Legal
Effective date: January 1, 2025 · Last updated: March 2025
When you use HighRiskIntel, we collect the following information: • Account information: email address, business name, and account credentials when you sign up. • Transaction data: payment amounts, currencies, countries, email addresses associated with transactions, dispute flags, and risk signals — collected when you connect your payment processor or upload statements. • Processor API credentials: encrypted using AES-256 before storage; used only to pull transaction and dispute data. • Usage data: pages visited, features used, session duration, and browser/device information collected automatically via cookies and server logs. • Payment information: billing details processed by Stripe; we do not store raw card numbers.
All data is stored on Supabase infrastructure, which is SOC 2 Type II certified. Data is encrypted at rest using AES-256 and in transit using TLS 1.3. Processor API keys are additionally encrypted at the application layer before being written to the database. Our infrastructure is hosted in the United States. We maintain strict access controls — only authorized personnel can access production data, and all access is logged.
We use your data to: • Provide and operate the Service, including generating risk scores, chargeback rate monitoring, and AI-powered analysis. • Send you alerts and reports about your payment risk profile. • Improve our AI models and risk engine using aggregate, anonymized transaction patterns. • Process subscription payments and manage billing. • Respond to support requests and communicate important Service updates. • Comply with legal obligations and prevent fraud.
HighRiskIntel uses the following third-party services to operate: • Anthropic: We send statement text and transaction summaries to Anthropic's Claude API for AI analysis. Data sent to Anthropic is not used to train their models per our data processing agreement. • Stripe: Used for billing and subscription management. Stripe processes payment information under their own Privacy Policy. • Supabase: Our database and storage infrastructure provider. Supabase is SOC 2 certified and stores your data in the US. • Resend: Used to send transactional emails (alerts, reports). Email content may include your chargeback metrics. We do not sell your personal information to any third parties.
We retain your data for as long as your account is active, plus 2 years after account closure for compliance and dispute resolution purposes. Transaction data older than 2 years is automatically deleted. If you request account deletion, all your personal data and transaction records will be permanently deleted within 30 days, except where we are legally required to retain certain information.
You have the right to: • Access: Request a copy of all personal data we hold about you. • Correction: Request correction of inaccurate or incomplete data. • Deletion: Request permanent deletion of your account and all associated data. • Portability: Request your data in a machine-readable format. • Restriction: Request we stop processing your data in certain circumstances. To exercise any of these rights, email privacy@highriskintel.com. We will respond within 30 days.
We use strictly necessary cookies to maintain your session and authentication state. We do not use advertising or tracking cookies. We may use analytics cookies to understand how the product is used — these can be disabled in your browser settings without affecting core functionality.
For users in the European Economic Area (EEA), we process your data under the following legal bases: (a) performance of a contract — to provide the Service you've subscribed to; (b) legitimate interests — for security, fraud prevention, and product improvement; and (c) consent — for optional analytics and marketing communications. You may withdraw consent at any time by contacting privacy@highriskintel.com.
For California residents: HighRiskIntel does not sell personal information as defined under the California Consumer Privacy Act. You have the right to know what personal information we collect, request deletion of your personal information, and opt out of any future sale of personal information. To exercise these rights, email privacy@highriskintel.com.
We take security seriously. Our measures include AES-256 encryption at rest, TLS 1.3 in transit, SOC 2 certified infrastructure, least-privilege access controls, regular security audits, and multi-factor authentication for all internal systems. No system is completely secure; if you discover a vulnerability, please report it to security@highriskintel.com.
HighRiskIntel is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact privacy@highriskintel.com and we will delete it promptly.
We may update this Privacy Policy from time to time. We will notify you of material changes via email at least 14 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision.
For privacy-related questions, requests, or concerns: Email: privacy@highriskintel.com HighRiskIntel, Inc. Delaware, United States For security vulnerabilities: security@highriskintel.com