Platform and Services
Privacy Policy

At Riskified, Inc., together with our affiliates, “Riskified”, “we”, “our”, or “us”), we provide online merchants (“Merchants”) with a service that helps them to prevent fraudulent online transactions (the “Fraud Prevention” service). We also may provide you with an alternative payment service (the “Deco” service) that allows you to finalize your purchase with a Merchant even when your original payment method is declined by the Merchant. You may now or in the future place an order with such a Merchant.

Merchants integrate our Fraud Prevention and Deco services on their eCommerce websites and mobile apps, where consumers like you place orders (“eCommerce Platforms”). This requires us to collect personal data from you to provide Fraud Prevention services to the Merchant and/or to provide Deco services to you.

This Privacy Policy (“Policy”) explains our privacy practices with respect to our Fraud Prevention and Deco services. It describes how we collect, use, and share personal information. It also describes your the rights and options with respect to that information. Please note that if you receive a financial product or service from us, the privacy notice titled “What Does Riskified Do With Your Personal Information?” applies to you. This notice, which applies only with respect to the non-public personal information that we obtain in the course of providing you with a financial product or service, is required by the Gramm-Leach-Bliley Act (the “GLBA”). To the extent that there is any conflict between this Privacy Policy and the GLBA privacy notice, the privacy notice shall control.

Please note that this Policy does not cover the practices or policies of Merchants, the eCommerce Platform(s), or any other party that may have access to your personal information. To the extent that we provide your personal information to our agents or service providers, we will take what we believe to be commercially reasonable steps to ensure that they safeguard such information and use it only for the intended purposes. However, we are not responsible for the practices employed by any third party website that we may link to, nor for the information or content contained therein. We encourage you to review the privacy statements of such other websites to understand their information practices and terms of service.

You are not obligated by law to provide us with your personal data, but an eCommerce Platform may require that you provide us with your personal data in order for it to be able to consider or process the order you place, or to be able to provide the Deco service.

In short…

INFORMATION WE COLLECT

Transaction Data. When you place an order with the eCommerce Platform, we collect various data regarding your transaction, such as your name, email, the items you purchased, price paid, shipping information and basic information from your account on the eCommerce Platform (if you are registered with an account there). We also collect basic information about your payment and billing method, but we do not collect or keep your complete credit card number. For Deco verification and payment purposes, we may also collect your date of birth, login credentials for online access to your bank account, your bank routing number, and bank account number. This transaction data collected for Deco verification and payment purposes is encrypted prior to being sent to our payment service providers and thereafter not retained or used by Riskified.

Device data. We collect information about the personal computer or mobile device you use to access the eCommerce Platform, including its model, its operating system, unique device identifiers, browser type, mobile network information and the Internet Protocol (“IP”) address through which you accessed the eCommerce Platform.

Geo-location data. If you use the eCommerce Platform’s mobile app, we collect your precise geo-location when you actively use the app. If you use the eCommerce Platform’s website we will collect your town-approximate geo-location.

Analytical data. We collect analytical data about your use of the eCommerce Platform. For example, we collect the frequency of your access to the eCommerce Platform, the pages and items on the eCommerce Platform that you viewed or interacted with.

Cookies. We may use “cookies” to collect some of the preceding information. A cookie is a piece of data stored on your hard drive to help us improve your access to our Website and identify repeat visitors to the Website. For instance, when we use a cookie to identify you, you would not have to log in a password more than once. Cookies also can enable us to track and target the interests of our users to enhance the experience on our site. Cookies also may be used to limit the number of times you are shown a particular ad.

Some of Riskified’s business partners may use cookies on our Website (for example, advertisers). However, we have no access to, or control over, these cookies. You may set cookies that tell Riskified or third parties to not use information about what sites you visit to target ads to you. For example, the Network Advertising Initiative (“NAI”) and the Digital Advertising Alliance (“DAA”) offer tools for opting out of targeted advertising. As discussed below, we cannot guarantee that our Website will respond to Do-Not-Track signals from your browser at this time. Further, note that if you delete all cookies, you will also delete the cookies that indicate your preference to opt out of targeted ads.

