. 

Transfer of your information

We may transfer your Personal Data outside of your country of residence, including to the United States, Israel, and other countries where we and our service providers operate. Where we do so, we comply with applicable laws in relation to such transfer.

To the extent your Personal Data is subject to the GDPR and we transfer such data outside the EEA, such transfer will only be made in accordance with the GDPR and other applicable EU privacy laws.

For further information about the safeguards and derogations used for such transfers of your Personal Data, please contact [email protected].

How we safeguard your information

We are committed to protecting the Personal Data entrusted to us and take great care in safeguarding such data. We employ industry best practices and regularly commission third party audits and certifications to ensure the security and confidentiality of your Personal Data and to protect your Personal Data from unauthorized access and improper use.

We have put in place procedures to deal with any suspected data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

How long we retain your information

We will retain your Personal Data only for as long as necessary for the purposes for which it was collected, unless a longer retention period is required by applicable law. For further information about how long we keep your Personal Data, please contact [email protected].

Your rights with respect to you to your information

Individuals located in certain countries have certain statutory rights with respect to their Personal Data, as detailed below.

1. Individuals located in the EEA, UK or Switzerland

If you are located in the EEA, the UK or Switzerland, you have certain rights under the General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”) with respect to your Personal Data, including the right to:

• Access the Personal Data we hold about you;
• Correct any Personal Data we hold about you that may be inaccurate;
• Request that we delete your Personal Data (subject to certain limitations);
• In certain circumstances, restrict or object to us processing your Personal Data;
• Transfer your Personal Data to another organization (subject to certain conditions); and
• Withdraw your consent to us processing your Personal Data, where consent was previously provided and was the legal basis on which we relied for our processing of your Personal Data.

2. Individuals located in California

For purposes of the California Consumer Protection Act 2018 (California Civil Code §§ 1798.100 to 1798.199) including as amended by the California Privacy Rights Act of 2020 (the “CCPA”), Forter acts as a ‘Service Provider’ (as defined in the CCPA) in providing the Forter Services to our Merchants, who act as ‘Businesses’ (as defined in the CCPA) with respect to your Personal Data. Accordingly, we do not retain, use, or disclose End User Personal Data of California residents for any purpose other than for the specific purpose of performing the Forter Services or as otherwise permitted by the CCPA and applicable regulations, including to detect data security incidents or protect against fraudulent or illegal activity.

Individuals who are California residents have certain rights under the CCPA with respect to their Personal Data, including the right to:

• Request certain information about your Personal Data, including the categories of Personal Data we hold, the categories of sources of Personal Data we collected about you, the business or commercial purpose for which it was collected,  the categories of third parties with whom your Personal Data has been shared, and the specific pieces of personal information we have collected about you;
• Request that we delete your Personal Data (subject to certain limitations);
• Opt out of any sale or sharing of your Personal Data (note that we do not rent, sell or share your Personal Data except as stated in this Privacy Policy);
• In some cases, claim compensation for damage caused by our breach of the CCPA; and
• Not be discriminated against for exercising any of these rights.

End Users should direct any consumer rights request to the relevant Business from which your Personal Data was collected. As a Service Provider, we will cooperate with our Merchants in responding to consumer rights requests.

If you wish to exercise any of the aforementioned rights, please contact us at [email protected]. If you are located in the EEA or Switzerland you can also contact us through our EU representative Prighter, at the following website: https://prighter.com/q/12970917510. We will respond within the timeframes required under applicable law. When handling your request, we may need to request additional information from you (which may include Personal Data) to help us confirm your identity. This is a security measure to ensure that your Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. Please note that if you do not provide us with this additional information, we may be unable to process your request.

Minors

We do not knowingly collect Personal Data from anyone under the age of 16. In the event that we become aware that Personal Data of an individual under the age of 16 has been shared with or collected by us, we will delete such information.

If you have any reason to believe that we have collected Personal Data from an individual under the age of 16, please contact us at [email protected].

Complaints

Individuals located in certain countries may have the right to lodge a complaint with regards to how we process your Personal Data with your local data protection authority (in the United Kingdom, this is the Information Commissioner’s Office, which can be contacted in accordance with the means specified at https://ico.org.uk/global/contact-us)

If you are a California resident, you can lodge a complaint with the California Attorney General’s Office.

Updates or amendments to the Privacy Policy

We reserve the right to amend this Privacy Policy from time to time, in our sole discretion. If we decide to change this Privacy Policy, we will post these changes so our users are always aware of what information we collect, how we use it, and under what circumstances we disclose it. The most current version of this Privacy Policy will always appear on our website.

If at any point we decide to collect or use your Personal Data in a manner different from that stated in this Privacy Policy at the time it was collected, we will notify applicable individuals. We will use your Personal Data only in accordance with the Privacy Policy under which the information was collected.