FraudiantBack to Home

GDPR Compliance

How Fraudiant ensures full compliance with the EU General Data Protection Regulation through our zero-storage architecture.

GDPR Principles We Follow

Data Minimization
We collect and process only the minimum data necessary to perform email validation. Email addresses are validated in real-time and never stored in our systems.
Purpose Limitation
Data is processed solely for the purpose of email validation and fraud detection. We never use data for any other purpose or share it with third parties.
Storage Limitation
We maintain zero data storage. Email addresses and validation results are processed in memory and immediately discarded after the API response is sent.
Integrity & Confidentiality
All data in transit is encrypted using TLS 1.3. Our infrastructure is SOC 2 Type II certified with 24/7 security monitoring.

Data Subject Rights

Right to Access

Since we do not store any personal data, there is no data to access. All validation requests are processed in real-time without retention.

Right to Erasure

Our zero-storage architecture means data is automatically erased immediately after processing. There is no data to delete as nothing is retained.

Right to Data Portability

As we do not store personal data, there is no data to port. You maintain full control of all data sent to our API.

Right to Object

You can stop using our service at any time. Since we don't store data, there is no ongoing processing to object to once you stop making API requests.

Data Processing Agreement (DPA)

Fraudiant acts as a data processor when you use our service. We have a standard Data Processing Agreement (DPA) available for all customers that outlines our responsibilities and commitments under GDPR.

Key provisions of our DPA include:

  • Processing instructions and limitations
  • Security measures and encryption standards
  • Sub-processor agreements and notifications
  • Data breach notification procedures
  • Assistance with data subject requests
  • Deletion and return of data (not applicable due to zero storage)

International Data Transfers

Our infrastructure is hosted in EU data centers by default. For customers requiring specific geographic processing, we offer regional endpoints in:

  • European Union (Frankfurt, Germany)
  • United States (Virginia, USA)
  • Asia Pacific (Singapore)

All data transfers between regions are encrypted and comply with GDPR requirements for international data transfers, including Standard Contractual Clauses (SCCs) where applicable.

GDPR Questions?

Our Data Protection Officer is available to answer any questions about GDPR compliance, data processing, or privacy practices.

View Privacy Policy