From time-to-time, we may engage third parties to track and analyze non-personally identifiable usage and volume statistical information from individuals who visit our Services.

You also may see advertisements when you use our Site. These advertisements are for our own products or services or for products and services offered by third parties. Which advertisements you see is often determined using the information that we, our service providers, and other companies that we work with have about you, including information about your relationships with us. To that end, where permitted by applicable law, we may share with others the information that we collect from and about you.

Cross-references. We also cross-reference, verify and enhance the accuracy of the data outlined above, using third party sources such as online search engines, online ‘white pages’ and online mapping services.

Inquiries. If you contact us for questions or complaints, we will collect the information related to your inquiry. This may include your name, email address, postal address, telephone number and other contact information, depending on the nature of your inquiry.

USE OF COLLECTED INFORMATION

We, as a data controller, process your personal data pursuant to our legitimate interests while Merchants may, where relevant, rely on legitimate interests or consent to process your personal data.

We use the information we collect for the following purposes:

SHARING INFORMATION COLLECTED

We may share the information outlined in this Policy with others, in the following instances:

AUTOMATED DECISION MAKING

The eCommerce Platform may, in its own discretion, use Fraud Prevention to make a decision on whether to accept or decline your order, based solely on automated processing. Please direct inquiries concerning the decision about your order to the eCommerce Platform.

ACCESSING, UPDATING OR DELETING YOUR PERSONAL INFORMATION AND OBTAINING A COPY OF IT

If the law grants you such rights, you may ask to access the personal information about you that is stored in our systems. You may also ask for our confirmation as to whether or not we process personal data concerning you.

Subject to the limitations in law, you may request that we update, correct or delete inaccurate or outdated information, and have us suspend the use of personal data whose accuracy you contest while we verify the status of that data.

Subject to law, you may also be entitled to obtain from us the personal data you directly provided us (excluding data we obtained from other sources) in a structured, commonly used and machine-readable format, and may have the right to transmit those data to another party.

If you wish to exercise any of these rights, contact us at: support@decopayments.com. When handling these requests, we may ask for additional information to confirm your identity and your request.

AGGREGATED INFORMATION

We may use the information we collect, as outlined above, to compile anonymized or de-identified information. We may share such anonymized or de-identified information with any other third party, at our sole discretion. However, we will not knowingly or intentionally share information that can be reasonably used to reveal your identity except as provided in this Policy.

TRANSFER OF DATA OUTSIDE YOUR TERRITORY

The personal information that we collect may be stored and processed in the United States or any other country in which we or our subsidiaries, affiliates or service providers maintain facilities. If you are located in the European Union, Canada, or other regions with laws governing data collection and use that may differ from U.S. law, please note that we may transfer information, including personal Information, to a country and jurisdiction that does not have the same data protection laws as your jurisdiction, and you consent to the transfer of information to the U.S. or any other country in which Riskified or its parent, subsidiaries, affiliates or service providers maintain facilities and the use and disclosure of information about you as described in this Privacy Policy.

INFORMATION SECURITY

We care about the security of your information and use what we believe to be commercially reasonable safeguards to preserve the integrity and security of personal information.

Please be advised, however, that no security measure, system, or control is infallible. We accordingly do not guarantee that personal information may not be accessed, disclosed, altered, or destroyed and disclaim any express or implied warranties, duties or conditions in that regard. If any applicable law imposes on us a duty with respect to these matters that cannot be disclaimed, you acknowledge and agree that our commercially reasonable precautions shall be considered to satisfy that duty unless (and only unless) we have engaged in willful misconduct.

In the event that the security of any personal information under our control is compromised, we will take reasonable steps to investigate and mitigate the situation, including, when and where appropriate, by notifying those individuals whose personal information may have been compromised and taking other steps in accordance with applicable laws and regulations.

DATA RETENTION

We retain the personal data we collect only for as long as needed in order to provide the Fraud Prevention, Deco, or newly developed services under this Policy and compliance with applicable laws. We then either delete from our systems or anonymize it, without further notice to you.

