Last updated: June 3, 2026
1. Information We Collect
| Data Type | When | Purpose |
|---|---|---|
| Email address | Account creation | Authentication, notifications |
| Scan content | When you submit a scan | AI analysis only — deleted immediately after |
| Scan metadata | After analysis | Type, verdict, risk score — stored for history |
| IP address | Each request | Rate limiting — deleted after 30 days |
| Device type and browser | Each visit | Optimization |
| Gmail metadata (if connected) | Gmail scan | Sender, subject — content deleted after scan |
| Payment info | Plan upgrade | Processed by Stripe — we never see card numbers |
| Family member emails | Family Protection setup | Stored only with their consent |
| Phone number (if verified) | Phone verification | Stored as hash, not plain text |
2. Data We Do NOT Collect
- We do not store message or email content after scanning
- We do not track your browsing history
- We do not sell data to any third party
- We do not use your data for advertising
- We do not share data with data brokers
- We do not use cookies for tracking (only essential session cookies)
3. How We Use Your Data
- Scan analysis: Content you submit is sent to Anthropic's Claude AI for analysis and is subject to Anthropic's privacy policy.
- Scan history: For registered users, we store the verdict and content type only — not the full content of each scan.
- Family alerts: If you enable Family Protection, scan verdicts and summaries are shared with your confirmed trusted contacts.
- Service improvement: Aggregated, anonymized usage data helps us improve detection accuracy.
4. Browser Extension
- Only activates when you click it or select text
- Does not monitor your browsing passively
- Does not collect URLs you visit
- Does not store any data locally beyond your login token
- The only data sent to our servers is content you explicitly select
- No keylogging, no screenshots without your action
5. Gmail Integration
- Uses Gmail API readonly scope only
- Accesses email content only for scam analysis
- Content is analyzed and immediately discarded
- We store only: sender domain, subject snippet, verdict, and risk score
- We never read emails you have sent (incoming only)
- You can revoke access at any time at myaccount.google.com > Security > Third-party apps
- Maximum 50 emails scanned per day, 250 per month
6. Third-Party Services
| Service | Purpose | Data Shared |
|---|---|---|
| Anthropic (Claude AI) | Scam analysis | Submitted content (not stored by us) |
| Supabase | Auth & database | Email, account data |
| Stripe | Payments | Payment info (direct to Stripe) |
| Resend | Email notifications | Email address, alert content |
| Vercel | Hosting | IP address, request logs |
| Google (Gmail API) | Email scanning | Email content (analyzed, not stored) |
7. Data Retention
- Scan content: Deleted immediately after analysis
- Scan metadata: Kept for 2 years, then auto-deleted
- Account data: Kept until account deletion
- API logs: 90 days, then auto-deleted
- IP addresses: 30 days, then auto-deleted
- Gmail tokens: Deleted immediately on disconnect
- Deleted accounts: All data purged within 30 days
8. Your Rights
You have the right to:
- Access your data (via the Account page)
- Delete your account and all associated data
- Export your scan history
- Opt out of non-essential emails
- Request correction of inaccurate data
9. Account Deletion
You can delete your account at any time using the Delete My Account button in your account settings. This permanently removes all of your data from our systems. A confirmation email will be sent to your address, and the deletion process completes within 30 days.
10. CCPA (California Residents)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):
- Right to know: You may request details about what personal data we collect and how it is used.
- Right to delete: You may request deletion of your personal data.
- Right to opt out of sale: We do not sell your personal data to any third party.
To submit a CCPA request, email privacy@noscamforme.com. We will respond within 45 days.
11. GDPR (EU/UK Residents)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under GDPR:
- Right of access: Request a copy of all personal data we hold about you
- Right to rectification: Correct inaccurate personal data
- Right to erasure: Request deletion of your personal data ("right to be forgotten")
- Right to restrict processing: Limit how we use your data
- Right to data portability: Receive your data in a structured, machine-readable format
- Right to object: Object to processing based on legitimate interests
- Right to withdraw consent: Withdraw consent at any time where processing is based on consent
Legal basis for processing: Consent (account creation), contractual necessity (providing the Service), and legitimate interest (security, abuse prevention).
To exercise these rights, email privacy@noscamforme.com. We will respond within 30 days.
Data Controller: NoScamForMe LLC, Georgia, United States.
12. Children's Privacy
NoScamForMe is not intended for users under 13. We do not knowingly collect personal data from children. If we learn that we have collected data from a child under 13, we will delete it promptly.
13. Data Security
We protect your data with:
- HTTPS encryption for all data in transit
- Row-level security in our database (users can only access their own data)
- API keys stored as environment variables, never in client code
- Rate limiting and abuse detection
14. Changes to This Policy
We will notify registered users of material changes via email at least 30 days before they take effect.
15. Contact
Data Controller: NoScamForMe LLC, Georgia, United States
Privacy inquiries: privacy@noscamforme.com
General support: support@noscamforme.com
← Back to NoScamForMe