Privacy, evidence, and identity protection

It applies to website visitors, registered users, reporters, verified profile holders, affected profile subjects, businesses, API customers, support requesters, and anyone submitting information to CheckKaroo.

This policy should be read with the Terms and Conditions, Refunds and Cancellations policy, product notices, verification consent screens, and any enterprise agreement.

If a separate enterprise agreement applies, it may include additional data protection, security, retention, audit, and confidentiality obligations.

Account data may include name, phone number, email address, login method, profile status, plan, preferences, and support communication history.

Identifier data may include phone numbers, emails, UPI IDs, bank account references, social handles, profile URLs, vehicle numbers, business identifiers, and related metadata.

Report data may include scam category, description, evidence files, transaction IDs, dates, amounts, chat excerpts, profile links, bank/payment references, and complaint status.

Technical data may include IP address, device identifiers, browser details, approximate location, session logs, rate-limit signals, fraud-prevention signals, and audit logs.

Aadhaar, PAN, passport, face liveness, bank, and similar details should be processed using masking, encryption, tokenized verification status, restricted access, and secure storage.

Private document numbers, full identity documents, intimate images, private addresses, passwords, OTPs, and unrelated personal data should not be publicly displayed.

Evidence may be stored to support moderation, dispute handling, fraud pattern detection, legal defense, safety alerts, and cybercrime escalation workflows.

CheckKaroo may remove, redact, blur, crop, or mask evidence that exposes unnecessary private information.

To create and manage accounts, authenticate users, send OTPs, process verification checks, issue badges, and maintain profile status.

To review scam reports, detect duplicates, classify fraud categories, calculate risk scores, moderate evidence, handle appeals, and notify affected users where appropriate.

To prevent abuse, spam, fake reports, bot activity, account takeover, payment fraud, rate-limit evasion, and misuse of the platform.

To improve AI fraud detection, reverse-image matching, duplicate identity signals, reputation models, and safety workflows while reducing unnecessary personal exposure.

Public or semi-public outputs may include masked identifiers, fraud category labels, risk levels, verification status, complaint counts, evidence summaries, and dispute status.

A result may be hidden, rate-limited, restricted, blurred, redacted, or withheld when privacy risk, evidence quality, legal risk, or moderation status requires it.

Raw evidence, full document numbers, private contact details, and unrelated personal data should remain restricted unless disclosure is legally required or specifically authorized.

Risk signals are informational and may change after moderation, new evidence, verification, dispute review, or official escalation.

Service providers may process hosting, storage, analytics, OTP, email, payment, security, verification, moderation, and support workflows under appropriate controls.

Information may be disclosed to law enforcement, cybercrime authorities, banks, regulators, payment providers, legal advisors, or affected platforms where required by law or necessary for fraud response.

Enterprise API customers may receive trust signals according to the product configuration, agreement, permissions, and privacy restrictions.

CheckKaroo should not sell raw sensitive identity documents or evidence files as advertising data.

Account data may be retained while the account is active and for a reasonable period after closure where needed for legal, safety, audit, or billing purposes.

Reports, evidence, verification records, risk decisions, dispute trails, and audit logs may be retained where necessary to investigate fraud, defend decisions, prevent repeat abuse, or comply with law.

Users may request deletion, correction, or masking, but requests may be limited where retention is needed for unresolved disputes, active investigations, legal obligations, or platform safety.

Backups and logs may persist for limited technical periods before routine deletion or overwrite.

Recommended controls include encryption in transit and at rest, secure evidence storage, role-based access, audit logs, rate limiting, OTP abuse prevention, session security, and vulnerability monitoring.

Admin and moderation access should be limited, logged, reviewed, and protected with strong authentication and permission boundaries.

No digital platform can guarantee absolute security. Users should protect passwords, devices, emails, phone numbers, payment apps, and OTPs.

Requests should include the affected account, URL, identifier, report ID, reason for request, and proof of identity or authority where required.

CheckKaroo may ask for additional information to prevent fraudulent takedown attempts or unauthorized access to someone else's data.

Some requests may be refused or limited where disclosure would harm safety, expose another person's privacy, interfere with a dispute, or conflict with legal obligations.

Users must not upload child sexual abuse material, intimate images of minors, exploitative material, or private identity documents of minors.

Reports involving minors, sextortion, coercion, or immediate harm may be restricted, escalated, removed, or directed to appropriate official channels.

If you believe a child or vulnerable person is in immediate danger, contact emergency services or the relevant authority first.

Material changes may be communicated through the website, product notices, account messages, or email where appropriate.

The effective date at the top of this page indicates the latest policy version.

Continued use after an update means the updated policy applies to your use of CheckKaroo.