Privacy policy
Last updated: June 2026
1. Who we are
Sentra Cyber Fraud Ltd ("Fiducio", "we", "us") provides payment fraud protection software for construction and trades SMEs. For data protection purposes, Sentra Cyber Fraud Ltd is the data controller for personal data described in this policy. Contact: info@fiducio-cyber.com.
2. What we collect
Depending on how you use Fiducio, we may process:
Account & organisation data
- Name, work email, company name, and authentication credentials (stored by our auth provider)
- Organisation settings, user role, and audit activity within your tenant
Platform & supplier data
- Supplier names, domains, trusted contact details, and verified bank information you enter or import
- Supplier bank account numbers in encrypted form; partial digits for display and matching
- Risk cases, verification tasks, signals, and audit trail entries
Email monitoring data
When you connect Microsoft 365 or forward payment-risk email to Fiducio, we process message metadata and content needed for fraud detection, such as sender, recipient mailbox, subject, body text, reply-to, authentication headers (SPF/DKIM/DMARC where available), and text extracted from PDF attachments. We do not ask for your email password.
Integration data
- Microsoft 365: OAuth tokens (encrypted), mailbox addresses you select, and message data from those mailboxes only
- Xero: OAuth tokens (encrypted), organisation/tenant identifier, and supplier contact and payment fields you authorise us to read for baseline import
Billing data
Subscription status, plan interval, and Stripe customer/subscription identifiers. Card payments are handled by Stripe; we do not store full card numbers.
Contact & sales enquiries
Information you submit via our contact form (name, company, email, and messages you choose to send).
We do not ask for bank logins, Microsoft admin passwords, or full organisation-wide mailbox access beyond mailboxes you explicitly connect.
3. How we use your data
We use personal and organisational data to:
- Provide, secure, and maintain the Fiducio platform for your organisation
- Analyse payment-risk email and compare against your supplier baseline
- Process subscriptions and manage billing
- Respond to support, security, and feedback enquiries
- Improve detection quality and product features (including aggregated or anonymised insights where possible)
- Meet legal, tax, and regulatory obligations
Legal bases (UK GDPR): We rely primarily on contract (to deliver the service you signed up for), legitimate interests (to secure and improve Fiducio, prevent abuse, and support customers), and consent where you opt in to marketing or optional communications. You may withdraw consent without affecting core service processing required by contract.
4. Who we share data with
We use trusted service providers ("processors") who process data on our instructions, including:
Business customers may also review our data processing agreement, which describes processor obligations and sub-processors in more detail.
- Supabase — database hosting and authentication infrastructure
- Vercel — application hosting
- Stripe — payment processing and subscription management
- Microsoft — when you connect Microsoft 365, per your OAuth consent
- Xero — when you connect Xero, per your OAuth consent
We do not sell your personal data. We may disclose information if required by law or to protect rights, safety, and security.
5. International transfers
Some providers may process data outside the UK. Where they do, we rely on appropriate safeguards (such as UK adequacy regulations, standard contractual clauses, or provider certifications) as required by applicable law.
6. Retention
We retain account, platform, and email-risk data while your organisation has an active account and for a reasonable period afterwards so we can support you, resolve disputes, and meet legal obligations. You may request deletion of your account data by contacting us; some records may be retained where required by law or for legitimate business purposes (e.g. billing records).
7. Security
We use technical and organisational measures including authentication, per-organisation data isolation (row-level security), encryption of sensitive fields and integration tokens, and least-privilege integration scopes. See our security statement for more detail. No system is perfectly secure; please report concerns to info@fiducio-cyber.com.
8. Your rights
Under UK data protection law you may have rights to access, rectify, erase, restrict, or object to certain processing, and to data portability where applicable. You may also lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk. To exercise your rights, contact info@fiducio-cyber.com.
9. Cookies
Fiducio uses essential cookies and similar technologies to keep you signed in and to protect the service (for example session cookies via our authentication provider). We do not use non-essential advertising cookies on the platform. You can control cookies through your browser settings; disabling essential cookies may prevent you from using the service.
10. Changes
We may update this policy from time to time. We will post the revised version with an updated date. Material changes may also be notified by email or in-app notice.
11. Contact
Privacy, security, and general enquiries: info@fiducio-cyber.com
Privacy policy · Terms of use · Data processing agreement · Security