Privacy Policy

FROGO LTD (“FROGO”, “we”, “our”, “us”) – a professional software development and IT-consulting agency committed to upholding the highest standards of development, testing, technical support and sales activities related to the SaaS (Soft as a Service) Antifraud platform (Frogo) – cloud-based software service that helps detect, prevent, and respond to fraud, who is responsible for the collection, processing and use of your personal data within the meaning of Art. 4 No. 7 GDPR, Canada and US data protection laws on the website https://frogo.ai/ (the “Website”).

Data Controller – FROGO LTD, with its registered office in Limassol, Cyprus, address: Agiou Andreou, 102, SAINT ANDREWS CENTER, 5th floor, Flat/Office 1, 3036, Limassol. FROGO LTD is registered with the Cyprus Companies Registry under number: HE468335;

Personal data – any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Processing – any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collecting, recording, organizing, structuring, storing, adapting or modifying, retrieving, consulting, using, disclosing by transmission, disseminating or otherwise making available, matching or combining, restricting, deleting or destroying;

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);

CCPA/CPRA – a state-level privacy law that gives consumers the right to know, access, delete, and control how their personal data is used by businesses. (California Consumer Privacy Act/California Privacy Rights Act)

PIPEDA (Personal Information Protection and Electronic Documents Act) – a Canadian federal law that governs how private sector organizations collect, use, and disclose personal information in the course of commercial activities.

CalOPPA (California Online Privacy Protection Act) – a foundational state law that requires websites and online services to post a clear privacy policy, disclose their data collection practices, and state how users can control their information.

VCDPA (Virginia Consumer Data Protection Act) – a state-level privacy law that gives Virginia residents the right to access, delete, correct, and obtain a copy of their personal data, and to opt out of data sales, profiling, and targeted advertising.

UCPA (Utah Consumer Privacy Act) – a state-level privacy law that grants Utah consumers the right to access and delete their personal data, as well as opt out of targeted advertising and data sales.

Website – website run by us at https://frogo.ai/;

User – any person visiting the Website or using the services or functionalities described in this Privacy Policy.

By using our Website (whether or not you register or create any kind of account with us), you agree to accept the terms set forth in this Privacy Policy as well as in the Terms & Conditions.  Anyone that does not agree to the terms of this Privacy Policy and the Terms & Conditions, should not use Our Website. You agree that your only recourse should you not agree to the terms of this Privacy Policy and the Terms & Conditions shall be to discontinue using our Services and visiting our Website. By using our Services, you consent to having your Personal Data transferred to and processed by us and our third party vendors.

By using our Website and/or Services you consent to our Privacy Policy, as well as the limitation of liability, dispute resolution procedures, refund policy and all the other Terms & Conditions that form a binding agreement between you and us.

We shall be considered a data owner and Data controller in relationships with Data Subjects. We acknowledge the privacy of natural persons and make efforts to protect them against any unlawful Processing by applying relevant technical and organizational measures to protect Personal Data of natural persons in accordance with the effective legislation. Although we will make reasonable efforts to ensure safe Processing, we cannot guarantee it to be 100% secure and risk-free and you acknowledge and accept such risks.

We process Personal Data in a way that assures appropriate level of security, including protection against unauthorized Processing, destruction, accidental loss, or damage, while applying suitable organizational and technical measures under industry standards and in compliance with the following principles:

1. lawfully, fairly and transparently;
2. Processing is specified, explicit and only for legitimate purposes; Processing is adequate, relevant and limited to necessary purpose; accurate and kept up to date; limitation of the storage for periods not longer than necessary; Processing is done and the Personal Data is held in a manner that ensures appropriate security of the Personal Data.

When it comes to Processing, we will not discriminate against Data Subject rights.

We do not knowingly process Personal Data that relates to, or reveals, racial or ethnic origin, political opinions, religion or philosophical beliefs, trade union membership, genetic or biometric data, or data concerning the health, sex life or sexual orientation of the natural person.

We apply the following principles in order to protect your privacy: (a) we will not sell or lease your Personal Data to third parties; and (b) any Personal Data that you provide to us will be secured with industry-standard safety protocols and technology.

We process personal data based on one or more of the following legal bases:

1. Consent

We may process your personal data if you have given us explicit consent to use it for a specific purpose. Withdrawing your consent will not affect the lawfulness of any processing based on consent before its withdrawal. Consent must be freely given, informed, and unambiguous, and can be withdrawn at any time.

2. Performance of a Contract

We process your personal data when it is necessary to fulfill our contractual obligations to you. This includes using your data to provide services or products you have requested or taking necessary steps prior to entering into a contract. Processing is essential for performing or entering into a contract.

3. Legal Obligations

We may process your personal data where required to comply with legal obligations. This includes fulfilling statutory duties, cooperating with law enforcement, responding to regulatory authorities, or complying with court orders.

4. Vital Interests

We may process your personal data when it is necessary to protect the vital interests of yourself or others. This often applies in emergency situations involving health or safety.

5. Public Task or Official Authority

We may process personal data when necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

6. Legitimate Interests

We may process personal data based on our legitimate interests or those of a third party, provided this does not override your rights and freedoms. This includes processing data for marketing, fraud prevention, or business operations.

The Website may contain links to other websites of interest. However, once you have used these links to leave the Website, you should note that we do not have any control over that other website. Therefore, you agree to accept such risks and not hold us responsible for the protection and privacy of any information which you provide while visiting such sites and you understand such sites are not governed by this Privacy Policy. You should exercise caution and look at the privacy statement applicable to the website in question.

We shall respond to the verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will inform the Data Subject of the reason and extension period in writing. The response is free of charge unless it is excessive, repetitive, or manifestly unfounded.

In certain instances, personal data may be transferred to jurisdictions outside the country of residence of the data subject, including to jurisdictions that may not offer an equivalent level of data protection. In such cases, we take appropriate steps to safeguard personal data, including:

Standard Contractual Clauses (SCCs): We may implement SCCs approved by the European Commission to ensure that personal data transferred outside of the European Economic Area (EEA) is afforded an equivalent level of protection.

Adequacy decisions: Where applicable, we may rely on adequacy decisions issued by the relevant data protection authorities to transfer personal data to jurisdictions deemed to provide an adequate level of protection.

Binding Corporate Rules (BCRs): In some instances, we may rely on BCRs for intra-group transfers of personal data, ensuring that consistent data protection standards are adhered to across our global operations.

We ensure that adequate safeguards are in place to protect your personal data when it is transferred to another jurisdiction.

Your Personal Data will be kept for as long as is necessary to provide you with the requested service. When your Personal Data is no longer necessary to deliver the requested service, the Company will delete it as soon as possible, unless retaining your Personal Data is required by law for a certain period of time (e.g., for accountancy records).

We have no official right to collect any private information from persons who are not 18 yet. It is strictly prohibited to the Users under 18 to use Our Website and any of the Services offered by Our Company. As soon as We find out that the information presented by the User is not eligible because of the age limits, it will promptly be erased. We bear no responsibility in case if You are not old enough to use the Website. You must be of legal age to be in line with Our Privacy Policy, as well as with Our Terms and Conditions.

Alert Us in case one of Your children under 18 is using Our Website trying to get access to our services. We’ll take measures to block access to Our Website from Your IP address. All affiliate websites cooperating with Our Company will be blocked for your child as well.

According to the EU/EEA law (General Data Protection Regulation) U.S. laws (Including CCPA/CPRA, CalOPPA, VCDPA, CPAR, UCPA) and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), you have various rights regarding your personal data.

Right to acknowledgement and access

You have the right to receive confirmation from Us at any time as to whether personal data relating to you will be processed. If this is the case, you have the right to request from us free of charge information about the personal data stored about you together with a copy of this data.

If personal data are transferred to a third country or an international organization, you have the right to be informed of the appropriate guarantees in accordance with GDPR in connection with the transfer.

Right to correction

You have the right to request Us to correct any inaccurate personal data concerning you without delay.

Right for cancellation (“Right for oblivion”)

As a pursuant under GDPR, you have the right to demand that we delete personal data concerning you without delay, and we are obliged to delete personal data without delay if one of the following reasons applies:

1. personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
2. you file an objection to the processing pursuant to GDPR, and there are no overriding legitimate grounds for the processing, or you file an objection to the processing pursuant under conditions of GDPR.
3. you withdraw your consent, on which the processing was based pursuant according to GDPR, and there is no other legal basis for the processing.
4. the deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the Member States to which we are subject.

Right to limitation of processing

You have the right to request Us to restrict processing if one of the following conditions is met:

1. you dispute the accuracy of your personal data for a period of time that enables us to verify the accuracy of your personal data;
2. the processing is unlawful, and you have refused to delete the personal data and have instead requested the restriction of the use of the personal data;
3. We no longer need the personal data for the purposes of processing, but you do need the data to assert, exercise or defend legal claims, or
4. you have filed an objection against the processing pursuant according to GDPR, as long as it is not yet clear whether the justified reasons of our company outweigh yours.

Right to transferability of data

You have the right to receive the personal data concerning you that you have provided to us in a structured, current and machine-readable format, and you have the right to transmit this data to another person in charge without our interference, provided that

1. processing is based on consent or on a contract pursuant according to conditions of GDPR and US data protection laws.
2. processing is carried out using automated methods. When exercising your right to data transferability in accordance with paragraph 1, you have the right to request that the personal data be transferred directly by us to another person responsible, insofar as this is technically feasible.

Right of objection

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you on the basis of GDPR and US data protection laws; this also applies to profiling based on these provisions. We no longer process personal data unless we can prove compelling grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If We process personal data for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising.

You have the right to object to the processing of personal data concerning you, for scientific or historical research purposes or for statistical purposes in accordance with GDPR and US data protection laws, for reasons arising from your particular situation, unless the processing is necessary to fulfill a task in the public interest.

Automated decisions including profiling

You have the right not to be subject to a decision based exclusively on automated processing – including profiling – that has legal effect against you or significantly impairs you in a similar manner. An automated decision making based on the collected personal data does not take place.

Right to revoke consent under data protection law

You have the right to revoke your consent to the processing of personal data at any time.

Right of appeal to a supervisory authority

You have the right of appeal to a supervisory authority.

In particular, if you have EU/EEA residentship, and have a concern about our practices concerning the processing of Personal Data that we are not able to resolve, you have the right to lodge a complaint with the data protection authority where you reside or in which you work, or in which the alleged infringement occurred, each as applicable, or by contacting the authority for such issues, at https://edpb.europa.eu/about-edpb/about-edpb/members_en.

Your Rights as a California Resident

As a California resident, you may have certain rights in relation to your personal information.

Right to Know

You may have the right to know how we have collected, used and disclosed your personal information. Specifically, you may have the right to know:

• The categories of personal information we have collected about you.
• The categories of sources from which we have collected your personal information.
• The business or commercial purpose for which we collect, sell or share your personal information.
• The categories of third parties to whom we have disclosed your personal information.
• The categories of personal information that we disclosed for a business purpose and the categories of third parties to whom your personal information was disclosed for a business purpose.
• The categories of personal information we have “sold” to or “shared” with  third parties and the categories of third parties to whom we have “sold” or “shared” your personal information.

You may have the right to know the specific pieces of personal information we have collected about you.

Right to Make a Deletion Request

You may have the right to request that we delete your personal information that we have collected about you. Subject to certain exceptions, we must delete your personal information and direct any service provider or contractor to delete your personal information.

Right to Correct Inaccurate Personal Information

You may have the right to request that we correct inaccurate personal information about you, taking into account the nature of the personal information and the purposes of the processing of the personal information.

Right to Opt-Out of Sales of Personal Information

You may have the right to opt-out of the sale of your personal information.

Right to Opt-Out of Sharing of Personal Information

You may have the right to opt-out of us sharing your personal information for cross-context behavioral advertising purposes.

Right to Limit Use and Disclosure of Sensitive Personal Information

Subject to certain exceptions, you may have the right to limit our use and disclosure of your sensitive personal information. We do not use or disclose sensitive personal information in a manner that gives rise to this right.

Right to Non-Discrimination

You have the right to not be discriminated against by us for choosing to exercise your rights under the CCPA.

Other Rights: Notice to California Consumers

You have other rights under California’s “Shine the Light” law. California Civil Code section 1798.83, requires certain businesses to respond to requests from California customers asking about the businesses’ practices related to disclosing personal information to third parties for the third parties’ direct marketing purposes. Alternately, such businesses may have in place a policy not to disclose personal information of customers to third parties for the third parties’ direct marketing purposes if the customer has exercised an option to opt-out of such information-sharing. We have such a policy in place. As discussed above, if you wish to opt-out of our sharing of your information with third parties for the third parties’ direct marketing purposes, please contact the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs in writing at 1625 North Market Blvd., Suite N 112, Sacramento, California 95834 or by telephone at (800) 952-5210 or (916) 445-1254.

Categories of Data that We Hold about You

As mentioned above, We maintain data about you in only pseudonymized form, which means that we do not know your identity because we do not process your name, email address, or other identifiable information. Instead, we only process digital identifiers such as cookie IDs, IP addresses, mobile advertising IDs on your device, network browsing history and associated preferences, and in some limited circumstances, your hashed email address.

Why We Collect Your Personal Information

We process your Personal Information in order to provide Services and personalized advertisements to You.

Where do We Collect Your Personal Information

We automatically collect User Information when Users interact with our Services that appear on our Customers’ websites and digital properties. Like most other web-based services, we collect this User Information through cookies and other technologies. We may also obtain Information about you from our data partners.

We collect Information either directly from you during your use of our Sites and Services or from third parties that independently collect this Information from you, and we may combine the Information that we collect from these various sources. For more information about these collection methods, please see Sections above.

How do We Share Your Personal Information

We may disclose or make available your pseudonymous Personal Information to our trusted partners. In most cases when we do so, we have contractually restricted their uses of this data for only Our business purposes. Under the CCPA, such disclosures of Personal Information to service providers are not deemed to be a “sale” and thus are not prohibited after you exercise your right to cease or restrict disclosures or sales of your Personal Information to third parties. In any instances where we have not entered into a service provider relationship with such third parties, we will stop sharing your Personal Information when you instruct us not to “sell” your Personal Information.

CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law’s reach stretches well beyond California to require a person or company in the United States (and conceivably the world) that operates websites collecting personally identifiable information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals with whom it is being shared, and to comply with this policy.

• Users can visit our site anonymously;
• Once this privacy policy is created, we will add a link to it on our home page, or as a minimum on the first significant page after entering our website;
• Our Privacy Policy link includes the word ‘Privacy’, and can be easily found on the page specified above.

Users will be notified of any privacy policy changes on our Privacy Policy Page.
Users are able to change their personal information by emailing us.

Your Rights as a Virginia Resident

As a Virginia resident, you may have certain rights in relation to your personal data.

Right to Confirm

You may have the right to confirm whether we process your personal data and to access such personal data.

Right to Delete

You may have the right to request that we delete your personal data that we have collected about you. Subject to certain exceptions, we must delete your personal data.

Right to Correct Inaccurate Personal Data

You may have the right to request that we correct inaccurate personal data about you, taking into account the nature of the personal data and the purposes of the processing of your personal data.

Right to Opt-Out of Processing of Personal Data for Targeted Advertising

You may have the right to opt-out of the processing of your personal data for purposes of targeted advertising.

Right to Opt-Out of the Sale of Personal Data

You may have the right to opt-out of the sale of your personal data.

Right to Opt-Out of Profiling

You may have the right to opt-out of the processing of your personal data for profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.

Right to Obtain a Copy of Your Personal Data

You may have the right to obtain a copy of your personal data that you previously provided to us.

Right to Non-Discrimination

You have the right to not be discriminated against by us for choosing to exercise your rights under the VCDPA

Your Rights as a Colorado Resident

Right to Access

You have “the right to confirm whether a controller is processing personal data concerning the consumer and to access the consumer’s personal data.”

Right to Correction

You have “the right to correct inaccuracies in the consumer’s personal data, taking into account the nature of the personal data and the purposes of the processing of the consumer’s personal data.”

Right to Delete

You  have “the right to delete personal data concerning the consumer.”

Right to Data Portability

You have “the right to obtain personal data in a portable and, to the extent technically feasible, readily usable format that allows the consumer to transmit the data to another entity without hindrance.”

Right to Opt-Out

Consumers have “the right to opt-out of the processing of personal data concerning the consumer for purposes of:

• targeted advertising
• the sale of personal data
• profiling in furtherance of decisions that produce legal or similarly significant effects concerning a consumer.”

Right to Appeal

According to the Colorado Privacy Act regulations, Your request must be responded to within 45 days of receipt. The covered entity may subsequently extend that deadline by an additional 45 days if they are able to show reasonable necessity. However, when the deadline is extended, You must be notified by Us within the initial 45-day response period.

Notice to individuals in the State of Utah

Right to access, including confirming whether a controller is processing their data, and the ability to request and receive that data;

Right to deletion of personal data, if the data subject directly provided the data to the controller;

Right to portability, obtaining a copy of their personal data that they provided to the controller, in a format that is:

• portable to a technically reasonable extent
• readily usable to a practical extent
• enables the consumer to transmit the data to another controller reasonably easily, where the processing is carried out by automated means.

Right to opt out of certain processing, specifically for the sale of the personal data or the purposes of targeted advertising;

Some rights that are present in other US state-level laws, but absent from the UCPA, include the right to opt out of profiling and the right to correct (to request and have omissions or inaccuracies in one’s personal data corrected).

We under the Utah privacy law are not required to recognize “universal opt-out signals” as a method for consumers to opt out of data processing.

We are committed to protecting the personal information of individuals located in Canada in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA).

Under PIPEDA, you have the right to access your personal information held by us and to request correction of any inaccuracies. We collect, use, and disclose personal information only for purposes that a reasonable person would consider appropriate in the circumstances, and we ensure that the information is accurate, up to date, and securely protected.

As part of our commitment to privacy, we follow the ten Fair Information Principles under PIPEDA, which include:

Accountability – We are responsible for all personal information in our possession and have designated a Privacy Officer.

Identifying Purposes – We inform you of the purposes for which we collect personal data at or before the time of collection.

Consent – We obtain your informed consent before collecting, using, or disclosing your personal information.

Limiting Collection – We collect only the information necessary for the identified purposes.

Limiting Use, Disclosure, and Retention – We use or disclose your information only for the purposes you consented to and retain it only as long as necessary.

Accuracy – We take steps to ensure that personal information is accurate and complete.

Safeguards – We protect your personal information with appropriate technical and organizational security measures.

Openness – We make our privacy policies and practices readily available.

Individual Access – Upon request, we will inform you of the existence, use, and disclosure of your personal information and provide access to it.

Challenging Compliance – You may challenge our compliance with PIPEDA by contacting our Privacy Officer.

If you are a resident of Canada and wish to request access to your personal data, correct any information we hold, or file a privacy complaint, please contact our Privacy Officer at [email protected].

We will respond to all privacy-related requests in accordance with PIPEDA’s timeframes and obligations.

The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.

We collect your email address in order to:

• Send information, respond to inquiries, and/or other requests or questions;
• Process orders and to send information and updates pertaining to orders;
• We may also send you additional information related to your product and/or service.
• To be in accordance with CAN SPAM we agree to the following:
• NOT use false, or misleading subjects or email addresses;
• Identify the message as an advertisement in some reasonable way;
• Include the physical address of our business or site headquarters;
• Monitor third party email marketing services for compliance, if one is used;
• Honor opt-out/unsubscribe requests quickly;
• Allow users to unsubscribe by using the link at the bottom of each email.

Cookies

We use so-called service cookies primarily to provide the User with services provided electronically and to improve the quality of these services. In connection with this, the Data Controller and other entities providing analytical and statistical services to the Data Controller use cookies, storing information or accessing information already stored in the User’s telecommunications terminal device (computer, telephone, tablet, etc.). Cookies used for this purpose include:

• to distinguish unique users by assigning a randomly generated ID. Enables calculation of visitor, session, and campaign data;
• to maintain session state for a specific GA4 property. Helps track user interactions across pages within a session.

Google Analytics

We use Google Analytics analytical tools, which collect information about website visits, such as the subpages you have viewed, the time you spent on the website or the time spent switching between individual subpages. For this purpose, Google LLC cookies are used for the Google Analytics service. As part of Google Analytics, demographic data and data on interests are collected. Neither the Data Controller nor Google uses the collected data to identify the User nor does it combine this information to enable your identification. Detailed information on the scope and principles of data collection in connection with this service can be found at the link: https://www.google.com/intl/eng/policies/privacy/partners.

Social networking sites

The Data Controller processes personal data of Users visiting our profiles in social media (Linkedin, Facebook, Instagram). This data is processed solely in connection with maintaining the profile, including for the purpose of informing Users about our activity and promoting various types of events, services and products. The legal basis for the processing of personal data by the Data Controller for this purpose is its legitimate interest (Article 6, paragraph 1, letter f of the GDPR) consisting in promoting its own brand.

 Categories of personal data processing

The Data Controller processes the following categories of Personal Data belonging to persons contacting the Data Controller or persons with whom the Data Controller contacts:

• identification data (in particular: name and surname, company name, tax number),
• contact details (e-mail, telephone number, nickname in messenger or social media),
• information obtained when using our Website, in particular text files,
• other data provided by you voluntarily in any form – necessary for the purpose for which they were provided.

All data is obtained by the Data Controller in the following manner:

• information provided voluntarily and directly by you or other provide about you (e.g. in the any contact form on the Website);
• information obtained when using our Website, in particular text files;
• data of employees or associates of the Controller’s business partners (contractors, subcontractors) – come directly from them or from their employer/entity they represent;
• from publicly available sources, in particular databases and registers

Personal data is provided voluntarily. However, refusing to provide it may result in the inability to use the site’s functionality, including processing an inquiry submitted via a form, receiving a newsletter or other marketing communications.

Lack of consent to the use of cookies or its withdrawal may result in limited functionality of the Website.

FROGO reserves the right to update this Privacy Policy as necessary to reflect changes in our practices or for other operational, legal, or regulatory reasons.

Any significant updates will be communicated via our Website or direct notification to affected individuals.

This Privacy Policy is effective as of 19 May 2025.