Privacy Policy for ScamScan by Guardianly

Last Updated: April 7, 2026

What is this policy?

Guardianly, Inc. ("Guardianly," "we," "our," or "us") values your privacy and we have prepared this Privacy Policy ("Policy") to help you understand how we collect, use, and disclose information that we obtain about and from users of our ScamScan web application (the "Service"), and how we use and disclose that information.

By accepting our Terms of Service and this Policy and/or using our Service, you agree that your personal information will be handled as described in this Policy. Your use of our Service is subject to this Policy and our Terms of Service.

Service Availability: ScamScan is currently available worldwide through our web application at scamscan.guardianly.ai.

Who are we?

We are Guardianly, Inc. We are the controller in relation to the personal information processed in accordance with this Policy.

Our contact details:

• Email: support@guardianly.ai
• Address: 131 Continental Drive, Suite 305, Newark, DE 19713

What does ScamScan do?

ScamScan is a web-based scam detection service that enables users to:

• Upload and analyze images of suspicious messages, emails, or other content for potential scams
• Submit text content (emails, SMS messages, URLs) for AI-powered scam analysis
• Receive instant AI-generated verdicts on whether content is likely a scam
• Get educational information about how scams work and how to protect yourself
• View real-world scam examples through curated video recommendations
• Save and manage conversation history (for registered users)
• Use the service anonymously without creating an account (with limited scans per month)

The Service is offered by Guardianly on a purely opt-in basis and users can stop using ScamScan at any time.

Whose personal information do we process?

We may process personal information relating to you if:

1. You use ScamScan as a registered user - You have signed in with Google to access full features
2. You use ScamScan anonymously - You access the service without signing in, using limited monthly scans
3. You submit content for analysis - You upload images or text content to check for potential scams

What personal information do we process?

We may obtain information about you in a variety of ways. The personal information relating to you that we process may include:

Google Account Information (For Registered Users Only): When you sign in with Google, we collect your email address, display name, profile picture (avatar URL), and email verification status. This information is provided by Google OAuth and stored on our secure servers to manage your account and provide personalized services. We do not have access to your Google password.

Device Information (For Anonymous Users): When you use ScamScan without signing in, we create a unique device fingerprint based on your browser characteristics. This browser-based identifier is used to track your monthly usage quota (5 scans per month for anonymous users) and is stored on our servers. We also collect your IP address for rate limiting and abuse prevention.

Content You Submit for Analysis: When you use ScamScan, we collect and process:

• Images you upload (screenshots, photos of messages/emails)
• Text content you submit (message text, email content, URLs)
• Your questions and follow-up messages in conversations
• Conversation history including timestamps and message order

Analysis Results and Verdicts: We store the AI-generated analysis results, scam verdicts (scam likely/unlikely), educational content, and recommendations provided to you. This helps us improve our detection accuracy and allows registered users to review past analyses.

Usage Data: We collect information about how you use ScamScan, including:

• Number of scans performed and remaining quota
• Conversation creation and deletion events
• Feature usage patterns (image vs. text scans)
• Video recommendation views
• Session information and timestamps

Technical Information: We automatically collect technical data including:

• Browser type and version
• Operating system
• Device type (mobile, tablet, desktop)
• IP address
• Referrer URL
• Language preferences

How We Use Your Information

We use the collected information for the following purposes:

Primary Service Delivery

• Analyze uploaded images and text content for potential scams using AI
• Generate scam detection verdicts and safety recommendations
• Provide educational content about scam tactics and protection strategies
• Recommend relevant educational videos showing real scam examples
• Maintain conversation history for your reference (registered users)
• Track and enforce monthly usage quotas (5 scans for anonymous, 30 for registered users)

Service Improvement and Analytics

• Improve AI scam detection accuracy using machine learning models
• Analyze usage patterns to enhance user experience
• Develop new features and detection capabilities
• Conduct research on emerging scam tactics and trends
• Monitor service performance and reliability
• Optimize AI model performance for faster analysis

Security and Abuse Prevention

• Prevent fraudulent use and abuse of the service
• Detect and block automated scraping or bot activity
• Enforce rate limits and usage quotas
• Maintain service security and integrity

Communication

• Send important service announcements and updates (registered users only)
• Respond to support requests and user feedback
• Provide customer service

Data Storage and Processing

Backend Storage: The following data is stored on our secure cloud servers (Google Cloud Platform):

• Uploaded images (stored in Google Cloud Storage buckets)
• Conversation history and messages
• User account information (for registered users)
• Device fingerprints (for anonymous users)
• Usage statistics and quota tracking
• AI analysis results and verdicts

Browser Storage: Some data is stored locally in your browser using localStorage for:

• Authentication tokens (registered users)
• Device fingerprints (anonymous users)
• Session management

Third-Party AI Processing: We utilize third-party AI services for analyzing content you submit. When you use ScamScan:

• Your uploaded images are sent to third-party AI services for visual analysis
• Your submitted text content is sent to third-party AI services for text analysis
• These services process your data in real-time according to their privacy policies
• We do not control how third-party AI services use data sent to them
• Analysis is performed in real-time and is not stored by these services beyond processing

Data Synchronization: For registered users, your conversation history and preferences are synchronized between your browser and our backend services to provide consistent access across devices and sessions.

Data Sharing and Third-Party Services

Service Providers: We share your information with specific third-party service providers who perform functions on our behalf:

• Google Cloud Platform - Provides secure cloud infrastructure for data storage and processing. Hosts our backend services, databases, and image storage. See Google's Privacy Policy for their data handling practices.
• Third-Party AI Services - Processes uploaded images and text content for AI-powered scam analysis and detection. Receives conversation content, uploaded images, and text submissions. These services have their own privacy policies governing data handling practices.
• Google OAuth - Handles user authentication for registered users. Receives and verifies your Google account credentials. See Google's Privacy Policy for their data handling practices.

Business Transfers: If we are acquired, merged, or transfer substantially all of our assets, we may transfer your information to the acquiring entity.

Legal Requirements: We may disclose your information to comply with legal obligations, court orders, or law enforcement requests, or to protect our rights and safety.

No Sale of Personal Information: We do NOT sell, trade, or otherwise transfer your personal information to third parties for their marketing purposes.

Data Security

We implement industry-standard security measures to protect your information:

• Encryption in Transit: All data transmission uses HTTPS/TLS encryption
• Secure Storage: Images stored in Google Cloud Storage with lifecycle policies and access controls
• Authentication: Google OAuth for secure user authentication
• Database Security: Encrypted database connections and access controls
• API Security: Authenticated endpoints with abuse protection
• Access Controls: Limited employee access on a need-to-know basis
• Regular Audits: We regularly review and update our security practices

Data Retention

We retain your personal information according to the following policies:

• Anonymous User Conversations: Automatically deleted after 90 days of inactivity
• Registered User Conversations: Retained until you manually delete them or close your account
• Uploaded Images:
  • Registered users: Retained until you delete the conversation or close your account
  • Anonymous users: Automatically deleted when conversations are deleted (90 days of inactivity)
• Account Information: Deleted immediately when you close your account
• Usage Statistics: Aggregated, anonymized data may be retained for service improvement and analytics
• Device Fingerprints: Retained for 90 days to track anonymous user quotas
• AI Processing Data: Data sent to third-party AI services is subject to their retention policies (processed in real-time, not stored long-term)

When you delete your account (registered users), we immediately initiate deletion of all your personal data across our systems.

Your Rights and Choices

You have the following rights regarding your personal information:

For Registered Users:

• Access: View all your conversations and submitted content through the web interface
• Delete Conversations: Delete individual conversations at any time through the web interface
• Delete Account: Request account deletion by contacting support@guardianly.ai. We will process your request within 30 days and permanently delete all your data.
• Export: Request an export of your conversation history by contacting support@guardianly.ai
• Sign Out: Sign out of your account to stop syncing data

For Anonymous Users:

• Clear your browser data to reset your device fingerprint and usage quota
• Your conversations are automatically deleted after 90 days of inactivity
• You cannot recover conversations after closing your browser (no account storage)

Browser Controls:

• Clear cookies and local storage through browser settings
• Disable JavaScript (will prevent ScamScan from working)
• Use private/incognito browsing mode for temporary sessions

How to Exercise Your Rights: Contact us at support@guardianly.ai for data access, export, or deletion requests.

Account Deletion and Re-Registration: To prevent abuse, if you delete your account, the associated email address will be temporarily blocked from creating a new account for 90 days. This email-only record is retained for fraud prevention purposes (legitimate interest under GDPR Article 6(1)(f)) and is automatically deleted after 90 days.

Cookies and Tracking

We use browser storage mechanisms including:

• Essential Storage: localStorage for authentication tokens and device fingerprints (required for service functionality)
• Session Storage: Temporary storage for uploaded images before submission
• No Third-Party Tracking: We do NOT use third-party advertising cookies or cross-site tracking
• No Analytics Cookies: We do NOT use Google Analytics or similar tracking services

Children's Privacy

ScamScan is intended for users of all ages, including children, as scam education and protection is important for everyone. However:

• Registered accounts require users to be at least 13 years old (Google account requirement)
• Anonymous users under 13 may use the Service with parental supervision
• We do not knowingly collect personal information from children under 13 who create registered accounts
• For anonymous users under 13, we only collect device fingerprints and uploaded content necessary for service delivery
• Parents can contact us to delete any data collected from children under 13
• We comply with COPPA (Children's Online Privacy Protection Act) requirements

International Users

Our services are hosted in the United States. If you access ScamScan from outside the US, your information will be transferred to, processed, and stored in the United States. By using the Service, you consent to this transfer.

Some of our third-party service providers may process data in multiple countries:

• Google Cloud Platform may process data across Google's global infrastructure
• Third-Party AI Services may process data in the United States and other countries where these service providers operate

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request disclosure of personal information collected, used, and shared
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: We do NOT sell personal information, so no opt-out is needed
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise these rights, contact us at support@guardianly.ai.

Automated Decision-Making and AI Analysis

ScamScan uses automated AI systems for:

• Scam Detection: Analyzing uploaded images and text content using third-party AI services to identify potential scams, fraudulent patterns, and suspicious elements
• Content Analysis: Automatically extracting text from images, identifying visual patterns, and analyzing message content
• Verdict Generation: Providing automated "Scam Likely" or "Scam Unlikely" verdicts based on AI analysis
• Recommendation System: Suggesting relevant educational videos based on detected scam types

Important Limitations:

• AI analysis is NOT 100% accurate and may produce false positives or false negatives
• Verdicts are advisory only and should not be your sole basis for decision-making
• You should use your own judgment when evaluating potential scams
• The AI processes your submitted content through third-party AI services according to their terms and privacy policies

Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of any material changes by:

• Posting the updated policy on this page
• Updating the "Last Updated" date
• Sending an email notification to registered users (for material changes)
• Displaying a notice on the ScamScan website

Your continued use of the Service after changes constitutes acceptance of the updated policy.

Third-Party Privacy Policies

Our service integrates with several third-party services that have their own privacy policies:

• Google Privacy Policy: https://policies.google.com/privacy
• Google Cloud Platform: https://cloud.google.com/terms/cloud-privacy-notice
• Google OAuth: https://developers.google.com/terms/api-services-user-data-policy

We encourage you to review these policies to understand how these services handle your information.

Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: support@guardianly.ai
Privacy Inquiries: support@guardianly.ai
Address: 131 Continental Drive, Suite 305, Newark, DE 19713

Effective Date

This Privacy Policy is effective as of April 7, 2026 and applies to all users of ScamScan.