Privacy Policy | DefendMe Global

1. Who We Are and How to Contact Us

DefendME Global Consulting LLC ("DefendMe", "we", "us", "our") is a technology platform company incorporated in the State of Wyoming, United States (EIN: 61-2326199). We partner with licensed legal professionals and law firms in applicable jurisdictions (the "DefendMe Legal Network") to provide services to victims of cybercrime, financial fraud, and online scams worldwide.

Detail	Information
Company name	DefendME Global Consulting LLC
Registered in	State of Wyoming, United States
EIN	61-2326199
Website	www.defendmeworldwide.com
Data protection email	office@defendmeworldwide.com
General contact	office@defendmeworldwide.com
EU Representative	To be appointed (see Section 3). Interim contact: office@defendmeworldwide.com with subject line "GDPR: EU Representative Request".

We will respond within 72 hours to all GDPR-related correspondence.

2. Scope and Legal Basis for this Policy

This Privacy Policy applies to all personal data we collect through our website, services, intake forms, consultations, and communications. It covers the following services:

Class Action Lawsuits: aggregating victims of scams into collective legal proceedings.
Crypto Money Tracing: blockchain and financial analysis of fraudulent transactions.
Business Verification: due diligence and entity verification services.
Criminal Complaints: preparation and filing of criminal complaints with competent authorities.
Education: online resources and guides for fraud prevention and victim awareness.
Consultations: one-on-one legal and technical consultations with our team.

Although DefendME Global Consulting LLC is registered in the United States, we actively target and serve individuals in the European Union and European Economic Area (EEA). Accordingly, the EU General Data Protection Regulation (GDPR) (Regulation 2016/679) applies to our processing of personal data of EU/EEA residents by virtue of Article 3(2) GDPR. Our legal partners operate in jurisdictions with their own applicable data protection laws, with which they comply independently. Where relevant, we ensure appropriate data processing agreements are in place with all legal partners.

3. EU Representative (Article 27 GDPR)

As a company established outside the EU that offers services to EU residents, we are required under Article 27 GDPR to appoint a representative in the European Union or EEA. We are in the process of formally designating our EU Representative. Until that appointment is complete, EU residents may direct GDPR-related enquiries to office@defendmeworldwide.com with the subject line "GDPR: EU Representative Request".

Once formally appointed, the name and contact details of our EU Representative will be published on this page and communicated to the relevant supervisory authority.

4. What Personal Data We Collect

The personal data we collect depends on which services you use. The categories below describe what we may process.

4.1 Identity and Contact Data

Full name, date of birth, nationality.
Email address, phone number, postal address.
Government-issued identification documents (where required for legal proceedings).

4.2 Case and Victim Data

Details of the fraud, scam, or cybercrime you experienced.
Financial loss amounts, transaction records, bank/payment account references.
Communications with the alleged fraudster (emails, chat logs, screenshots).
Cryptocurrency wallet addresses and transaction hashes.
Details of any prior legal or regulatory complaints filed.

4.3 Financial Data

Payment information for platform administration fees (processed via Stripe and Mercury Bank; we do not store full payment card numbers).
Transaction records processed through Stripe (payment processing) and Mercury Bank (banking services), both of which are US-based and operate under their own data protection frameworks.
Invoicing and billing records for platform services.

Note: Success-based commissions charged by our legal partners upon asset recovery are collected directly by the law firm and do not flow through DefendME's payment infrastructure. We do not process payment data related to legal success fees.

4.4 Technical and Usage Data

IP address, browser type, device identifiers.
Pages visited, time spent on site, referral source.
Cookie and tracking data (see Cookie Policy and Section 12).

4.5 Sensitive / Special Category Data

Certain services may involve special category data under Article 9 GDPR, including data about criminal allegations (information about alleged fraudsters or perpetrators) and data that reveals financial distress. We process such data only where strictly necessary for the delivery of the platform product or service requested, and under a valid Article 9(2) legal basis. For product-based services, we rely on Article 9(2)(f), establishment, exercise, or defence of legal claims, as the data is submitted by victims for the purpose of pursuing recovery. For representation services where the Attorney acts on the client's behalf, the same basis applies under the direct attorney-client relationship governed by the Legal Services Agreement.

