Privacy Policy

1. Introduction

ScamSnitch, Inc. ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service at ScamSnitch.ai ("Service").

By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

• Contact Information: Email address, name, company name, phone number
• Domain Information: Your legitimate domain and fraudulent domains
• Evidence Files: Screenshots, documents, and other materials you upload
• Case Descriptions: Text descriptions of fraud incidents and additional context
• Payment Information: Processed through Stripe (we do not store credit card data)

2.2 Automatically Collected Information

• Log Data: IP address, browser type, pages visited, timestamps
• Cookies: Session cookies, preference cookies, analytics cookies (see Cookie Policy)
• Usage Data: How you interact with the Service and features used
• Device Information: Operating system, device type, unique device identifiers

2.3 Information from Third Parties

• Technology Detection: WHOIS data, DNS records, HTTP headers from fraudulent sites
• Email Forwarding: Content from abuse emails (subscription tier)
• Payment Provider: Transaction status and billing information from Stripe

3. How We Use Your Information

We use your information to:

• Provide Services: Process cases, generate reports, file complaints
• Communication: Send updates, notifications, and respond to inquiries
• Verification: Confirm domain ownership and authorize actions on your behalf
• Compliance: Report to government agencies and service providers as requested
• Improvement: Analyze usage patterns to enhance the Service and develop new features
• Legal Obligations: Comply with applicable laws and respond to legal requests
• Security: Detect, prevent, and address fraud, abuse, and security issues

4. Information Sharing and Disclosure

4.1 With Your Consent

We share information when you authorize us to file complaints on your behalf to:

• Government agencies (FTC, IC3, state authorities)
• Service providers (hosting companies, domain registrars, CDNs)
• Law enforcement when legally required

4.2 Service Providers

We share data with third-party vendors who help us operate the Service:

• Cloud hosting (Vercel, Supabase)
• Payment processing (Stripe)
• Email delivery (SendGrid/Postmark)
• Analytics (privacy-focused tools only)
• Customer support platforms

4.3 Legal Requirements

We may disclose information if required to:

• Comply with legal obligations or court orders
• Enforce our Terms of Service
• Protect rights, property, or safety of ScamSnitch, users, or the public
• Prevent fraud or security incidents

4.4 Business Transfers

If ScamSnitch is acquired or merged, user information may be transferred to the new entity. We will notify you of any such change.

5. Data Retention

We retain your information as follows:

• Free Tier: 90 days after case submission
• Paid Tiers: 3 years after case completion
• Account Data: Until you request deletion or account closure
• Legal Data: As required by law (minimum 7 years for compliance)
• Aggregated Data: Indefinitely for analytics (anonymized and de-identified)

You may request earlier deletion by contacting privacy@scamsnitch.ai

6. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: Data encrypted in transit (TLS) and at rest (AES-256)
• Access Controls: Role-based access with multi-factor authentication
• Regular Audits: Security assessments and penetration testing
• Secure Infrastructure: SOC 2 compliant hosting providers
• Incident Response: Procedures for detecting and responding to breaches

While we strive to protect your data, no method of transmission or storage is 100% secure. Use the Service at your own risk.

7. Your Privacy Rights

7.1 General Rights

• Access: Request a copy of your personal information
• Correction: Update inaccurate or incomplete data
• Deletion: Request deletion of your data (subject to legal retention)
• Portability: Receive your data in a machine-readable format
• Opt-Out: Unsubscribe from marketing emails (does not apply to service emails)

7.2 California Residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act:

• Right to know what personal information is collected, used, and shared
• Right to delete personal information (with exceptions)
• Right to opt-out of the sale of personal information (we do not sell data)
• Right to non-discrimination for exercising CCPA rights

7.3 European Residents (GDPR)

If you are in the European Economic Area (EEA), you have rights under GDPR:

• Right to access, rectification, erasure, and restriction of processing
• Right to data portability and objection to processing
• Right to withdraw consent at any time
• Right to lodge a complaint with a supervisory authority

7.4 Exercising Your Rights

To exercise any of these rights, email us at privacy@scamsnitch.ai with your request. We will respond within 30 days.

8. Cookies and Tracking

We use cookies and similar technologies:

• Essential Cookies: Required for Service functionality (authentication, sessions)
• Preference Cookies: Remember your settings and choices
• Analytics Cookies: Understand usage patterns (privacy-focused, no personal tracking)

You can control cookies through your browser settings. Disabling essential cookies may affect Service functionality. See our Cookie Policy for details.

9. Third-Party Links

The Service may contain links to third-party websites (e.g., government agencies, service providers). We are not responsible for their privacy practices. Review their policies before providing information.

10. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect information from children. If we discover we have collected data from a child, we will delete it immediately.

11. International Data Transfers

Your information may be transferred to and processed in countries outside your residence, including the United States. These countries may have different data protection laws.

We use Standard Contractual Clauses and other safeguards to protect data transferred internationally.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the new policy with an updated "Last Modified" date
• Sending an email notification (for significant changes)
• Displaying a prominent notice on the Service

Continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

For questions about this Privacy Policy or to exercise your rights, contact us at: