Privacy Policy

1. Introduction

Thank you for choosing StopScam LLC (“StopScam,” “we,” “us,” or “our”). We are committed to protecting your privacy and security. This Privacy Policy (“Policy”) explains how we collect, use, disclose, and otherwise process Personal Information when you interact with our mobile application, website, application-programming interfaces, push-notification service, or any other products or features that link to this Policy (collectively, the “Services”). By accessing or using the Services you acknowledge that you have read, understood, and agree to the practices described below. If you do not agree, please uninstall the application and discontinue all use.

2. Definitions

“Personal Information” / “Personal Data” — information that identifies, relates to, describes, or could reasonably be linked to an identifiable individual.
“Processing” — any operation performed on Personal Information, whether or not by automated means (e.g., collection, storage, use, disclosure, deletion).
“Controller” — the entity that determines the purposes and means of Processing Personal Information. StopScam LLC acts as Controller for information covered by this Policy.

3. Scope & Applicability

This Policy applies to Personal Information collected (i) directly from you, (ii) automatically when you interact with the Services, and (iii) from third parties as described below. It does not apply to data that cannot reasonably identify you (e.g., fully anonymised or aggregated information).

4. Legal Bases for Processing (EEA/UK Users)

Where the General Data Protection Regulation (GDPR) or UK GDPR applies, we rely on one or more of the following legal bases:

Contract — to provide and operate the Services you request.
Legitimate Interests — to improve, secure, and market our Services, provided such interests are not overridden by your rights.
Consent — for optional features such as marketing communications, where you have given clear consent.
Legal Obligation — to comply with law or defend legal claims.

5. Information We Collect

5.1 Information You Provide

User Content — screenshots, images, PDFs, e-mails, URLs, text, and other materials submitted for scam analysis, which may contain names, contact details, account numbers, or similar data.
Account & Credentials — e-mail address, password or authentication token, preferred language, subscription details.
Communications — content of support tickets, feedback, surveys, or other messages.

5.2 Information Collected Automatically

Device & Usage Data — device model, operating-system version, unique installation ID, app version, IP address (processed transiently), language, timestamps, screens viewed, in-app actions.
Diagnostics — crash logs and performance metrics.
Approximate Location — region inferred from IP address or OS settings; we do not store precise GPS coordinates.
Push Token — unique identifier required to deliver push notifications.

5.3 Information from Third Parties

Public Scam & Breach Databases — e.g., Have I Been Pwned® results, Spamhaus, PhishTank.
App Stores & Payment Platforms — purchase history, subscription status, refunds.

We do not knowingly collect sensitive Personal Information (e.g., health or biometric data) unless you include it in User Content.

6. Purposes of Processing

We process Personal Information to:

Provide the Services — perform scam analysis, run the AI cybersecurity assistant, deliver Security Check results, risk scores, and push notifications.
Maintain & Improve — debug, analyse usage, train AI models, and develop new features.
Communicate — send transactional e-mails, security alerts, renewal reminders, and (where legally permitted) marketing communications.
Ensure Security & Prevent Fraud — authenticate users, detect malicious activity, protect network integrity.
Comply with Law — satisfy legal obligations, respond to lawful requests, enforce our Terms of Use.

We do not engage in automated decision-making that produces legal or similarly significant effects within the meaning of GDPR Article 22.

7. Sharing & Disclosure

We disclose Personal Information only as described below:

Service Providers & Sub-Processors — trusted vendors (e.g., OpenAI, Google Cloud, Firebase, Apphud) that process data on our behalf under written agreements containing Standard Contractual Clauses or other approved safeguards.
Analytics & Crash Reporting Partners — receive pseudonymised or aggregated data to help us understand usage and improve stability.
Legal & Safety Authorities — when required by law or to protect the rights, property, or safety of users or the public.
Business Transfers — in connection with a merger, acquisition, or asset sale, subject to customary confidentiality protections.
With Your Consent — in any situation where you have expressly consented to the disclosure.

We do not sell or rent Personal Information for monetary consideration.

8. International Transfers

Your data may be stored or processed in the United States or other jurisdictions. When we transfer Personal Information from the EEA/UK to countries lacking an adequacy decision, we rely on Standard Contractual Clauses, the EU–U.S. Data Privacy Framework (if certified), or other lawful mechanisms.

9. Data Retention & Disposal

Uploaded User Content — deleted automatically within 30 days of upload.
Anonymised Extracted Text — retained up to 12 months for model improvement.
Device & Usage Logs — retained up to 36 months on a rolling basis.
Flagged Scam Metadata — retained up to 5 years for threat-intelligence purposes.
Encrypted Back-ups — deleted on the same schedules or rendered inaccessible via cryptographic erasure.

We may retain data longer where required to meet legal obligations or defend against claims.

10. Security Measures

We use technical and organisational safeguards, including TLS/SSL encryption in transit, encryption at rest, role-based access controls, multi-factor authentication, regular vulnerability scanning, independent penetration testing, and a Responsible Disclosure Programme. While we strive to protect your data, no system is completely secure, and we cannot guarantee absolute security.

11. Your Privacy Rights

Depending on your jurisdiction, you may have the right to:

Access — obtain a copy of the Personal Information we hold about you.
Portability — receive data in a structured, machine-readable format.
Correction — request rectification of inaccurate or incomplete data.
Deletion — request erasure, subject to legal exemptions.
Restriction — request limited processing in certain circumstances.
Objection — object to processing based on legitimate interests or direct marketing.
Withdraw Consent — revoke consent at any time where processing is based on consent.
Authorised Agent — designate an agent (e.g., under CCPA) to exercise rights on your behalf, subject to verification.

To exercise these rights, contact privacy@stopscam.ai. We will verify your identity (and, where applicable, the authority of any agent) before responding. We will not discriminate for exercising rights.

12. Children’s Privacy

The Services are not intended for children under 18. We do not knowingly collect Personal Information from children under 13. If we learn that such data has been collected, we will delete it promptly.

13. Cookies & Similar Technologies

Our mobile application does not use traditional browser cookies. Integrated SDKs may store device identifiers or local data for analytics, crash reporting, or push-notification delivery. You can reset advertising or device identifiers through your OS settings.

14. Do Not Track & Global Privacy Controls

Because the Services rely solely on first-party analytics and do not track users across third-party sites, we do not respond to Do Not Track signals or Global Privacy Control headers.

15. Third-Party Links

The Services may include links to external websites or resources. We are not responsible for the content or privacy practices of those third parties. We encourage you to review their privacy policies before providing information.

16. Changes to This Policy

We may update this Policy periodically. Material changes will be announced via in-app notice, push notification, or e-mail at least 30 days before they take effect. Your continued use after the effective date constitutes acceptance of the revised Policy.

17. Dispute Resolution & Governing Law

This Policy is governed by the laws of the State of Delaware, USA, without regard to conflict-of-law rules. Privacy-related disputes are subject to the binding-arbitration clause and class-action waiver contained in our Terms of Use.

18. Contact Us

General Support: support@stopscam.ai
Privacy Enquiries: privacy@stopscam.ai
Mail: StopScam LLC, 254 Chapman Rd, Ste 208 #20663, Newark, Delaware 19702, USA

19. Acknowledgment

By accessing or using the Services you confirm that you have read, understood, and agree to this Privacy Policy. If you do not agree, please uninstall the application and discontinue all use.