5. Lawful Basis for Processing

We rely on the following lawful bases under Article 6 GDPR for each service:

Service	Lawful Basis (Art. 6)	Notes
Class Action: Case Registration (platform)	Art. 6(1)(b): Contract	Processing necessary to register and manage your case on the platform. Legal representation governed separately by LSA with law firm.
Class Action: Legal Representation (law firm)	Art. 6(1)(b): Contract; Art. 9(2)(f): Legal claims	Data shared with law firm under LSA for active legal representation. Governed by law firm's own data processing obligations.
Crypto Money Tracing	Art. 6(1)(b): Contract	Processing required to deliver the tracing product. Legal professional review is part of the platform product, not a separate legal engagement.
Business Verification	Art. 6(1)(b): Contract; Art. 6(1)(f): Legitimate interest	Processing to deliver verification report. Third-party business data involved. Legal professional review embedded in product.
Criminal Complaints	Art. 6(1)(b): Contract; Art. 9(2)(f): Legal claims	Processing to prepare complaint document. Data may be submitted to authorities by client. Legal professional review embedded in product.
Consultations	Art. 6(1)(b): Contract	Data used solely to provide the requested consultation session.
Education	Art. 6(1)(a): Consent; or Art. 6(1)(f): Legitimate interest	Analytics and email lists require consent; delivering content is legitimate interest.
Marketing / Newsletter	Art. 6(1)(a): Consent	You may withdraw consent at any time; see Section 9.
Website Analytics	Art. 6(1)(a): Consent (via cookie banner)	Non-essential analytics require your consent.

6. How We Use Your Personal Data

We use your personal data for the following purposes:

Delivering the specific service you have engaged us for (legal case management, tracing, verification, etc.).
Communicating with you about your case, inquiry, or consultation.
Preparing and filing legal documents, complaints, and submissions on your behalf.
Coordinating with law enforcement, courts, and regulatory bodies where necessary.
Processing payments for our services.
Improving our website and services through aggregated, anonymized analytics.
Complying with legal and regulatory obligations applicable to us.
Sending you service updates and, where consented, educational or marketing communications.

We will NOT use your personal data for automated decision-making or profiling that produces legal or similarly significant effects without your explicit consent.

7. How We Share Your Data

DefendMe operates as a technology and legal services hybrid. Data sharing is integral to delivering our services. We share data only as necessary and only with appropriate safeguards in place.

7.1 Our Legal Partners

Your case data is shared with our licensed legal partners in two distinct circumstances. First, for product-based services (such as crypto tracing, business verification, and criminal complaint preparation), data is shared with the legal partner solely for the purpose of professional review and contribution to the platform product delivered to you. In this context the legal partner is a professional contributor to the product, not your legal representative. Second, for representation services (primarily class action proceedings), data is shared with the law firm under the Legal Services Agreement you sign directly with them, for the purpose of active legal representation. Each legal partner operates under a data processing agreement with DefendMe. Where a legal partner is based in a country recognized by the European Commission as providing adequate data protection (such as Serbia under GDPR Article 45), no additional transfer mechanism is required for EU data transfers to that partner. For partners in other jurisdictions, we rely on Standard Contractual Clauses or other appropriate safeguards as described in Section 7.4.

7.2 Law Enforcement and Regulatory Authorities

When you engage us to file a criminal complaint or participate in legal proceedings, we share relevant data with the appropriate authorities (police, prosecutors, financial regulators, courts) in the jurisdictions involved. This sharing is necessary for the performance of the service and is covered by Article 6(1)(b) and Article 9(2)(f) GDPR.

7.3 Service Providers and Data Processors

We engage trusted third-party processors who act under our instructions and are bound by data processing agreements (DPAs). These include:

Cloud hosting and infrastructure providers.
Payment processing providers (we do not store full payment card data).
Email communication platforms.
CRM and case management software.
Website analytics providers (subject to your cookie consent).

7.4 US-Based Services: International Transfers

As a US-registered company, some of our infrastructure and third-party tools are based in the United States. The US does not have an EU adequacy decision at this time. For transfers from the EU/EEA to the US, we rely on:

Standard Contractual Clauses (SCCs) adopted by the European Commission (Decision 2021/914), incorporated into our data processing agreements with US-based processors; or
Where SCCs are impracticable, the derogation in Article 49(1)(b) GDPR, transfers necessary for the performance of a contract at the data subject's request (applicable to our core legal services).

We maintain a record of all international transfers and the applicable safeguards. You may request a copy by contacting office@defendmeworldwide.com.

8. Data Retention

We retain your personal data only for as long as necessary for the purposes set out in this Policy, subject to legal and regulatory retention obligations. The following retention periods apply:

Data Category	Retention Period	Basis for Retention
Active case data (class action, criminal complaint)	Duration of proceedings + 7 years	Legal obligation; statute of limitations
Crypto tracing reports and analysis	5 years from delivery	Contractual record-keeping
Business verification records	5 years from delivery	Anti-money laundering obligations
Consultation records	3 years from consultation date	Professional indemnity / contractual
Payment and billing records	7 years	Tax and accounting legal obligation
Website analytics (anonymized)	26 months maximum	Standard analytics retention
Marketing email list	Until consent withdrawn + 1 year	Consent-based; erased on withdrawal
Job applicant data (if applicable)	12 months from application	Legitimate interest / legal requirement

After the applicable retention period expires, data is securely deleted or irreversibly anonymized. Where a legal hold is required (e.g., ongoing litigation), we will notify you and extend retention only for the duration necessary.

9. Your Rights Under GDPR

If you are in the EU/EEA (or in another jurisdiction with equivalent rights), you have the following rights regarding your personal data:

Your Right	What It Means
Right of Access (Art. 15)	You may request a copy of all personal data we hold about you and information about how we process it.
Right to Rectification (Art. 16)	You may ask us to correct inaccurate or incomplete personal data.
Right to Erasure (Art. 17)	You may request deletion of your data. Note: we may be unable to comply where retention is required by law (e.g., active legal proceedings, statutory accounting records).
Right to Restrict Processing (Art. 18)	You may ask us to pause processing of your data in certain circumstances (e.g., while accuracy is disputed).
Right to Data Portability (Art. 20)	Where processing is based on consent or contract and carried out by automated means, you may receive your data in a structured, machine-readable format.
Right to Object (Art. 21)	You may object to processing based on legitimate interests or for direct marketing purposes. Marketing objections will always be honored immediately.
Rights re: Automated Decisions (Art. 22)	You have the right not to be subject to solely automated decisions with significant effects. We do not currently use such processing.
Right to Withdraw Consent (Art. 7(3))	Where processing is based on consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.

To exercise any of these rights, please contact us at office@defendmeworldwide.com with the subject line "Data Subject Request". We will respond within 30 days. We may ask for proof of identity before processing your request. There is no charge for exercising your rights, except in cases of manifestly unfounded or excessive requests.

If you believe we have violated your data protection rights, you have the right to lodge a complaint with your local supervisory authority. For EU/EEA residents, this is typically the data protection authority in the country where you reside. A full list of EU supervisory authorities is available at edpb.europa.eu.

10. Data Security

We take the security of your personal data seriously, particularly given the sensitive nature of victim and legal case data. Our technical and organizational security measures include:

Encryption of data in transit using TLS 1.2 or higher.
Encryption of sensitive data at rest.
Role-based access controls limiting data access to authorized personnel only.
Regular security assessments and vulnerability testing.
Staff training on data protection and information security.
Incident response and breach notification procedures.

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay. We will also notify the competent supervisory authority within 72 hours of becoming aware of a breach, as required by Article 33 GDPR.

No system is completely secure. If you suspect unauthorized access to your data, please contact us immediately at office@defendmeworldwide.com.

11. Children's Data

Our services are intended for adults (18 years and older). We do not knowingly collect personal data from minors. If we become aware that we have collected personal data from a child under 16 without verifiable parental consent, we will delete it promptly. If you believe we have collected data from a minor, please contact us at office@defendmeworldwide.com.

12. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies. We categorize cookies as follows:

Cookie Type	Purpose	Legal Basis
Strictly Necessary	Session management, security, site functionality	No consent required (legitimate interest in operating the site)
Analytics / Performance	Understanding how visitors use our site (e.g., Google Analytics)	Consent required (opt-in via cookie banner)
Functional	Remembering preferences, language settings	Consent required
Marketing / Advertising	Targeted advertising and retargeting	Consent required. We do not currently use advertising cookies.

When you first visit our website, you will be presented with a cookie consent banner. You may accept all, reject non-essential, or customize your choices. You may change your preferences at any time via the "Cookie Settings" link in the footer of our website.

For full details on the specific cookies we use, including their names, durations, and providers, please refer to our Cookie Policy.

13. Third-Party Links

Our website may contain links to third-party websites or services. We are not responsible for the privacy practices or content of those sites. We encourage you to review the privacy policy of any third-party site you visit.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or data processing practices. When we make material changes, we will:

Update the "Effective Date" at the top of this document.
Post a notice on our website.
Where required by law, notify you directly by email.

Your continued use of our services after the updated Policy is posted constitutes acceptance of the changes. If you do not agree with the changes, you should cease using our services and may exercise your rights as described in Section 9.

15. Contact and Complaints

We take all data protection enquiries seriously and will do our best to resolve any concerns. For formal complaints, you are always entitled to escalate to the relevant supervisory authority if you are not satisfied with our response.