Privacy Policy

Last updated: May 31, 2026

ScamSleuth ("we," "us") helps families protect older or at-risk relatives from scams. This policy explains what we collect, why, and the choices you and the protected person have. We built this product around a simple principle: monitor for danger, keep as little as possible.

The short version. We scan incoming messages for scam patterns. Messages that look safe are analyzed and discarded — only items flagged as suspicious are stored. The protected person must personally consent before any monitoring begins, and can withdraw consent at any time.

1. Who this policy covers

Account holders — the family member (or self-protecting individual) who creates an account and receives alerts.
Protected persons ("seniors") — the individual whose communications are monitored, with their consent.
Free (Bronze) users — people who use our browser extension with no account. We do not store their browsing; checks are stateless.

2. Information we collect

Account information

Name, email, phone number, password (stored hashed), and subscription tier.
Payment information is processed by Stripe; we never see or store full card numbers.

Monitoring data (with consent)

For automated email/message monitoring, we access incoming messages to analyze them for scam indicators.
We do not retain messages that are assessed as safe. They are scored and discarded.
Only messages flagged as suspicious or dangerous are stored, along with the detection signals, so your family can review them.
Consent records — including a voice confirmation from the protected person and a tamper-evident log — are retained as proof that monitoring was authorized.

Free browser extension

When checking a website, the URL is sent to our service for a real-time safety verdict and is not stored.
No account, no history, no profile.

Usage & technical data

Basic logs (IP address, device/browser type, timestamps) for security and to operate the service.
Anonymized counts (e.g., how many messages were scanned) to monitor service health.

3. How we use information

To detect scams and alert the family.
To provide the dashboard, recovery guidance, and assistant features.
To process subscriptions and send service communications (e.g., the weekly digest).
To secure the service and prevent abuse.

4. Service providers we share with

We use trusted third parties strictly to operate the service. We do not sell personal information. These providers process data on our behalf:

Anthropic (Claude) — AI analysis of message content for scam indicators.
Hive Moderation — AI-generated image detection.
Resemble Detect — AI voice-cloning detection.
Google Safe Browsing — malicious-link checking.
Twilio — SMS alerts.
SendGrid — transactional and digest emails.
Stripe — payment processing.

5. Affiliate links & advertising

The family dashboard may show recommendations for products we believe help families (e.g., identity-protection services). These are clearly labeled. We may earn a commission if you sign up through them. Recommendations appear only on the family dashboard — never on the protected person's interface. Gold subscribers see no recommendations.

6. Consent & the protected person's rights

Monitoring of another person begins only after that person personally consents, including a voice confirmation.
The protected person can withdraw consent at any time, which stops monitoring.
Consent is re-confirmed periodically.

7. Your choices

Access, correct, or delete your account data by contacting us.
Cancel your subscription at any time from the dashboard.
Disable specific monitoring channels at any time.

8. Data retention

Safe messages are not retained. Flagged items and consent records are kept while your account is active and for a reasonable period afterward as required for legal, security, and dispute-resolution purposes, then deleted.

9. Security

We use industry-standard measures to protect data, including encryption in transit and hashed passwords. No system is perfectly secure, but we work to minimize what we hold and protect what we do.

10. Children

ScamSleuth is not directed to children under 13 and we do not knowingly collect their data.

11. Changes

We may update this policy. Material changes will be communicated through the service. Continued use after an update constitutes acceptance.

12. Contact

Questions or requests: [email protected].

This template is provided for general informational purposes and is not legal advice. Have it reviewed by a qualified attorney before relying on it, especially for compliance with laws such as GDPR, CCPA/CPRA, and state electronic-monitoring statutes.