Privacy Policy

1. Who we are

ScamChecker (“we”, “us”, “our”) operates the website scamschecker.co and the associated API. We provide AI-powered scam detection services to consumers and families.

For questions about this policy, contact us at support@scamschecker.co.

2. Information we collect

2a. Account information

When you create an account, we collect your email address and a hashed password (managed by Supabase Auth). We use this solely to authenticate you and to manage your subscription.

2b. Usage data

We store a daily check counter per account to enforce free-tier limits. We also store your subscription tier and billing status. We do not store the content of your checks.

2c. Billing information

Payment details are handled entirely by Stripe. We store only your Stripe customer ID and subscription status. We never see or store your card number, expiry date, or CVV.

2d. Technical logs

Our servers produce standard access logs containing IP addresses, timestamps, HTTP methods, and response codes. These logs are retained for up to 30 days for security and performance monitoring. Logs never include the content of analysis requests.

2e. Waitlist

If you join our waitlist, we store your email address and the source of your sign-up. We use this only to notify you at launch.

3. What we do NOT collect

• The text, URLs, images, or QR codes you submit for analysis
• The verdicts or risk scores returned by the AI
• Any personally identifiable information about third parties mentioned in your checks
• Biometric data
• Location data beyond your IP address (used only for rate limiting)

Analysis requests are processed entirely in memory. The content is passed to our AI provider (Anthropic) for analysis and then immediately discarded. Anthropic's API usage policy prohibits using API inputs to train their models.

4. How we use your information

• To authenticate you and manage your account
• To enforce free-tier usage limits
• To process payments and manage your subscription via Stripe
• To send transactional emails (account confirmation, password reset)
• To notify waitlist subscribers at launch
• To detect and prevent abuse of our service

We do not sell your personal data. We do not use it for advertising. We do not share it with third parties except as necessary to provide the service (see Section 5).

5. Third-party processors

We use the following sub-processors:

6. Data retention

Account data is retained for as long as your account exists. If you delete your account, we delete your personal data within 30 days. Stripe retains billing records as required by law (typically 7 years). Server access logs are purged after 30 days.

7. Your rights

Depending on your location, you may have rights to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Object to or restrict processing of your data
• Receive a copy of your data in a portable format
• Withdraw consent at any time (where processing is consent-based)

To exercise any of these rights, email support@scamschecker.co. We will respond within 30 days.

8. Cookies

We use only essential cookies required to operate the service — specifically, the authentication session cookie set by Supabase Auth. We do not use advertising cookies, tracking pixels, or analytics cookies. We do not use Google Analytics or similar third-party analytics services.

9. Security

All data is transmitted over HTTPS. Passwords are hashed by Supabase Auth using bcrypt. Database access is restricted by Row Level Security policies — users can only access their own data. We follow security best practices including HSTS, Content Security Policy, and regular dependency audits.

10. Changes to this policy

We may update this policy occasionally. When we do, we'll update the date at the top. For significant changes, we'll notify you by email if you have an account with us.

11. Contact

Questions about this privacy policy? Email us at support@scamschecker.co.