Privacy Policy

1. Introduction

Thank you for choosing StopScam LLC ( “StopScam,” “we,” “us,” or “our” ). We are committed to protecting the privacy and security of our users. This Privacy Policy ( “Policy” ) describes how we collect, use, disclose, and otherwise process personal information in connection with our mobile application, website, application‑programming interfaces, push‑notification service, and any other products or features that link to this Policy (collectively, the “Services”). By accessing or using the Services, you acknowledge that you have read and understood the practices described herein. If you do not agree with this Policy, please uninstall the application and discontinue all use.

2. Definitions

“Personal Information” / “Personal Data” — any information that identifies, relates to, describes, or could reasonably be linked to an identifiable individual.
“Processing” — any operation performed on Personal Information, whether or not by automated means, such as collection, storage, use, disclosure, or deletion.
“Controller” — the entity that determines the purposes and means of Processing Personal Information. StopScam LLC acts as Controller for information described in this Policy.

3. Scope & Applicability

This Policy applies to Personal Information collected (i) directly from you, (ii) automatically when you interact with the Services, and (iii) from third parties as described below. This Policy does not apply to information that cannot reasonably identify you (e.g., fully anonymized or aggregated data).

4. Legal Bases for Processing (EEA/UK Users)

Where the General Data Protection Regulation ( "GDPR" ) or UK GDPR applies, we rely on one or more of the following legal bases:

Contract — to provide and operate the Services you request;
Legitimate Interests — to improve, secure, and market our Services, provided such interests are not overridden by your rights;
Consent — for optional features such as marketing communications, where you have given clear consent;
Legal Obligation — to comply with law or defend legal claims.

5. Information We Collect

5.1 Information You Provide

User Content — screenshots, images, PDFs, e‑mails, URLs, text, and other materials submitted for scam analysis, which may contain names, contact details, account numbers, or similar data.
Account & Credentials — e‑mail address, password or authentication token, preferred language, subscription details.
Communications — content of support tickets, feedback, survey responses, or other messages.

5.2 Information Collected Automatically

Device & Usage Data — device model, operating‑system version, unique installation identifier, app version, IP address (processed transiently), language, time stamps, screens viewed, and in‑app actions.
Diagnostics — crash logs and performance metrics.
Approximate Location — region inferred from IP address or OS settings; we do not store precise GPS coordinates.
Push‑Token — unique identifier to deliver push notifications.

5.3 Information from Third Parties

Public Scam Databases & Breach Services — e.g., Have I Been Pwned results, Spamhaus, PhishTank.
App Stores & Payment Platforms — purchase history, subscription status, refunds.

We do not knowingly collect sensitive Personal Information (e.g., health or biometric data) unless you include it in User Content.

6. Purposes of Processing

We Process Personal Information to:

Provide the Services — perform scam analysis, run the AI cyber‑security assistant, deliver risk scores, reports, and push notifications;
Maintain & Improve the Services — debug, perform analytics, train AI models, and develop new features;
Communicate — send transactional e‑mails, security alerts, subscription reminders, and—where legally permitted—marketing communications;
Ensure Security & Prevent Fraud — authenticate users, detect malicious activity, and protect network integrity;
Comply with Law — satisfy legal obligations, respond to lawful requests, and enforce our Terms of Use. We do not use automated decision‑making that produces legal or similarly significant effects on individuals within the meaning of GDPR Article 22.

7. Sharing & Disclosure

We disclose Personal Information only as described below:

Service Providers & Sub‑Processors — trusted vendors (e.g., OpenAI, Google Cloud, Firebase, Apphud) that process data on our behalf under written agreements incorporating Standard Contractual Clauses or other approved safeguards;
Analytics & Crash Reporting Partners — receive pseudonymized or aggregated data to help us understand usage patterns and improve stability;
Legal & Safety Authorities — when required by law or to protect rights, property, or safety of users or the public;
Business Transfers — in connection with a merger, acquisition, or asset sale, subject to customary confidentiality protections;
With Your Consent — in any situation where you have expressly consented to the disclosure. We do not sell or rent Personal Information for monetary consideration.

