Privacy Policy

Last updated: April 2026

1. Introduction

Welcome to ScamSecurityCheck. ScamSecurityCheck ("us", "we", or "our") operates https://scamsecuritycheck.com and the ScamSecurityCheck browser extension (collectively, the "Service"). Our Privacy Policy governs your use of the Service and explains how we collect, safeguard, and disclose information that results from your use of it. We use your data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, the terms used in this Privacy Policy have the same meanings as in our Terms of Service. Our Terms of Service ("Terms") govern all use of our Service and together with the Privacy Policy constitutes your agreement with us ("agreement"). For specific information about what the browser extension does and does not collect, see Section 6A below.

2. Definitions

SERVICE means the https://scamsecuritycheck.com/ website operated by ScamSecurityCheck. PERSONAL DATA means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession). USAGE DATA is data collected automatically either generated by the use of Service or from Service infrastructure itself (for example, the duration of a page visit). COOKIES are small files stored on your device (computer or mobile device). DATA CONTROLLER means a natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed. For the purpose of this Privacy Policy, we are a Data Controller of your data. DATA PROCESSORS (OR SERVICE PROVIDERS) means any natural or legal person who processes the data on behalf of the Data Controller. We may use the services of various Service Providers in order to process your data more effectively. DATA SUBJECT is any living individual who is the subject of Personal Data. THE USER is the individual using our Service. The User corresponds to the Data Subject, who is the subject of Personal Data.

3. Information Collection and Use

We collect several different types of information for various purposes to provide and improve our Service to you.

4. Types of Data Collected

Personal Data

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you ("Personal Data"). Personally identifiable information may include, but is not limited to: (a) Email address (b) First name and last name (c) Cookies and Usage Data. We may use your Personal Data to contact you with newsletters, marketing or promotional materials, and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by emailing at support@scamsecuritycheck.com.

Usage Data

We may also collect information that your browser sends whenever you visit our Service or when you access Service by or through a mobile device ("Usage Data"). This Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers, and other diagnostic data.

Rate Limiting and Security: When you submit forms (such as newsletter signups or scan requests), we temporarily process your IP address for rate limiting and abuse prevention purposes only. This IP address is not stored permanently and is deleted after the rate-limit window expires.

Tracking Cookies Data

We use cookies and similar tracking technologies to track the activity on our Service and we hold certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

5. Cookie Policy

What Are Cookies

Cookies are small text files placed on your device by websites you visit. They are widely used to make websites work more efficiently and to provide information to website owners.

Cookies We Use

We use two categories of cookies:

Strictly Necessary (Essential)

These cookies are required for the site to function and cannot be disabled.

  • Supabase authentication cookies — Keep you signed in to your account and maintain your session securely
  • Cookie consent preference — Remembers your cookie choice so we don't ask again (stored in localStorage)
  • Security cookies — Protect against cross-site request forgery and other threats

Analytics (Non-Essential)

These cookies help us understand how visitors use our site in aggregate. To opt out, email support@scamsecuritycheck.com or disable cookies in your browser settings.

  • Usage analytics — Aggregate, anonymous data about page visits and feature usage to help us improve the service
  • Scam alert attribution — Tracks how you found our site to help us understand which channels are effective

Your Cookie Choices

We use only essential cookies by default (authentication + security). Analytics cookies are used solely for aggregate site-improvement metrics and do not track you across other websites.

To opt out of analytics cookies, disable them in your browser's cookie settings, or email us at support@scamsecuritycheck.com and we will ensure no non-essential cookies are set for your account. You can also use your browser's built-in settings to block or delete cookies at any time.

Third-Party Cookies

We do not sell your data to third parties. Third-party services we use (Supabase for authentication, Stripe for payments) may set their own cookies when you interact with those features. These are governed by their respective privacy policies.

6. Message & Image Analysis

When you use our scam detection tool, the messages you submit are analyzed in real-time and are NOT stored on our servers. We do not retain, log, or share the content of messages you analyze.

When you use our AI Image Detector, your uploaded image is processed in real-time and immediately discarded. To provide our analysis features, your image may be sent to the following third-party services during processing:

  • Anthropic Claude API — for AI-generation detection analysis
  • Google Cloud Vision API — for reverse image search (checking if the image appears on other websites)

These services process your image only for the purpose of returning analysis results. We do not store images on our servers, and Google Cloud Vision API data handling is governed by the Google Cloud Privacy Notice. Google does not use Cloud Vision API data to improve their products or for advertising purposes.

6A. ScamSecurityCheck Browser Extension

Our browser extension (the “Extension”) is part of the Service and is governed by this Privacy Policy. This section describes specifically what the Extension does and does not collect.

Single Purpose

The Extension exists for one purpose: to let you scan a URL or message for scam, phishing, and fraud indicators using our analysis API at scamsecuritycheck.com/api/scan. It does not perform any other function.

What the Extension Sends to Our Servers

When you explicitly click “Scan This Page” or right-click a link/text and choose “Check this link for scams,” the Extension sends the following to our API:

  • The page URL and visible page text (title, meta description, and body text — up to 4,000 characters). This is extracted only when you click the scan button. Nothing is scanned automatically or in the background. The Extension never reads forms, passwords, input fields, or data you type into a page.
  • For right-click scans: only the specific link URL or highlighted text you selected — not the surrounding page.
  • Your IP address, used only for short-term rate limiting and free-tier tracking (rolling 30-day window, deleted as the window expires).
  • A source tag indicating the request came from the Extension (used internally to differentiate Extension vs. website traffic).

The submitted URL and page content are processed in real-time by our analysis pipeline (which includes a call to the Anthropic Claude API for AI risk evaluation) and then immediately discarded. We do not log, store, or retain the content of what you scan, on our servers or in any third-party storage.

What the Extension Does NOT Do

  • • It does not read your browsing history.
  • • It does not scan or transmit anything in the background — page content is only read when you click “Scan This Page.”
  • • It does not read forms, passwords, input fields, cookies, or any data you type into a page.
  • • It does not log keystrokes, clicks, or mouse movement.
  • • It does not access your location, contacts, microphone, camera, financial data, health data, authentication credentials, or personally identifiable information.
  • • It does not inject ads, modify page content, or track you across sites.
  • • It does not contain analytics or telemetry SDKs.

Local Storage in Your Browser

The Extension may store a small amount of data locally in your browser’s chrome.storage for non-sensitive purposes only:

  • • Your most recent scan result (so you can re-open it without re-scanning)
  • • Extension settings/preferences (e.g. theme, default behaviors)

This data never leaves your browser. You can clear it at any time by removing the Extension or clearing extension data from your browser’s settings.

Limited Use Disclosure (Chrome Web Store)

ScamSecurityCheck’s use of information received from the Extension complies with the Chrome Web Store User Data Policy, including the Limited Use requirements. Specifically:

  • • User data is used solely to provide and improve the user-facing scam-scanning feature.
  • • We do not sell user data to anyone, transfer it to third parties for advertising, or use it for credit-worthiness or lending purposes.
  • • We do not use Extension data to train AI models. Anthropic, our AI provider, processes scan inputs only to return a real-time analysis and does not retain prompts for training (see Anthropic’s Privacy Policy).
  • • Humans do not read user data unless required to investigate abuse, fix a critical bug, or comply with applicable law.

Permissions Justification

The Extension requests the minimum permissions necessary:

  • activeTab — grants temporary access to the current tab when you click “Scan This Page.” Used to read the tab URL. Revoked as soon as you navigate away.
  • scripting — used with activeTab to extract visible page text (title, description, body content) when you click “Scan This Page.” Only runs on explicit user action — never in the background.
  • contextMenus — adds the right-click “Check this link for scams” and “Check selected text for scams” menu items.
  • storage — to save recent scan history, authentication tokens, and user preferences locally in your browser.
  • Host permission for scamsecuritycheck.com — to send scan requests to our API and handle the sign-in flow.

7. Use of Data

ScamSecurityCheck uses the collected data for various purposes: (a) to provide and maintain our Service; (b) to notify you about changes to our Service; (c) to allow you to participate in interactive features of our Service when you choose to do so; (d) to provide customer support; (e) to gather analysis or valuable information so that we can improve our Service; (f) to monitor the usage of our Service; (g) to detect, prevent and address technical issues; (h) to fulfill any other purpose for which you provide it; (i) to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection; (j) to provide you with notices about your account and/or subscription, including expiration and renewal notices, email-instructions, etc.; (k) to provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information; (l) in any other way we may describe when you provide the information; (m) for any other purpose with your consent.

8. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process personal data based on the following legal bases:

Contract (Article 6(1)(b))

Processing necessary to provide our Service and manage your account, subscription, and payments.

Consent (Article 6(1)(a))

Marketing communications, analytics cookies, and newsletter subscriptions are based on your explicit consent. You may withdraw consent at any time.

Legitimate Interests (Article 6(1)(f))

Security, fraud prevention, abuse detection, rate limiting, and service improvement are based on our legitimate interest in protecting our Service and users.

Legal Obligation (Article 6(1)(c))

Payment records and transaction data are retained as required by applicable tax and financial regulations.

9. Data Retention & Deletion

Account Data

We retain your account information (email address, subscription status, and account preferences) for as long as your account is active. If you delete your account or request deletion, we will remove your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes.

Uploaded Content

We do not store uploaded content. Messages submitted for scam analysis and images uploaded to the AI Image Detector are processed in real-time and immediately discarded. They are never saved to our servers, databases, or any third-party storage.

Scan History & Usage Logs

We may retain anonymized, aggregate usage data (such as total scans performed and feature usage counts) to improve our Service. This data cannot be used to identify individual users. Individual scan results are not stored on our servers after they are delivered to you.

Payment & Billing Data

Payment information is processed and stored by our payment processor, Stripe. We do not store your full credit card number. Transaction records may be retained as required by applicable tax and financial regulations.

Newsletter Subscription Data

We retain newsletter subscriber email addresses for as long as you remain subscribed. Upon unsubscription, we retain the email address for 90 days to process the request and prevent accidental re-subscription. After 90 days, the data is permanently deleted.

Requesting Data Deletion

You may request deletion of your personal data at any time by emailing us at support@scamsecuritycheck.com with the subject line "Data Deletion Request." Upon receiving your request, we will:

  • • Verify your identity to protect against unauthorized requests
  • • Delete your account and associated personal data within 30 days
  • • Confirm deletion via email once the process is complete

Please note that some data may be retained if required by law, to resolve disputes, or to enforce our agreements. Any retained data will be limited to the minimum necessary for these purposes.

10. Transfer of Data

Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction. If you are located outside the United States and choose to provide information to us, please note that we transfer the data, including Personal Data, to the United States and process it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

For transfers of personal data from the European Economic Area (EEA) to the United States, our third-party processors (Supabase, Stripe, Google, Anthropic) maintain appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission to ensure your data receives adequate protection regardless of where it is processed.

11. Disclosure of Data

We may disclose personal information that we collect, or you provide: (a) Disclosure for Law Enforcement. Under certain circumstances, we may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities. (b) Business Transaction. If we or our subsidiaries are involved in a merger, acquisition or asset sale, your Personal Data may be transferred. (c) Other cases. We may disclose your information also: (i) to our subsidiaries and affiliates; (ii) to contractors, service providers, and other third parties we use to support our business; (iii) with your consent in any other cases.

12. Your Data Protection Rights under GDPR

If you are a resident of the European Economic Area (EEA), you have certain data protection rights. ScamSecurityCheck aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.

Under GDPR, you have the right to:

  • Access — Request a copy of the personal data we hold about you
  • Rectification — Request correction of inaccurate or incomplete personal data
  • Erasure — Request deletion of your personal data ("right to be forgotten")
  • Restrict Processing — Request that we limit how we use your data
  • Data Portability — Request your data in a structured, commonly used format
  • Object — Object to processing based on legitimate interests or for direct marketing
  • Withdraw Consent — Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at support@scamsecuritycheck.com. We will respond to your request within 30 days. You also have the right to lodge a complaint with your local Data Protection Authority (Supervisory Authority).

13. Additional Third-Party Services

In addition to the services mentioned in Section 6, we use the following third-party services:

Beehiiv Newsletter Attribution

We use Beehiiv's attribution script to track newsletter signup sources and campaign effectiveness. Beehiiv's use of data is governed by their Privacy Policy.

Google Subscribe with Google (SWG)

We use Google's Subscribe with Google program to offer subscription options to our content. This is governed by Google's Privacy Policy.

Cloudflare DDoS Protection

Our website is protected by Cloudflare to prevent DDoS attacks and ensure availability. Learn more in Cloudflare's Privacy Policy.

14. Data Processing Agreements

In accordance with GDPR Article 28, we maintain Data Processing Agreements (DPAs) with all third-party processors that handle personal data on our behalf, including:

  • • Supabase (data storage and authentication)
  • • Stripe (payment processing)
  • • Google Cloud Vision API (image analysis)
  • • Google Analytics (usage analytics)
  • • Anthropic Claude API (AI analysis)

Copies of executed Data Processing Agreements are available upon request. Contact us at support@scamsecuritycheck.com for more information.

15. Automated Decision-Making

Our scam analysis tools use AI to assess the likelihood that a message, image, or URL is fraudulent. These results are advisory only and do not produce legal or similarly significant effects. We do not use automated decision-making or profiling that affects your legal rights or access to our Service.

16. Children's Privacy

Our Service does not address anyone under the age of 13 ("Children"). We do not knowingly collect personally identifiable information from anyone under the age of 13. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us at support@scamsecuritycheck.com.

17. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. You are advised to review this Privacy Policy periodically for any changes.

18. Data Protection Officer

If you have concerns about our data processing practices or believe your GDPR rights have been violated, you may contact our Data Protection Officer:

Data Protection Officer (DPO)
Email: support@scamsecuritycheck.com

You also have the right to lodge a complaint with your local Data Protection Authority (Supervisory Authority) if you are unsatisfied with our response.

19. Contact Us

If you have any questions about this Privacy Policy, please contact us by email at support@scamsecuritycheck.com.

By using our Service, you acknowledge that you have read and understood this Privacy Policy and agree to be bound by its terms.