Privacy Policy

Last updated:

1. Who we are

Fraudcraft Academy ("Fraudcraft," "we," "us") provides interactive, case-based training for fraud professionals. This policy applies to the Fraudcraft Academy web application and the fraudcraft.org website. You can reach us at hello@fraudcraft.org.

2. Information we collect

Information you provide

• Account details: the display name, email address, and password you provide when you create an account. Passwords are handled by our authentication provider and stored in hashed form; we never see or store your password in plain text.
• Messages you send us: if you email us or use a contact form, we keep that correspondence so we can respond.

Information generated as you use the Academy

• Training activity: the cases you complete, your scores, the decisions you make within a case, time taken, and any duel results. This is what powers your progress, rankings, and the team console.
• Basic technical data: standard information your browser sends when loading a web page (such as general device and browser type). We do not use advertising trackers or third-party marketing cookies.

3. How we use your information

• To create and maintain your training account.
• To record your progress, scores, and rankings, and to power head-to-head case duels.
• To provide the team console to fraud leaders and L&D administrators within your organization, including completion and performance summaries.
• To respond to your questions and support requests.
• To maintain the security and reliability of the service.

We do not sell your personal information, and we do not use it for third-party advertising.

4. How your information is stored

Account and training data is stored using Supabase, a hosting and database provider, which stores data on its cloud infrastructure and applies access controls and encryption in transit. The static website and application are served through a web hosting provider. We rely on these providers' security practices in addition to our own access controls.

5. Who can see your data

Fraudcraft Academy is designed for teams. Depending on how your organization uses it, the following may apply:

• Other members of your organization's team may see your display name, training progress, scores, and rankings within the team console and leaderboard.
• We access data only as needed to operate and support the service.
• We may share information with our service providers (such as Supabase and our web host) strictly to deliver the service, and where required by law.

6. Data retention

We keep your account and training data for as long as your account is active. If you'd like your account and associated data deleted, email us at hello@fraudcraft.org and we will action the request.

7. Your choices and rights

• You can request a copy of the personal data associated with your account.
• You can request correction of inaccurate information.
• You can request deletion of your account and data.

To exercise any of these, contact hello@fraudcraft.org. Depending on where you live, you may have additional rights under laws such as the GDPR or CCPA; we will honor applicable rights on request.

8. Children

Fraudcraft Academy is a professional training tool intended for adults. It is not directed to children, and we do not knowingly collect information from anyone under 16.

9. Changes to this policy

We may update this policy as the product evolves. When we make material changes, we'll update the date at the top of this page. Continued use of the Academy after a change means you accept the updated policy.

10. Contact

Questions about this policy or your data? Email hello@fraudcraft.org.