POLICY REGARDING CHILDREN

We do not knowingly collect personal data from children under the age of 13. If a parent or guardian becomes aware that his or her child has provided us with personal data without their consent, he or she should contact us at support@decopayments.com. If we become aware that a child under the age of 13 has provided us with personal data, we will delete such information from our files.

CHANGES TO THIS POLICY

We may modify or update this Policy from time to time to reflect the changes in our business and practices. We encourage you to review this Policy whenever you use our services in order to stay informed about our information practices.

To the extent not prohibited by law, any amendment or update to this Policy will apply to personal information that we already have collected and to any personal information that we subsequently may obtain. When required by applicable law, however, we may provide you with advance notice of any changes to this Policy and with an opportunity to object to such changes. If you exercise your right to object, the changes will not become effective with respect to your personal information, but your ability to use our services may be terminated or impaired. We will explicitly notify you of the consequences of objection or non-objection to the extent and in the manner required by law.

MISCELLANEOUS / CALIFORNIA DO-NOT-TRACK DISCLOSURE

We do not respond to browsers’ “Do Not Track” requests.

You may have a right to submit a complaint to the relevant supervisory data protection authority, pursuant to the law.

CONTACT US

You may contact us with any questions or comments, at: support@decopayments.com.  Our postal address is: 30 Kalisher Street, Tel Aviv, Israel, postal code 6525724.

Effective date of the policy: [DATE]

Last Updated: May 15, 2019

This notice applies to a U.S. consumer’s use of the Deco service to complete a transaction on a Merchant’s eCommerce Platform for personal, family, or household purposes.

Riskified Privacy Notice

FACTS

WHAT DOES RISKIFIED DO WITH YOUR PERSONAL INFORMATION?

Why?

Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.

What?

The types of personal information we collect and share depend on the product or service you have with us. This information can include:

  • Account balances
  • Transaction history and account transactions

How?

All financial companies need to share personal information to run their everyday business. In the section below, we list the reasons financial companies can share their personal information; the reasons Riskified chooses to share; and whether you can limit this sharing.

Reasons we can share your personal information

Does Riskified share?

Can you limit this sharing?

For our everyday business purposes —such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus

Yes

No

For our marketing purposes — to offer our products and services to you

Yes

No

For joint marketing with other financial companies

No

We don’t share

For our affiliates’ everyday business purposes — information about your transactions and experiences

Yes

No

For our affiliates’ everyday business purposes — information about your creditworthiness

Yes

No

For our affiliates to market to you

Yes

No

For nonaffiliates to market to you

No

We don’t share

Questions?

What we do?

How does Riskified protect my personal information?

To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings.

How does Riskified collect my personal information?

We collect your personal information, for example, when you

  • use Deco to purchase a good or service on a Merchant website
  • provide account information or pay your bills
  • use your debit or credit card

We also collect your personal information from others, such as credit bureaus, affiliates, or other companies.

Why can’t I limit all sharing?

Federal law gives you the right to limit only

  • sharing for affiliates’ everyday business purposes—information about your creditworthiness
  • affiliates from using your information to market to you
  • sharing for nonaffiliates to market to you

State laws and individual companies may give you additional rights to limit sharing. See below for more on your rights under state law.

Definitions

Affiliates

Companies related by common ownership or control. They can be financial and nonfinancial companies.

  • Our affiliates include companies with a Riskified name.

Nonaffiliates

Companies not related by common ownership or control. They can be financial and nonfinancial companies.

  • Riskified does not share with nonaffiliates so they can market to you.

Joint marketing

A formal agreement between nonaffiliated financial companies that together market financial products or services to you.

  • Riskified doesn't jointly market

Other important information

For California Residents

We will not share personal information with affiliates or nonaffiliates except as permitted by California law, such as to process your transaction or with your consent.

For Vermont Residents

We will not disclose information about your creditworthiness to our affiliates and will not disclose your personal information, financial information, credit report, or health information to nonaffiliated third parties to market to you, other than as permitted by Vermont law, unless you authorize us to make those disclosures. Additional information concerning our privacy policies can be found at www.decopayments.com.

Last updated: May 15, 2019