8. International Transfers

Your information may be stored or processed in the United States or other jurisdictions. When transferring Personal Information from the EEA/UK to countries lacking an adequacy decision, we rely on Standard Contractual Clauses, the EU–U.S. Data Privacy Framework (if certified), or other lawful mechanisms.

9. Data Retention & Disposal

Uploaded User Content — deleted automatically within 30 days of upload;
Anonymized Extracted Text — retained up to 12 months to refine AI models;
Device & Usage Logs — retained up to 36 months on a rolling basis;
Flagged Scam Metadata — retained up to 5 years for threat‑intelligence purposes;
Encrypted Backups — backups containing Personal Information are encrypted and deleted on the same schedules or rendered inaccessible via cryptographic erasure. We may retain information longer if required to meet legal obligations or defend against claims.

10. Security Measures

We employ technical and organizational measures designed to protect Personal Information, including TLS/SSL encryption in transit, at‑rest encryption, role‑based access controls, multi‑factor authentication, background checks for employees with elevated privileges, regular vulnerability scanning, and an independent penetration‑testing program. We also sponsor a Responsible Disclosure Program; security researchers may report potential vulnerabilities to security@stopscam.ai. While we strive to use reasonable safeguards, no security system is impenetrable, and we cannot guarantee absolute security.

11. Your Privacy Rights

Depending on your jurisdiction, you may have the right to:

Access — obtain a copy of Personal Information we hold about you;
Portability — receive data in a structured, machine‑readable format;
Correction — request rectification of inaccurate or incomplete data;
Deletion — request erasure, subject to legal exemptions;
Restriction — request limited processing under certain circumstances;
Objection — object to processing based on legitimate interests or direct marketing;
Withdraw Consent — revoke consent at any time for processing based on consent;
Authorized Agent — designate an agent (e.g., under CCPA) to exercise rights on your behalf, subject to verification. To exercise rights, contact privacy@stopscam.ai. We will verify your identity (and authority of any agent) before responding. We will not discriminate for exercising rights.

12. Children’s Privacy

The Services are not intended for children under 18. We do not knowingly collect Personal Information from children under 13. If we learn that such data has been collected, we will delete it without delay.

13. Cookies & Similar Technologies

Our mobile application does not use traditional browser cookies. Integrated SDKs may store device identifiers or local data for analytics, crash reporting, or push‑notification delivery. You may reset advertising or device identifiers through your operating‑system settings.

14. Do Not Track & Global Privacy Controls

The Services do not respond to browser‑based Do Not Track signals or Global Privacy Control headers because they rely solely on first‑party analytics and do not track users across third‑party sites.

15. Third‑Party Links

The Services may contain links to external websites or resources. We are not responsible for the content or privacy practices of those third parties. We encourage you to review their privacy policies before providing information.

16. Changes to This Policy

We may update this Policy periodically. Material changes will be announced via in‑app notice, push notification, or e‑mail at least 30 days before they take effect. Your continued use after the effective date constitutes acceptance of the revised Policy.

17. Dispute Resolution & Governing Law

This Policy and any dispute arising hereunder are governed by the laws of the State of Delaware, USA, without regard to conflict‑of‑laws principles. Privacy‑related disputes are subject to the binding‑arbitration clause and class‑action waiver contained in our Terms of Use.

18. Contact Us

E‑mail (General): support@stopscam.ai
E‑mail (Privacy): privacy@stopscam.ai
Mail: StopScam LLC, 254 Chapman Rd, Ste 208 #20663, Newark, Delaware 19702, USA

19. Acknowledgment

By accessing or using the Services, you confirm that you have read, understood, and agree to this Privacy Policy. If you do not agree, you must uninstall the application and discontinue all use.