Privacy Policy

Last updated: 6/21/2025

Overview

Scam Scout is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our web application and browser extension. We believe in transparency and want you to understand exactly what data we handle and how we protect it.

Information We Collect

Chrome Extension Data Collection

Email Content Analysis

When you scan emails for fraud detection, our extension accesses:

  • Email subject lines
  • Sender name and email address
  • Email body text content
  • All links contained within emails
  • Timestamp of when the email was analyzed
  • Attachment presence indicators (we do not access actual file attachments)
  • Email provider type (Gmail, Outlook, Yahoo)

Note: Email content is temporarily sent to our servers for AI analysis and is immediately deleted after processing.

Web Page Analysis

When analyzing web pages for potential scams, we collect:

  • Page title and visible text content (limited to 10,000 characters)
  • All links present on the page
  • Image URLs
  • Number and types of forms on the page
  • Form field analysis to detect requests for sensitive information (passwords, credit cards, SSNs)
  • DOM structure for advanced detection (Premium feature, up to 1MB)
  • Screenshot capture (if enabled in settings, compressed JPEG format)

Local Data Storage

The extension stores the following data locally on your device:

  • Your last 100 fraud detection results with full details
  • 24-hour cache of analysis results to reduce API calls
  • Usage statistics (total scans, frauds detected, risk level breakdown)
  • Your preferences (notification settings, sensitivity level, auto-scan settings)
  • Whitelisted and blacklisted domains
  • Up to 50 queued requests for offline processing

Extension Permissions

Our extension requires these permissions to function:

  • Active Tab: To analyze the current page when you activate the scan
  • Storage: To save your preferences and detection history
  • Notifications: To alert you about detected scams (if enabled)
  • Web Navigation: To monitor page navigation for auto-scan features
  • Identity: For secure Google OAuth authentication
  • Email Provider Access: To read email content on Gmail, Outlook, and Yahoo Mail

Web Application Data

Account Information

When you create an account, we collect:

  • Email address
  • Authentication tokens (via Google OAuth)
  • User ID (UUID generated by Supabase)
  • Account creation and last login timestamps

Usage Analytics

We track detailed API usage for billing and service improvement:

  • API endpoints accessed and request types
  • AI model used and token counts (for cost calculation)
  • Response times and success/failure rates
  • Content type and domain metadata
  • Risk levels and confidence scores
  • Error messages for debugging
  • Monthly aggregated statistics

Subscription Data

For paying customers, we store:

  • Subscription tier (free, basic, premium)
  • Subscription status and billing period
  • Stripe customer and subscription IDs
  • Usage limits and current usage

How We Use Your Information

  • Fraud Detection: Content is analyzed by our AI to identify scams and immediately deleted after processing
  • Service Functionality: Authentication, subscription management, and usage tracking
  • Rate Limiting: IP addresses used to enforce fair usage limits (10/min free, 100/min premium)
  • Service Improvement: Aggregated usage patterns help improve detection accuracy
  • Technical Support: Error logs and response times help diagnose issues
  • Billing: Token usage tracked to calculate costs and enforce subscription limits

Data Storage and Retention

Temporary Processing:

  • Email and webpage content: Deleted immediately after AI analysis
  • Screenshots: Processed and deleted within seconds
  • DOM data: Not stored after analysis

Persistent Storage:

  • Detection history: Limited to last 100 entries in extension
  • API usage logs: Retained for billing and debugging
  • Account data: Retained while account is active
  • Aggregated statistics: Anonymized after 90 days

Data Security

We implement multiple layers of security:

  • All data transmission uses HTTPS/TLS encryption
  • Authentication handled by secure Supabase Auth
  • Database access restricted with row-level security
  • Admin endpoints protected by email whitelist
  • Service role authentication for sensitive operations
  • No storage of payment card details (handled by Stripe)
  • Regular security updates and dependency patches

Third-Party Services

We use these services that may process your data:

Supabase

Authentication, database hosting, and session management

Azure OpenAI

AI-powered fraud analysis (content not retained by Azure)

Stripe (Coming Soon)

Payment processing (we never see your payment card details)

Vercel

Web hosting (standard server logs only)

Your Rights and Choices

Data Control

  • Access your personal data via the dashboard
  • Request correction of inaccurate information
  • Delete your account and all associated data
  • Export your usage data (coming soon)

Extension Controls

  • Disable auto-scan features
  • Clear all detection history
  • Manage whitelist/blacklist domains
  • Control notification preferences
  • Disable screenshot capture
  • Sign out to clear all local data

Data We DON'T Collect

We want to be clear about what we don't access:

  • Personal files or documents from your computer
  • Passwords (except detecting password request forms)
  • Payment card numbers or banking credentials
  • Browsing history beyond pages you explicitly scan
  • Cookies from other websites
  • Email attachments content
  • Private messages outside of scanned content

No Third-Party Analytics

We do not use any third-party analytics or tracking services such as Google Analytics, Facebook Pixel, or similar tools. We only track usage data necessary for providing and improving our service.

Children's Privacy

Scam Scout is not intended for children under 13. We do not knowingly collect information from children under 13 years of age. If you believe we have collected information from a child under 13, please contact us immediately.

Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will notify affected users within 72 hours via email and provide information about the breach and steps to protect yourself.

Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of any material changes through the extension or via email if you have an account. Continued use of our service after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy, your data, or would like to exercise your privacy rights, please contact us:

Contact Support Form

Email: privacy@scamscout.ai

This privacy policy is effective as of 6/21/2025 and applies to all users of the Scam Scout web application and Chrome extension.