Privacy Policy
Last updated: April 6, 2026
1. Who We Are
ScamShieldy (“we”, “us”, “our”) is an AI-powered scam and fraud detection service available at scamshieldy.com. We help users identify phishing attempts, scam messages, malicious URLs, and social engineering attacks in real time.
2. Information We Collect
Account Information
When you create an account, we collect your email address and a hashed password (via Supabase Auth). We also store your subscription plan (free or pro) and scan usage counts.
Scan Data
Text, URLs, or messages you submit for scanning are processed in real time by our detection engine. We may store anonymized scan results (threat score, category) for aggregate statistics. We do not store the raw content you submit beyond the immediate analysis session.
Usage Data
We collect basic usage metrics (number of scans today, threat counts) to display aggregate statistics. We do not use third-party analytics services that track individual behavior.
3. Google User Data (Gmail Shield)
ScamShieldy offers an optional Gmail Shield feature that connects to your Gmail account via Google OAuth 2.0 to automatically scan incoming emails for scams.
What we access
We request the https://www.googleapis.com/auth/gmail.metadata scope only. This scope allows us to read email metadata: sender address, subject line, date, and message ID. We do not access, read, or store the body or attachments of your emails.
Why we access it
Email subjects and sender addresses are sufficient to detect the majority of phishing, scam, and social engineering attacks. We analyze this metadata through our scam detection engine to flag suspicious messages and alert you.
How we store it
Your OAuth tokens (access token and refresh token) are encrypted at rest using AES-256-GCM and stored in our Supabase database. Tokens are associated with your user account and are never shared with third parties. Email metadata processed during scanning is not permanently stored — it is analyzed in memory and discarded.
How we use it
Google user data (email metadata) is used solely for the purpose of scam detection within ScamShieldy. We do not use this data for advertising, profiling, training AI models, or any purpose other than providing the Gmail Shield service you explicitly enabled.
Data sharing
We do not sell, share, transfer, or disclose Google user data to any third party. Your Gmail metadata is processed exclusively within ScamShieldy's infrastructure.
Revoking access
You can disconnect Gmail Shield at any time from your Gmail dashboard. This immediately revokes our access token and deletes your stored tokens from our database. You can also revoke access directly from your Google Account permissions page.
Compliance with Google API Services User Data Policy
ScamShieldy's use and transfer to any other app of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
4. Cookies and Session Storage
We use essential cookies for authentication (Supabase session cookies) and short-lived CSRF state tokens during OAuth flows. We do not use advertising or tracking cookies.
5. Data Retention
Account data is retained until you delete your account. OAuth tokens for Gmail Shield are deleted immediately when you disconnect the integration. Anonymized aggregate statistics (scan counts, threat counts) are retained indefinitely as they contain no personal information.
6. Security
We use industry-standard security practices: HTTPS everywhere, AES-256-GCM encryption for sensitive tokens, row-level security in our Supabase database, and server-side admin verification for all admin operations. Webhook signatures are verified before processing any payment events.
7. Your Rights
You have the right to access, correct, or delete your personal data. To request data deletion or export, contact us at the email below. We will respond within 30 days.
8. Changes to This Policy
We may update this privacy policy from time to time. The “Last updated” date at the top reflects the most recent revision. Continued use of ScamShieldy after changes constitutes acceptance of the updated policy.
9. Contact
For privacy-related questions, data deletion requests, or concerns about how we handle Google user data, please contact us at: privacy@scamshieldy.com