This Privacy Policy explains how ScamHunter ("we", "us") handles information when you use the ScamHunter mobile application (the "App") and the website scamhunter.app. We built ScamHunter to be private by design: no account is required, your check history stays on your device, and the content you check is processed transiently.
1. Information we process
1.1 Content you submit for analysis
When you check a message, email, link or screenshot, that content is sent to our analysis servers to produce a verdict. This may incidentally include personal data contained in the content (for example a phone number inside a suspicious SMS). We use this content only to perform the analysis you requested.
- Analysis is transient: submitted content is processed in memory to generate the verdict and is not retained as a copy of your message after the request completes, except in short-lived technical logs (see 1.3).
- Screenshots are downscaled on your device before upload.
- We do not use your submitted content to train AI models, build advertising profiles, or sell it to anyone.
1.2 Data stored on your device
Your check history (verdicts, previews, settings, language, subscription state) is stored locally on your device. We cannot access it. You can delete it at any time in Settings → Delete history or by uninstalling the App.
1.3 Technical data
Our servers keep short-lived technical logs (IP address, timestamps, request status) for security, abuse prevention (rate limiting) and reliability. Logs are automatically deleted within 30 days.
1.4 Purchases
Subscriptions are processed by Apple App Store or Google Play. We receive anonymous purchase validation data (e.g. an entitlement status), never your payment card details.
2. Third-party processors
To produce a verdict, parts of the analysis involve the following categories of processors:
- AI processing: the text/screenshot you submit is analyzed by a large-language-model provider acting as our processor (currently Google Gemini via OpenRouter). Providers are contractually restricted from using API data to train models.
- Security lookups: domains and links extracted from your content may be checked against public security services (WHOIS/RDAP registries, TLS endpoints, threat-intelligence blocklists such as URLhaus, PhishTank and OpenPhish). Only the technical artifact (the domain or URL), never your message text, is involved in these lookups.
- App stores: Apple / Google for purchases and app distribution.
3. What we do NOT do
- We do not sell or rent personal data.
- We do not show third-party advertising or share data with ad networks.
- We do not require an account, email address, or phone number to use the App.
- We do not read anything on your device without your action — analysis happens only when you explicitly share, paste or photograph something.
4. Legal bases (EU/EEA users)
Where the GDPR applies, we process submitted content to perform the service you request (Art. 6(1)(b)), and technical logs based on our legitimate interest in security and abuse prevention (Art. 6(1)(f)).
5. Your rights
Depending on your location, you may have rights to access, correct, delete, or export personal data, and to object to or restrict processing. Because we keep almost nothing — history lives on your device and analysis is transient — most requests are satisfied by deleting the App's local data. For anything else, contact support@scamhunter.app and we will respond within 30 days. See also Delete account & data.
6. Data retention summary
- Submitted content: transient — processed in memory per request.
- Server logs: up to 30 days.
- Check history: on your device only, until you delete it.
- Purchase entitlements: for the lifetime of your subscription as required for service delivery.
7. Children
ScamHunter is not directed at children under 13 (or the equivalent minimum age in your country) and we do not knowingly collect personal data from them.
8. Security
Traffic between the App and our servers is encrypted with TLS. Servers apply least-privilege access, rate limiting, and short log retention.
9. International transfers
Our processors may operate in the United States and the European Union. Where data leaves the EU/EEA, transfers rely on appropriate safeguards such as Standard Contractual Clauses.
10. Changes to this policy
We will post any changes on this page and update the effective date. Material changes will be highlighted in the App.
11. Contact
Privacy questions: support@scamhunter.app
General: info@scamhunter.app