Privacy Policy
Privacy Policy
StopScam PRIVACY POLICY
Effective Date: February 12, 2025
Thank you for choosing StopScam LLC (“StopScam,” “we,” “us,” or “our”). We are committed to protecting your privacy and security. This Privacy Policy (“Policy”) explains how we collect, use, disclose, and otherwise process Personal Information when you interact with our mobile application, website, application-programming interfaces, push-notification service, or any other products or features that link to this Policy (collectively, the “Services”). By accessing or using the Services you acknowledge that you have read, understood, and agree to the practices described below. If you do not agree, please uninstall the application and discontinue all use.
“Personal Information” / “Personal Data” — information that identifies, relates to, describes, or could reasonably be linked to an identifiable individual.
“Processing” — any operation performed on Personal Information, whether or not by automated means (e.g., collection, storage, use, disclosure, deletion).
“Controller” — the entity that determines the purposes and means of Processing Personal Information. StopScam LLC acts as Controller for information covered by this Policy.
This Policy applies to Personal Information collected (i) directly from you, (ii) automatically when you interact with the Services, and (iii) from third parties as described below. It does not apply to data that cannot reasonably identify you (e.g., fully anonymised or aggregated information).
Where the General Data Protection Regulation (GDPR) or UK GDPR applies, we rely on one or more of the following legal bases:
Contract — to provide and operate the Services you request.
Legitimate Interests — to improve, secure, and market our Services, provided such interests are not overridden by your rights.
Consent — for optional features such as marketing communications, where you have given clear consent.
Legal Obligation — to comply with law or defend legal claims.
User Content — screenshots, images, PDFs, e-mails, URLs, text, and other materials you submit for scam analysis. This content may contain personal information such as names, phone numbers, e-mail addresses, contact details, account identifiers, payment details, or similar information included by you.
Account & Credentials — e-mail address, authentication credentials or token, preferred language, subscription details, and account settings.
Communications — support requests, feedback, survey responses, and other messages you send to us.
Device & Usage Data — device model, operating system version, app version, unique installation ID, IP address, language, timestamps, screens viewed, and in-app actions.
Diagnostics — crash logs, error logs, and performance metrics.
Approximate Location — region inferred from IP address or device settings. We do not collect or store precise GPS location unless explicitly stated otherwise.
Push Token — device token used to deliver push notifications.
Public Scam & Breach Databases — such as Have I Been Pwned®, Spamhaus, and PhishTank, used to support scam, phishing, spam, breach, and security checks.
App Stores & Payment Platforms — purchase history, subscription status, billing events, and refunds provided by Apple, Google, or our subscription/payment service providers.
Third-Party AI Provider — when you use AI-powered scam analysis features and provide consent, the content you choose to scan may be sent to OpenAI for analysis. This may include message text, links, phone numbers, e-mail addresses, screenshots, images, PDFs, and uploaded files.
We do not knowingly collect sensitive personal information such as health data or biometric data unless you include it in content you choose to submit.
We process Personal Information to:
Provide the Services — perform scam analysis, phishing detection, fraud checks, AI-assisted cybersecurity analysis, risk scoring, security check results, and related notifications.
Process AI Analysis Requests — send the content you choose to scan to OpenAI for scam, phishing, fraud, and security analysis, only after you provide explicit consent in the app.
Maintain and Improve the Services — debug issues, monitor performance, analyse product usage, prevent abuse, improve app stability, and develop new features.
Communicate with You — send transactional e-mails, support responses, security alerts, subscription notices, and, where permitted by law, marketing communications.
Ensure Security and Prevent Fraud — authenticate users, detect malicious or unauthorized activity, protect our systems, and enforce our Terms.
Comply with Legal Obligations — comply with applicable law, lawful requests, and regulatory requirements.
We do not engage in automated decision-making that produces legal or similarly significant effects within the meaning of GDPR Article 22.
