Privacy Policy
1. Who We Are
BurnerBlocker ("we", "us", "our") operates the BurnerBlocker API, a transaction fraud-detection service available at api.burnerblocker.com. This Privacy Policy explains how we collect, use, and protect information when you use our Service or visit our website.
2. Information We Collect
Account information: When you subscribe, we collect your email address and payment information (processed by Paddle — we never see your full card number).
Transaction data sent via the API: When you call our API, you send us data about your end users' transactions. This may include:
| Data | Purpose | Retention |
|---|---|---|
| Email address | Disposable domain check, velocity tracking | Not stored after scoring |
| IP address | Tor, VPN, proxy, and geo-risk analysis | Logged in usage records (90 days) |
| BIN (first 6 digits) | Card risk and carding detection | Not stored after scoring |
| Phone number | Format validation | Not stored after scoring |
Usage logs: We record the API key used, IP address scanned, risk score, verdict, and timestamp for each API call. This is used for billing, debugging, and providing your usage dashboard.
3. How We Use Your Information
- To provide and operate the fraud-detection Service.
- To manage your account, billing, and API keys.
- To send you your API key and service-related emails.
- To monitor and enforce rate limits and acceptable use.
- To improve the accuracy and performance of our detection engines.
4. What We Do NOT Do
- We do not sell your data or your end users' data to third parties.
- We do not use transaction data for advertising or marketing profiling.
- We do not store full credit card numbers, CVVs, or passwords — ever.
5. Third-Party Processors
We use the following third-party services:
- Paddle — Payment processing and subscription management (Merchant of Record). Paddle's privacy policy applies to payment data.
- Resend — Transactional email delivery (sending you your API key).
- Railway — Infrastructure hosting.
6. Data Retention
- Account data (email, API keys): Retained while your account is active. Deleted within 30 days of account deletion request.
- Usage logs (IP, score, verdict): Retained for 90 days, then automatically purged.
- Transaction data (email, BIN, phone sent to API): Processed in memory for scoring and not persisted beyond the usage log.
7. Data Security
We use industry-standard measures to protect your data: encrypted connections (TLS), isolated infrastructure, and least-privilege access controls. API keys are generated using cryptographically secure random tokens.
8. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you.
- Request deletion of your account and associated data.
- Export your usage data.
- Object to processing.
To exercise any of these rights, email hello@burnerblocker.com.
9. Cookies
Our marketing website does not use cookies or tracking scripts. The API itself is stateless and does not set cookies.
10. Children
BurnerBlocker is a B2B service. We do not knowingly collect information from anyone under the age of 18.
11. Changes
We may update this Privacy Policy from time to time. We will notify you of material changes via email. Continued use of the Service constitutes acceptance.
12. Contact
Questions or concerns? Email us at hello@burnerblocker.com.