CFA

ភាពឯកជន

Plain-language summary. Phnom Penh, Cambodia.

Verifying a product on CFA is anonymous. You don’t need an account, and we never see who you are — only that a code was checked.

When you scan or verify a product (no account)

To check a code and detect anomalies, we record: a one-way hash of your IP address and device (never the raw values), an approximate city/country derived from your network, and the scan event itself (which code, when, and the verdict). We do not collect your name, phone, precise location, or any identifier that points back to you.

When a brand registers

Brands provide an email, a brand name, and product details, and generate verification codes. This data is scoped to that brand and isolated from every other brand (enforced at the database level with row-level security).

How we use it

To confirm whether a code matches a brand’s records, to power the anomaly “Suspicion Assist” signal (e.g. a code scanned impossibly far apart), and to show brands city-level analytics — where verifications happen, never who performed them.

What we never do

We do not sell your data, track your precise location, build advertising profiles, or attempt to identify shoppers. Verification results are an assistance signal, not a guarantee — for high-value items, contact the brand directly.

Security & retention

Codes are cryptographically signed (ECDSA); IP and device values are hashed; each brand’s data is isolated by row-level security. We keep scan events to operate the anomaly engine and provide brand analytics, and remove data that is no longer needed.

Contact

Questions, or a request about your data: support@cpfcambodia.org. A Khmer-language copy is available on request.

This is a plain-language summary intended to be honest about current practice; it is not a substitute for a final privacy policy reviewed against Cambodia’s data-protection law.

ត្រឡប់ទៅទំព័រដើម