We disclose Personal Information only in the following circumstances:
OpenAI (AI Analysis Provider) — if you use our AI-powered scam analysis features and provide consent, we may share the content you choose to scan with OpenAI for analysis. This may include message text, links, phone numbers, e-mail addresses, screenshots, images, PDFs, and uploaded files.
Service Providers & Sub-Processors — we use trusted service providers such as Google Cloud, Firebase, Apphud, and other vendors who process data on our behalf under written agreements and applicable safeguards.
Analytics & Crash Reporting Partners — we may share pseudonymised, de-identified, or aggregated technical and usage data with analytics and crash reporting providers to improve app stability and performance.
Legal & Safety Disclosures — we may disclose information when required by law, legal process, or to protect the rights, safety, property, users, or the public.
Business Transfers — we may disclose information in connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, subject to standard confidentiality protections.
With Your Consent — we may disclose information in any other situation where you have expressly consented.
We do not sell or rent Personal Information for monetary consideration.
Your data may be stored or processed in the United States or other jurisdictions. When we transfer Personal Information from the EEA/UK to countries lacking an adequacy decision, we rely on Standard Contractual Clauses, the EU–U.S. Data Privacy Framework (if certified), or other lawful mechanisms.
Uploaded User Content — deleted automatically within 30 days of upload.
Anonymised Extracted Text — retained up to 12 months for model improvement.
Device & Usage Logs — retained up to 36 months on a rolling basis.
Flagged Scam Metadata — retained up to 5 years for threat-intelligence purposes.
Encrypted Back-ups — deleted on the same schedules or rendered inaccessible via cryptographic erasure.
We may retain data longer where required to meet legal obligations or defend against claims.
We use technical and organisational safeguards, including TLS/SSL encryption in transit, encryption at rest, role-based access controls, multi-factor authentication, regular vulnerability scanning, independent penetration testing, and a Responsible Disclosure Programme. While we strive to protect your data, no system is completely secure, and we cannot guarantee absolute security.
Depending on your jurisdiction, you may have the right to:
Access — obtain a copy of the Personal Information we hold about you.
Portability — receive data in a structured, machine-readable format.
Correction — request rectification of inaccurate or incomplete data.
Deletion — request erasure, subject to legal exemptions.
Restriction — request limited processing in certain circumstances.
Objection — object to processing based on legitimate interests or direct marketing.
Withdraw Consent — revoke consent at any time where processing is based on consent.
Authorised Agent — designate an agent (e.g., under CCPA) to exercise rights on your behalf, subject to verification.
To exercise these rights, contact privacy@stopscam.ai. We will verify your identity (and, where applicable, the authority of any agent) before responding. We will not discriminate for exercising rights.
The Services are not intended for children under 18. We do not knowingly collect Personal Information from children under 13. If we learn that such data has been collected, we will delete it promptly.
Our mobile application does not use traditional browser cookies. Integrated SDKs may store device identifiers or local data for analytics, crash reporting, or push-notification delivery. You can reset advertising or device identifiers through your OS settings.
Because the Services rely solely on first-party analytics and do not track users across third-party sites, we do not respond to Do Not Track signals or Global Privacy Control headers.
The Services may include links to external websites or resources. We are not responsible for the content or privacy practices of those third parties. We encourage you to review their privacy policies before providing information.
We may update this Policy periodically. Material changes will be announced via in-app notice, push notification, or e-mail at least 30 days before they take effect. Your continued use after the effective date constitutes acceptance of the revised Policy.
This Policy is governed by the laws of the State of Delaware, USA, without regard to conflict-of-law rules. Privacy-related disputes are subject to the binding-arbitration clause and class-action waiver contained in our Terms of Use.
General Support: support@stopscam.ai
Privacy Enquiries: privacy@stopscam.ai
Mail: StopScam LLC, 254 Chapman Rd, Ste 208 #20663, Newark, Delaware 19702, USA
By accessing or using the Services you confirm that you have read, understood, and agree to this Privacy Policy. If you do not agree, please uninstall the application and discontinue all use.
© 2025 StopScam LLC. All rights reserved.