Privacy Policy

1. Introduction

This Privacy Policy describes how Dregs ("we", "us", "our") collects, uses, and protects information when you use our fraud detection platform ("Service"). This policy applies to you as a customer of Dregs (the person or organization operating a Dregs account). For information about how your end users' data is processed, see the Data Processing section below.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, and password (stored as a bcrypt hash). We also store your team name, billing email, and API credentials.

Data You Submit

Through the Dregs tracking script and API, you submit data about your end users, including: event data (page views, actions, form submissions), device information (browser fingerprints, user agents, IP addresses), and identity information (user identifiers, names, emails, and other profile data you choose to send).

You are the data controller for this data. We process it on your behalf to provide fraud detection scoring and analysis.

Automatically Collected Information

When you use the Dregs dashboard, we collect standard web server logs including IP addresses, browser type, and pages visited. We use the Dregs tracking script on our own website to analyze visitor behavior.

3. How We Use Information

We use collected information to:

• Provide and operate the Service, including fraud detection scoring and identity analysis
• Authenticate your access and secure your account
• Send transactional emails (account confirmation, password resets, team invitations, alert notifications)
• Improve the Service, including training and refining our analysis algorithms
• Detect and prevent abuse of the Service itself

4. Data Processing and Third Parties

We use the following third-party services to operate the platform:

• Amazon Web Services (AWS) — Infrastructure hosting and email delivery (SES)
• Anthropic — AI-powered identity review analysis (when you request an LLM review, relevant identity data is sent to Anthropic's API for analysis)
• Stripe — Payment processing for paid subscriptions

We do not sell your data or your end users' data to third parties. We do not use your data for advertising purposes.

5. Data Retention

We retain your account data and submitted tracking data for as long as your account is active. When your account is deactivated (due to trial expiry, cancellation, or deletion), your data is retained for a limited period to allow for reactivation, after which it is permanently deleted.

You may request deletion of your account and associated data at any time through the account settings in the dashboard.

6. Data Security

We implement appropriate technical and organizational measures to protect your data, including: encryption in transit (TLS), password hashing (bcrypt), JWT-based authentication, rate limiting, and role-based access controls. API credentials use format-validated keys with origin restrictions.

7. Cookies and Tracking

The Dregs dashboard uses session storage (not cookies) for authentication. The Dregs tracking script, when installed on your website, uses device fingerprinting techniques to identify devices. It does not use cookies. You are responsible for disclosing the use of the Dregs tracking script to your end users in accordance with applicable privacy laws.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Object to or restrict certain processing
• Data portability

To exercise these rights, contact us at the email address below or use the account management features in the dashboard.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes take effect constitutes acceptance.

10. Contact

If you have questions about this Privacy Policy or your data, please contact us at privacy@dregs.com.