CHEQ Raises $150 Million, led by Tiger Global

Learn More

Data Privacy

Data privacy compliance framework

Our client's data and information privacy are our top priority.
CHEQ is working on a daily basis in order to maintain compliance with
the GDPR/CCPA and other relevant privacy frameworks.

CHEQ’s GDPR and CCPA compliance:

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas. The GDPR’s primary aim is to give individuals control over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

The California Consumer Privacy Act of 2018 (CCPA) gives consumers more control over the personal information that businesses collect about them and the CCPA regulations provide guidance on how to implement the law.
Personal information is information that identifies, relates to, or could reasonably be linked with you or your household. For example, it could include your name, social security number, email address etc..
Personal information does not include publicly available information that is from federal, state, or local government records, such as professional licenses and public real estate/property records.

Personal data collection:
CHEQ uses the IP address, together with other data points (which are not considered personal data), to determine whether a session is fraudulent, and once such determination is made, to block the user from further access to the customer’s website. If a customer opts to use the product in order to track fraudulent ad serves for the purpose of reconciling ad spend, the data collected will be used for such purpose as well.

Third party data collection:
CHEQ shares the data collected through its product with a limited number of third party services providers as necessary for the operation of the product, namely our hosting provider. Certain optional features of the CHEQ product offering, which are not part of CHEQ’s core offering, may include additional transfers, as described in relevant feature documentation.

Personal data transfer and hosting:
Personal data collected by the product is stored in AWS, in its facilities in the US and EU, under AWS’s Standard Contractual Clauses. Personal data may also be accessed by CHEQ’s employees as necessary to provide the services. In such cases, the data will be accessed from CHEQ’s offices either in the EEA, or in Israel. Israel is subject to an adequacy decision by the European Commission.

The rights and freedoms of data subjects:
CHEQ implements the minimization principle, both in the data points it collects, and in its retention policies. Moreover, CHEQ products enable customers to fully and independently administer data subject requests and inquiries. CHEQ employs best industry standard technical and organization measures to ensure the safety and integrity of the personal data in its processing activities

ePrivacy Directive

Passed in 2002 and amended in 2009, the ePrivacy Directive (EPD) has become known as the “cookie law” since its most notable effect was the proliferation of cookie consent pop-ups after it was passed. It supplements (and in some cases, overrides) the GDPR, addressing crucial aspects about the confidentiality of electronic communications and the tracking of Internet users more broadly.
See below for more information regarding how CHEQ complies with the ePrivacy Directive.

Cookies usage:
CHEQ cookies are used to ensure that once a session is identified as fraudulent or malicious, it can be consistently blocked from access to the relevant customer’s website. The cookies are not
used for any other purpose and do not contain any personal data.

Most CHEQ cookies are not associated with any third party, within the meaning of the article 29 working party opinion on cookie consent. Four of the cookies are top level domain cookies, and the fifth is associated with CHEQ, which uses the cookie not as a third party, but as a processor for the customer’s benefit. They are a tool provided directly to, and controlled by, the site owner – CHEQ’s customer – to track traffic to its site, and are not used by any third party or for any other purpose.

Third party advertising cookies:
Unlike third party advertising cookies, most CHEQ cookies are not associated with any
third party, within the meaning of the article 29 working party opinion on cookie consent.
Four of the cookies are top level domain cookies, and the fifth is associated with CHEQ,
which uses the cookie not as a third party, but as a processor for the customer’s benefit.
They are a tool provided directly to, and controlled by, the site owner – CHEQ’s customer –
to track traffic to its site, and are not used by any third party or for any other purpose.

End user’s consent:
CHEQ considers its cookies as strictly required, based on the advice of its EU legal counsel.
CHEQ’s cookies are used to identify and block fraudulent access to our customer’s website.
Accordingly, we believe that requiring consent to place the cookie on an end user’s device
will have a material detrimental effect on the quality of the outcome of the services. As we
consider that the website owner has a legitimate business interest in preventing malicious
access to its website as an inherent part of making the website available, we consider the
cookies strictly required for the user’s access to the service.

CHEQ’s data security certifications

CHEQ is an ISO27001 certified company.
We are currently working on a SOC2 certification which
is estimated to be available by Q2-22.

For more information regarding GDPR/CCPA/Cookies
feel free to contact us at dataprivacy@cheq.ai.