Privacy in Plain English

No legalese. No vague corporate speak. Here's exactly what happens to your data from the moment you paste it until it's gone — with links so you can verify every claim yourself.

1.You paste or upload something

When you paste a suspicious message or upload a screenshot, it stays in your browser until you hit “Check This Message.” We don't see it, store it, or do anything with it until you actively choose to scan.

2.It travels encrypted to our server

Your message is sent over HTTPS — the same encryption your bank uses. Nobody can read it in transit. It arrives at our server, which runs on Netlify's SOC 2-certified infrastructure.

3.We hand it to Claude for analysis

We send your message to Anthropic's Claude AI to check for scam patterns. Anthropic's policy is explicit: they do not train models on API inputs. They process it, return the analysis, and that's it. We use the paid API tier, which has a zero-retention data policy.

4.Results are cached briefly for sharing

The analysis result and your submitted message are stored in our database. This enables the share link — if you send someone your result URL, they can view it. Each result gets a random UUID that cannot be guessed.

Is the share link guessable? No. Each result gets a random UUID (e.g. a3f8c2d1-7b4e-...). There are 340 undecillion possible IDs — it cannot be guessed or enumerated.

Who can access it? Only someone with the exact URL. There is no index, no search, no way to browse other people's results.

5.Your data stays private

Without an account: Your message and analysis are stored with a random ID that is not linked to your identity. We never share your submitted messages with third parties. The data is used only to power your result and to improve scam detection accuracy.

With an account: If you're signed in, analysis results are saved to your scan history so you can review them later. This data is stored in our database and linked to your account. You can delete individual scans or your entire history at any time from your dashboard.

What about screenshots?

If you upload a screenshot instead of pasting text, here's what's different:

Your image is resized in your browser first. Before it ever leaves your device, we scale it down and compress it. This happens entirely client-side — we never see the full-resolution original.
The image is sent directly to Claude's vision model. We don't run OCR ourselves or store the image on our server. It goes straight to Anthropic for analysis and follows the same zero-retention policy as text.
Be aware of what's visible in your screenshot. If your screenshot shows your name, profile photo, phone number, or other personal info, that will be included in what's sent for analysis. Consider cropping first if you're concerned.

About our ads

We run ads on Facebook and Instagram to help people find ScamSignal. To measure whether those ads are working, we use the Meta Pixel — a small piece of code that tells Facebook when someone visits our site after clicking an ad.

What it can see: That you visited ScamSignal, which pages you viewed, and whether you started an analysis. Basic stuff.

What it cannot see: The content of any message you paste or screenshot you upload. Your scan results. Your verdict. None of that is shared with Meta or anyone else.

Want to opt out? You can block the Meta Pixel with any ad blocker (like uBlock Origin), adjust your Facebook ad preferences, or use your browser's built-in tracking protection. ScamSignal works exactly the same with or without it.

Our promises to you

We do not sell your data. Not now, not ever.
We do not build a profile of you.
We do not store your messages permanently without your account (and you can delete them anytime).
We do not require an account to use the scanner.
We do not share your data with anyone except Anthropic (for the AI analysis) and our service providers (Clerk for auth, Stripe for payments).
The Meta Pixel we use for ad measurement cannot see the content of your messages — it only knows you visited the site.

The hard questions

What if you get hacked?

For unregistered users, submitted messages are stored with random IDs and are not linked to any identity — there are no emails, passwords, or personal details to steal. For registered users, account data (email, scan history) is stored in an encrypted database. We minimize the data we hold so the attack surface stays small.

What if Anthropic changes their data policy?

We monitor their policies and would switch providers or notify users before sending data under different terms. Their current API terms explicitly prohibit using customer inputs for training. If that changes, we change too.

Where are your servers located?

Our app runs on Netlify's edge network, with serverless functions executing in the US. Anthropic's API also processes requests in the US. Both are SOC 2 compliant.

Do you comply with GDPR and CCPA?

Yes. For unregistered users, most GDPR/CCPA obligations are minimized by design since we don't store personal data. For registered users, you can delete your scan history and account from your dashboard at any time. EU and California residents can also email us to exercise any data rights.

Can law enforcement subpoena my scanned messages?

Submitted messages are stored in our database but are not linked to your identity for unregistered users. We do not collect names, IP addresses, or device identifiers for anonymous scans. Registered users can delete their scan history at any time. We would comply with valid legal process but minimize data collection by design.

Why should I believe any of this?

Fair question. You can verify the key claims yourself:

Still have questions? Email us at support@scamsignal.ai and we'll answer in plain English, too. You can also read the full legal privacy policy if you want the formal version.

← Back to Home

4.Results are cached briefly for sharing

Is the share link guessable? No. Each result gets a random UUID (e.g. a3f8c2d1-7b4e-...). There are 340 undecillion possible IDs — it cannot be guessed or enumerated.

Who can access it? Only someone with the exact URL. There is no index, no search, no way to browse other people's results.

5.Your data stays private

About our ads

What it can see: That you visited ScamSignal, which pages you viewed, and whether you started an analysis. Basic stuff.

What it cannot see: The content of any message you paste or screenshot you upload. Your scan results. Your verdict. None of that is shared with Meta or anyone else.

Our promises to you

We do not sell your data. Not now, not ever.

We do not build a profile of you.

We do not store your messages permanently without your account (and you can delete them anytime).

We do not require an account to use the scanner.

We do not share your data with anyone except Anthropic (for the AI analysis) and our service providers (Clerk for auth, Stripe for payments).

The Meta Pixel we use for ad measurement cannot see the content of your messages — it only knows you visited the site.