Privacy Policy

Last updated: March 2026

1. Introduction

Welcome to ScamSecurityCheck. ScamSecurityCheck ("us", "we", or "our") operates https://scamsecuritycheck.com (hereinafter referred to as "Service"). Our Privacy Policy governs your visit to https://scamsecuritycheck.com, and explains how we collect, safeguard, and disclose information that results from your use of our Service. We use your data to provide and improve Service. By using Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, the terms used in this Privacy Policy have the same meanings as in our Terms of Service. Our Terms of Service ("Terms") govern all use of our Service and together with the Privacy Policy constitutes your agreement with us ("agreement").

2. Definitions

SERVICE means the https://scamsecuritycheck.com/ website operated by ScamSecurityCheck. PERSONAL DATA means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession). USAGE DATA is data collected automatically either generated by the use of Service or from Service infrastructure itself (for example, the duration of a page visit). COOKIES are small files stored on your device (computer or mobile device). DATA CONTROLLER means a natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed. For the purpose of this Privacy Policy, we are a Data Controller of your data. DATA PROCESSORS (OR SERVICE PROVIDERS) means any natural or legal person who processes the data on behalf of the Data Controller. We may use the services of various Service Providers in order to process your data more effectively. DATA SUBJECT is any living individual who is the subject of Personal Data. THE USER is the individual using our Service. The User corresponds to the Data Subject, who is the subject of Personal Data.

3. Information Collection and Use

We collect several different types of information for various purposes to provide and improve our Service to you.

4. Types of Data Collected

Personal Data

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you ("Personal Data"). Personally identifiable information may include, but is not limited to: (a) Email address (b) First name and last name (c) Cookies and Usage Data. We may use your Personal Data to contact you with newsletters, marketing or promotional materials, and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by emailing at support@scamsecuritycheck.com.

Usage Data

We may also collect information that your browser sends whenever you visit our Service or when you access Service by or through a mobile device ("Usage Data"). This Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers, and other diagnostic data.

Rate Limiting and Security: When you submit forms (such as newsletter signups or scan requests), we temporarily process your IP address for rate limiting and abuse prevention purposes only. This IP address is not stored permanently and is deleted after the rate-limit window expires.

Tracking Cookies Data

We use cookies and similar tracking technologies to track the activity on our Service and we hold certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

5. Cookie Policy

What Are Cookies

Cookies are small text files placed on your device by websites you visit. They are widely used to make websites work more efficiently and to provide information to website owners.

Cookies We Use

We use two categories of cookies:

Strictly Necessary (Essential)

These cookies are required for the site to function and cannot be disabled.

  • Supabase authentication cookies — Keep you signed in to your account and maintain your session securely
  • Cookie consent preference — Remembers your cookie choice so we don't ask again (stored in localStorage)
  • Security cookies — Protect against cross-site request forgery and other threats

Analytics (Non-Essential)

These cookies help us understand how visitors use our site. They are only set if you click "Accept All" in our cookie banner.

  • Usage analytics — Aggregate, anonymous data about page visits and feature usage to help us improve the service
  • Scam alert attribution — Tracks how you found our site to help us understand which channels are effective

Your Cookie Choices

When you first visit our site, a cookie banner gives you two options:

  • Accept All — Enables both essential and analytics cookies
  • Essential Only — Only strictly necessary cookies are used; no analytics or tracking cookies are set

You can change your preference at any time by clearing your browser's localStorage for this site (this will reset the cookie banner so you can choose again), or by using your browser's built-in cookie management settings to block or delete cookies.

Third-Party Cookies

We do not sell your data to third parties. Third-party services we use (Supabase for authentication, Stripe for payments) may set their own cookies when you interact with those features. These are governed by their respective privacy policies.

6. Message & Image Analysis

When you use our scam detection tool, the messages you submit are analyzed in real-time and are NOT stored on our servers. We do not retain, log, or share the content of messages you analyze.

When you use our AI Image Detector, your uploaded image is processed in real-time and immediately discarded. To provide our analysis features, your image may be sent to the following third-party services during processing:

  • Anthropic Claude API — for AI-generation detection analysis
  • Google Cloud Vision API — for reverse image search (checking if the image appears on other websites)

These services process your image only for the purpose of returning analysis results. We do not store images on our servers, and Google Cloud Vision API data handling is governed by the Google Cloud Privacy Notice. Google does not use Cloud Vision API data to improve their products or for advertising purposes.

7. Use of Data

ScamSecurityCheck uses the collected data for various purposes: (a) to provide and maintain our Service; (b) to notify you about changes to our Service; (c) to allow you to participate in interactive features of our Service when you choose to do so; (d) to provide customer support; (e) to gather analysis or valuable information so that we can improve our Service; (f) to monitor the usage of our Service; (g) to detect, prevent and address technical issues; (h) to fulfill any other purpose for which you provide it; (i) to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection; (j) to provide you with notices about your account and/or subscription, including expiration and renewal notices, email-instructions, etc.; (k) to provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information; (l) in any other way we may describe when you provide the information; (m) for any other purpose with your consent.

8. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process personal data based on the following legal bases:

Contract (Article 6(1)(b))

Processing necessary to provide our Service and manage your account, subscription, and payments.

Consent (Article 6(1)(a))

Marketing communications, analytics cookies, and newsletter subscriptions are based on your explicit consent. You may withdraw consent at any time.

Legitimate Interests (Article 6(1)(f))

Security, fraud prevention, abuse detection, rate limiting, and service improvement are based on our legitimate interest in protecting our Service and users.

Legal Obligation (Article 6(1)(c))

Payment records and transaction data are retained as required by applicable tax and financial regulations.

9. Data Retention & Deletion

Account Data

We retain your account information (email address, subscription status, and account preferences) for as long as your account is active. If you delete your account or request deletion, we will remove your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes.

Uploaded Content

We do not store uploaded content. Messages submitted for scam analysis and images uploaded to the AI Image Detector are processed in real-time and immediately discarded. They are never saved to our servers, databases, or any third-party storage.

Scan History & Usage Logs

We may retain anonymized, aggregate usage data (such as total scans performed and feature usage counts) to improve our Service. This data cannot be used to identify individual users. Individual scan results are not stored on our servers after they are delivered to you.

Payment & Billing Data

Payment information is processed and stored by our payment processor, Stripe. We do not store your full credit card number. Transaction records may be retained as required by applicable tax and financial regulations.

Newsletter Subscription Data

We retain newsletter subscriber email addresses for as long as you remain subscribed. Upon unsubscription, we retain the email address for 90 days to process the request and prevent accidental re-subscription. After 90 days, the data is permanently deleted.

Requesting Data Deletion

You may request deletion of your personal data at any time by emailing us at support@scamsecuritycheck.com with the subject line "Data Deletion Request." Upon receiving your request, we will:

  • • Verify your identity to protect against unauthorized requests
  • • Delete your account and associated personal data within 30 days
  • • Confirm deletion via email once the process is complete

Please note that some data may be retained if required by law, to resolve disputes, or to enforce our agreements. Any retained data will be limited to the minimum necessary for these purposes.

10. Transfer of Data

Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction. If you are located outside the United States and choose to provide information to us, please note that we transfer the data, including Personal Data, to the United States and process it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

For transfers of personal data from the European Economic Area (EEA) to the United States, our third-party processors (Supabase, Stripe, Google, Anthropic) maintain appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission to ensure your data receives adequate protection regardless of where it is processed.

11. Disclosure of Data

We may disclose personal information that we collect, or you provide: (a) Disclosure for Law Enforcement. Under certain circumstances, we may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities. (b) Business Transaction. If we or our subsidiaries are involved in a merger, acquisition or asset sale, your Personal Data may be transferred. (c) Other cases. We may disclose your information also: (i) to our subsidiaries and affiliates; (ii) to contractors, service providers, and other third parties we use to support our business; (iii) with your consent in any other cases.

12. Your Data Protection Rights under GDPR

If you are a resident of the European Economic Area (EEA), you have certain data protection rights. ScamSecurityCheck aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.

Under GDPR, you have the right to:

  • Access — Request a copy of the personal data we hold about you
  • Rectification — Request correction of inaccurate or incomplete personal data
  • Erasure — Request deletion of your personal data ("right to be forgotten")
  • Restrict Processing — Request that we limit how we use your data
  • Data Portability — Request your data in a structured, commonly used format
  • Object — Object to processing based on legitimate interests or for direct marketing
  • Withdraw Consent — Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at support@scamsecuritycheck.com. We will respond to your request within 30 days. You also have the right to lodge a complaint with your local Data Protection Authority (Supervisory Authority).

13. Additional Third-Party Services

In addition to the services mentioned in Section 6, we use the following third-party services:

Beehiiv Newsletter Attribution

We use Beehiiv's attribution script to track newsletter signup sources and campaign effectiveness. Beehiiv's use of data is governed by their Privacy Policy.

Google Subscribe with Google (SWG)

We use Google's Subscribe with Google program to offer subscription options to our content. This is governed by Google's Privacy Policy.

Cloudflare DDoS Protection

Our website is protected by Cloudflare to prevent DDoS attacks and ensure availability. Learn more in Cloudflare's Privacy Policy.

14. Data Processing Agreements

In accordance with GDPR Article 28, we maintain Data Processing Agreements (DPAs) with all third-party processors that handle personal data on our behalf, including:

  • • Supabase (data storage and authentication)
  • • Stripe (payment processing)
  • • Google Cloud Vision API (image analysis)
  • • Google Analytics (usage analytics)
  • • Anthropic Claude API (AI analysis)

Copies of executed Data Processing Agreements are available upon request. Contact us at support@scamsecuritycheck.com for more information.

15. Automated Decision-Making

Our scam analysis tools use AI to assess the likelihood that a message, image, or URL is fraudulent. These results are advisory only and do not produce legal or similarly significant effects. We do not use automated decision-making or profiling that affects your legal rights or access to our Service.

16. Children's Privacy

Our Service does not address anyone under the age of 13 ("Children"). We do not knowingly collect personally identifiable information from anyone under the age of 13. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us at support@scamsecuritycheck.com.

17. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. You are advised to review this Privacy Policy periodically for any changes.

18. Data Protection Officer

If you have concerns about our data processing practices or believe your GDPR rights have been violated, you may contact our Data Protection Officer:

Data Protection Officer (DPO)
Email: support@scamsecuritycheck.com

You also have the right to lodge a complaint with your local Data Protection Authority (Supervisory Authority) if you are unsatisfied with our response.

19. Contact Us

If you have any questions about this Privacy Policy, please contact us by email at support@scamsecuritycheck.com.

By using our Service, you acknowledge that you have read and understood this Privacy Policy and agree to be bound by its terms.