Privacy Policy

Introduction

Rifraux ("we," "our," or "us") is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our AI-powered fraud detection platform designed for African fintechs.

By using Rifraux's services, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

Data Collection

We collect several types of information to provide and improve our fraud detection services:

Account Information

• Name, email address, and contact details
• Company name and business information
• API keys and authentication credentials
• Billing and payment information

Transaction Data

• Transaction amounts, timestamps, and locations
• Device information and IP addresses
• Payment method details (tokenized)
• Fraud scores and risk assessments
• Merchant and customer identifiers (anonymized)

Technical Data

• Browser type, operating system, and device information
• API usage logs and performance metrics
• Cookies and similar tracking technologies

How We Use Your Data

Rifraux uses collected data for the following purposes:

• Fraud Detection: Analyzing transaction patterns to identify and prevent fraudulent activities
• Service Delivery: Providing real-time fraud scoring and risk assessment
• Model Training: Improving our machine learning algorithms with aggregated, anonymized data
• Customer Support: Responding to inquiries and providing technical assistance
• Compliance: Meeting regulatory requirements and preventing financial crimes
• Service Improvement: Analyzing usage patterns to enhance platform performance
• Communications: Sending service updates, security alerts, and product announcements

Data Sharing

Rifraux does not sell your personal data. We may share information in the following circumstances:

Data Security

We implement industry-standard security measures to protect your data:

• End-to-end encryption for data in transit (TLS 1.3)
• AES-256 encryption for data at rest
• Multi-factor authentication (MFA) for account access
• Regular security audits and penetration testing
• Role-based access controls and data segregation
• Automated threat detection and monitoring

While we strive to protect your data, no method of transmission over the internet is 100% secure. For more details, please review our Security Policy.

Data Retention

We retain your data for as long as necessary to provide our services and comply with legal obligations:

• Account Data: Retained while your account is active and for 90 days after closure
• Transaction Data: Retained for 7 years to meet financial regulatory requirements
• Aggregated Analytics: Anonymized data may be retained indefinitely for research and model improvement
• Legal Holds: Data subject to legal proceedings is retained until the matter is resolved

Your Rights

Depending on your location, you may have the following rights regarding your personal data:

To exercise these rights, please contact us at privacy@rifraux.com.

Regulatory Compliance

Rifraux complies with applicable data protection regulations, including:

• Nigeria Data Protection Regulation (NDPR)
• Kenya Data Protection Act (DPA)
• South Africa Protection of Personal Information Act (POPIA)
• General Data Protection Regulation (GDPR) for European clients
• Payment Card Industry Data Security Standard (PCI DSS)

We work closely with regulatory bodies across Africa to ensure our practices meet local data protection standards.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: