PeoplesShield Fraud Detection - Privacy Policy
Last Updated: January 5, 2026
1. Introduction
PeoplesShield Fraud Detection ("we," "our," or "us") is committed to protecting the privacy and security of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our fraud detection application for Stripe merchants.
1.1 Stripe Data Processing Compliance
This app complies with Stripe's Data Processing Agreement (DPA) and App Marketplace Agreement. PeoplesShield operates as a service provider processing data according to Stripe's requirements.
2. Information We Collect
2.1 Payment Data
When analyzing payments for fraud, we access only data necessary for fraud prevention:
- Customer email addresses (for verification and spam detection)
- Customer phone numbers (for validation and carrier lookup)
- Transaction amounts and currency (for anomaly detection)
- CVC and AVS verification results (for fraud pattern analysis)
- Customer IP addresses (for geolocation, VPN, and Tor detection)
- Payment timestamps (for velocity and botnet detection)
2.2 Information We Do NOT Collect
- Full credit card numbers
- Bank account details
- Social Security numbers or government IDs
- Passwords or authentication credentials
- Card CVV/CVC codes (only verification results)
3. Our 17 Fraud Detection Tools
PeoplesShield analyzes payments using the following tools:
- CVC Check: Analyzes card security code verification results
- AVS Check: Analyzes address verification results
- Card Testing Detection: Identifies rapid failed transactions indicating stolen card testing
- Failed Transaction Velocity: Detects unusual patterns of declined payments
- Refund Pattern Monitoring: Identifies suspicious refund activity
- Email Blacklist: Checks against merchant-reported fraudulent emails
- Phone Blacklist: Checks against merchant-reported fraudulent phone numbers
- Disposable Email Detection: Identifies temporary/throwaway email addresses
- IP Enrichment: Determines customer location and ISP information
- Email Intelligence: Checks spam databases and validates deliverability
- Phone Intelligence: Validates phone numbers and detects VOIP
- GeoIP Correlation: Identifies high-risk countries and location anomalies
- VPN/Proxy/Tor Detection: Identifies customers using anonymizing services
- Transaction Velocity: Tracks order frequency per customer
- Amount Anomaly Detection: Flags unusual transaction values
- Store Velocity (Botnet Detection): Detects sudden transaction spikes indicating automated attacks
- Rapid Fire Detection: Catches bot patterns placing orders faster than humanly possible
4. Third-Party Sub-Processors
We use the following sub-processors to provide fraud detection services. All data transfers are encrypted.
| Sub-Processor |
Purpose |
Data Shared |
| IPinfo.io | IP geolocation & VPN detection | IP addresses only |
| IPLocate.io | IP geolocation & VPN detection | IP addresses only |
| ipgeolocation.io | IP geolocation lookup | IP addresses only |
| MaxMind GeoIP2 | IP geolocation database | IP addresses only |
| CleanTalk | Email spam detection | Email addresses only |
| Telnyx | Phone number validation | Phone numbers only |
| VeriPhone | Phone number validation | Phone numbers only |
| Google DNS | DNS leak detection | IP addresses only |
| Cloudflare DNS | DNS leak detection | IP addresses only |
| GitHub (disposable lists) | Disposable email detection | None (list download only) |
| Tor Project | Tor exit node list | None (list download only) |
| Railway.app | Backend infrastructure | Encrypted app data |
5. How We Use Information
We use collected information exclusively for:
- Analyzing payments for fraud indicators specific to YOUR account
- Detecting patterns of fraudulent behavior
- Providing fraud risk assessments and alerts
- Maintaining merchant-specific blacklists when you report fraud
Data Isolation: Each merchant's data is completely isolated. We do NOT share customer data between merchants or use data from one merchant to analyze another merchant's payments.
6. Data Retention
- Fraud Analysis Logs: 90 days - for pattern analysis and dispute support
- Blacklist Entries: Until removed by merchant or app uninstallation
- Cached API Data: 24-72 hours for performance
- All Data: Permanently deleted within 30 days of app uninstallation
7. Data Security
- TLS/HTTPS encryption for all data transmissions
- Encrypted database storage at rest
- Rate limiting to prevent abuse (100 requests/minute)
- Input validation on all API endpoints
- No storage of sensitive card data
8. Data Subject Rights (GDPR/CCPA)
Under data protection laws, individuals have rights to access, correct, delete, and restrict processing of their data.
8.1 How to Exercise Rights
For Customers: Submit data requests directly to the merchant (Stripe account owner). As the Data Controller, merchants are responsible for fulfilling these requests.
For Merchants: Contact us at support21@peoples-shield.com for assistance with data requests. We will respond within 30 days.
9. International Data Transfers
Data may be transferred to and processed in the United States. We ensure appropriate safeguards including Standard Contractual Clauses with sub-processors.
10. Uninstalling the App
You can uninstall PeoplesShield at any time from your Stripe Dashboard under Apps. Upon uninstallation:
- All API access is immediately revoked
- Your merchant-specific data will be deleted within 30 days
- Blacklist entries will be permanently removed
11. Changes to This Policy
We may update this policy and will notify you by:
- Posting updates on this page
- Updating the "Last Updated" date
- Notifying through the Stripe App listing for significant changes
12. Contact Information
For questions about this Privacy Policy: