Ravelin Technology Limited Service Privacy Policy

Ravelin Technology Limited (“Ravelin”, “we” or “us”) helps online businesses (our “Clients”/ “you”) detect and address fraud and other malicious behaviour on their digital properties. In doing so, we collect information about how Internet users (“Users”) interact with our Clients’ digital properties such as their websites and mobile applications (their “Sites”). The following Ravelin Service Privacy Policy (“Service Privacy Policy”) outlines what information we collect via our Service, how we use and disclose it, and who to contact if you have questions.


Ravelin is committed to ensuring that your privacy is protected. If you provide us with personal data, then you can be assured that it will only be used in accordance with this privacy statement.
Ravelin may change this Service Privacy Policy from time to time. This policy is effective from November 2014.

For the purposes of the Data Protection Act 1998, the data controller is Ravelin Technology Limited of 2nd Floor, 33 Bowling Green Lane, London EC1R 0BJ.


Data collected via the Service

The information we collect via the Service includes:


1. Client-Provided Information: Most of our Clients share information with us via an Application Programming Interface (“API”). While our Clients control the information they provide to our Service, and each Client shares different pieces of information with us, the types of information they share generally includes information collected from the computers and similar devices operated by their Users visiting their Sites.  For example, Clients may provide us with:


  • - Personal data such as email addresses, postal addresses, user login names or other unique customer identifiers and telephone numbers.
  •  - Site usage information such as the IP addresses of the device utilized by our Clients’ Users to visit their Sites, the pages viewed by their Users, the items viewed, items bid on, items placed in a shopping cart, and items purchased by those Users as well as other Site-specific metadata.
  •  - Site transaction information such as the price paid, billing method, the credit card BIN number, the last four digits of a credit card number, and whether a chargeback was issued or an order was cancelled.
  •  - Site communication information such as certain User feedback provided on Sites, including comments their Users submit through such Sites (including the contents of private messages and information pertaining to the recipient of such messages).

We generally don’t place limits on the types of information that our Clients may provide to us, but do ask our Clients to refrain from providing us with sensitive information such as information they knowingly collect from persons under 13, complete credit and debit card numbers, social security numbers and other government identifiers. 


2.  Automatically Collected Information: Our Clients place JavaScript code onto their Sites that enable the Service to collect information from their Users automatically. Our Clients have control over the JavaScript tag and may remove or disable it at any time. The information collected automatically via the Service includes information about their Users’ computers and other devices, such as: the types and number fonts installed, the types and number of fonts, the types and number of plugins installed, MIME types supported, version strings for Windows Media Player, Flash, PDF, VLC, SVG, Real Player, Shockwave, Silverlight, Java and QuickTime. The Service also automatically collects information about the device’s screen width, height and colour depth, the operating system in place on the device, the user agent, and the time zone.


3.  Cookies and Web beacons: We use cookies and similar technologies in connection with the Service. Cookies are small text files containing a string of alphanumeric characters. When a User accesses one of the Sites operated by our Clients, we may send one or more cookies to the User’s computer. Cookies allow us to automatically log certain information about the configuration of Users’ computers, mobile devices and web browsers, inform us of referring URLs and otherwise inform us about Users’ visits to Sites. This may enable us to uniquely identify those Users’ computers, devices and/or browsers when they access any Sites across the Internet or access any of the Sites utilizing our Service. We may use both "session" and "persistent" cookies to collect, store, and otherwise keep track of various types of information pursuant to providing the Service. This means that even if a User were to disable cookies, we may still be able to identify that User’s web browser, computer or mobile device on the Internet when that User accesses any of their Sites that use our Service.

Use of Data Collected by the Service

Our Service collects and stores the raw data pertaining to Users as described above, including any individual identifiers and personally identifiable information (the “Raw Data”). We will initially train our machine learning model, using our proprietary analytics algorithms to analyse and process the Raw Data. Based on this analysis, we expect eventually to be able to provide our Clients with an assessment of the relative risk that a particular User transaction or other User activity may be unauthorized or fraudulent ("Risk Assessment") in the form of a fraud score and dashboard. Pursuant to providing the Service, we will combine and analyse data related to a User from multiple sources, including the data obtained across all or most of our Clients in order to compute a more comprehensive Risk Assessment. We may compile into a database the Raw Data and the data related to a User from multiple sources, which will be accessible by our Clients in a secure and anonymous way. Our Clients will only be permitted to use such Raw Data to evaluate whether or not to allow a User to use its services and/or complete an applicable transaction or other User request to the Site.  We will use the anonymised Raw Data stored within the database to make decisions by automated means.  We may allow our agents and contractors to assist us in storing, analysing or processing information and ensure that their privacy and security practices are at least as stringent as ours.

We use Raw Data for our internal business purposes in operating, developing, enhancing, maintaining, supporting, and providing the Service and our other products and services, including to other Clients. All analytical results and Risk Assessments that we generate through or in connection with the Service using Raw Data, whether alone or in combination with data from other sources, are and will remain our property and may be used and disclosed by us in our discretion.


Disclosure and Onward Transfer of Data

Except as otherwise described in these terms, we do not sell, distribute, or otherwise disclose any Raw Data to any third party except to our agents and contractors that provide services to help us manage and provide the Service or claim ownership of the Raw Data.

Ravelin may disclose any information in our systems if we believe that doing so is legally required or is in our interest to protect our property or other legal rights (including, but not limited to, enforcement of our agreements), or the rights or property of others, or otherwise to help protect the safety or security of other persons, entities, facilities, equipment or the Service. Ravelin may transfer information to a successor entity in connection with a corporate merger, consolidation, sale of assets, bankruptcy, or other corporate change.


Security, Data Integrity

We are committed to ensuring that your information is secure. Ravelin has implemented reasonable physical, technical, and managerial safeguards in an effort to protect information from unauthorized access, disclosure, alteration, and destruction. These include firewalls and encryption, internal reviews of our data collection, storage and processing practices and security measures, as well as physical security measures to guard against unauthorized access to systems. We will take reasonable steps to ensure a level of security appropriate to the harm that might result from unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected. We restrict access to information to employees, contractors and agents who need to know that information in order to operate, develop or improve our Service. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination, if they fail to meet these obligations. Despite our efforts, however, we cannot and do not guarantee the security of the information we collect from either our Clients or Users; nor can we guarantee that such information will not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.

We process information in a way that is compatible with and relevant for the purpose for which it was collected. To the extent necessary for those purposes, we take reasonable steps to ensure that any information in our care is accurate, complete, current and reliable for its intended use.


Subject access requests and contact information

You may request details of personal information that we hold about you under the Data Protection Act 1998. A small fee will be payable. If you would like a copy of the information held on you please write to Ravelin Technology, 33 Bowling Green Lane, London EC1R0BJ.

If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.


Policies of our Clients

Our Clients are responsible for ensuring and maintaining their compliance with their privacy policies and other applicable terms or policies, third party contracts, rights of privacy, and any other applicable laws or regulations in connection with their use of the Service. We encourage our Clients to describe their use of the Service and other technologies that collect user information in their respective privacy policies. We also encourage everyone to view the privacy policy of any website they visit. Ravelin is not responsible for the privacy practices of our Clients or any site we do not own or control.


Where we store your personal data

The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). All information you provide to us is stored on our secure servers. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.