ScamSweep — Privacy Policy

1. Introduction

This Privacy Policy describes how Synapse Forge LLC, a Nevada limited liability company("ScamSweep," "we," "us," or "our") collects, uses, discloses, and otherwise processes personal information in connection with our websites, mobile applications, APIs, scam-analysis tools, educational content, and related services (the "Service").

We are committed to handling personal information responsibly and in line with this Policy and applicable law. By using the Service, you acknowledge that you have read this Privacy Policy and our Terms of Service, which are incorporated by reference where applicable.

2. Who this policy applies to

This policy applies to visitors to our public pages, registered users, subscribers, and anyone who otherwise interacts with the Service. If you are using the Service on behalf of a family member, household, or organization, you should share this policy with them when appropriate.

3. Information we collect

Depending on how you use the Service, we may collect the following categories of information:

3.1 Account and profile information

When you create or maintain an account, we may collect identifiers such as your name, email address, phone number, password or authentication credentials (managed through our identity provider), and account preferences. We may also collect information you add to your profile or trusted contacts (for example, family alert settings), where those features are available.

3.2 Content you submit for analysis

The Service is designed to help you evaluate potentially fraudulent communications. If you use scam check, upload, or similar features, you may submit text, images, screenshots, URLs, phone numbers, or other content ("Submitted Content"). This content can include your own information and, in some cases, information about third parties (for example, a message purportedly from a sender, or content that references another person). Please only submit what you are legally allowed to share and what is necessary for your legitimate use of the Service.

3.3 Usage, device, and technical data

We may automatically collect or derive:

• Device and browser type, operating system, and approximate location derived from IP address;
• IP address and general log information (for example, timestamps, request metadata, and error logs);
• Service interactions, such as pages or screens viewed, features used, and session duration, where we use analytics in line with the choices and controls we describe in this policy;
• Identifiers and cookies or similar technologies, as described in the Cookies section.

3.4 Payment information

If you purchase a subscription, our payment processor (Stripe) collects and processes your payment details directly. We do not receive or store your full card number; we receive limited information such as your subscription status, billing country, and the last four digits or card brand needed to manage your account and comply with our obligations.

3.5 Communications with us

If you contact support, respond to surveys, or send us email, we store the information you provide (such as your contact details and the content of your message) to respond and to maintain records as permitted by law.

3.6 Information from service providers and integrations

We work with third-party vendors to host the Service, authenticate users, process payments, send email, provide security monitoring, and—where you enable them—connect optional integrations. These providers may send us information necessary to perform their services (for example, payment or subscription status from a processor), subject to their own terms and our agreements with them.

3.7 Optional demographic and area information

To help us understand and warn people about how scams spread, you may optionally provide an age range and a ZIP code when you create your account. In addition, when you run a scam check we may derive a coarse location (such as your state or region and city) from your network connection.

We use this information only to produce de-identified, aggregated statistics — for example, which age groups or geographic areas particular scams appear to be targeting — shown in our internal operations dashboards. These aggregates are not used to identify you, are not tied to the contents of your messages, and we do not sell them. Providing your age range and ZIP code is entirely optional and you can leave them blank; you may also ask us to update or delete them at any time (see “Your privacy rights and choices” below).

Please be thoughtful about sensitive data. Do not submit government ID numbers, full bank or card numbers, health records, or other highly sensitive categories of information in free-text fields unless you have a clear, lawful reason to do so and you understand the risks. If you are unsure, use official, trusted contact channels for that organization instead of pasting full details into any automated tool.

4. How we use information

We use personal information for purposes such as:

• Providing the Service — including account creation, authentication, scam checks, saved history (where available), and family or notification features you configure;
• Processing payments — billing, managing subscriptions, and preventing payment fraud;
• Security and abuse prevention — including detecting fraud against our own systems, rate limiting, investigating misuse, and enforcing our Terms;
• Improving the Service — including quality measurement, product analytics in aggregated or de-identified form, and model or rule improvement where permitted by this policy;
• Communications — including service messages, support responses, and, where you opt in or where allowed by law, information about the Service;
• Legal and compliance — including complying with law, responding to lawful requests, and protecting rights and safety.

4.1 Legal bases (EEA, UK, and similar jurisdictions)

Where the GDPR, UK GDPR, or similar laws apply, we rely on one or more of the following:

• Performance of a contract — to provide the Service you requested;
• Legitimate interests — to secure the Service, improve features, and prevent abuse, where not overridden by your rights;
• Consent — where required for certain cookies, marketing, or optional features, which you may withdraw; and
• Legal obligation — where the law requires us to process or retain data.

5. Automated analysis, pattern checks, and human review

Parts of the Service use automated systems—including rules, heuristics, and advanced pattern-matching and analysis tools hosted by vetted sub-processors—to help classify risk and provide explanations. No automated system is perfect; outputs are assists for your judgment, as described in our Terms of Service.

We may use de-identified, aggregated, or otherwise limited data sets to improve detection and product quality. We do not use your private account registration details to improve generic public services except where you have been informed and, where required, have consented, or the use is required to provide the feature you asked for in a privacy-preserving way.

Some jurisdictions give you the right to object to or request information about certain automated processing. You may contact us as described in the "Your rights" section below. We are not using automated decision-making to deny you a job, credit, housing, or other solely automated legal or similarly significant effect about you as an individual consumer in the sense of some privacy laws; the Service analyzes content you choose to submit to help you assess possible scams.

6. Cookies and similar technologies

We and our service providers may use cookies, local storage, pixels, and similar technologies for session management, security, remember-me preferences, and—where you agree—analytics to understand how the Service is used. You can control many cookies through your browser or device settings. Strictly necessary cookies may be required for core functionality; disabling them can limit certain features.

7. How we share information

We may share personal information in the following circumstances:

• Service providers / sub-processors who assist us in operating the Service (for example, cloud hosting, authentication, email delivery, payment processing, error monitoring, or security), subject to appropriate contractual protections;
• Professional advisors (for example, lawyers and accountants) where required for our business;
• Business transactions — if we are involved in a merger, acquisition, or asset sale, personal information may be transferred as part of that transaction, subject to confidentiality, and we will require the successor to honor this policy or notify you of changes as required by law;
• Legal and safety — when we believe disclosure is required to comply with law, respond to valid legal process, protect our users or the public, or enforce our agreements.

We do not sell your personal information for money.

7.1 Our key sub-processors

We rely on the following categories of vendors to provide the Service. Each processes personal information only as needed to perform its function and under contractual confidentiality and security obligations:

• Supabase — database, authentication, and hosting of account and application data;
• Stripe — payment processing and subscription billing;
• OpenAI — automated analysis of content you submit for scam evaluation;
• Resend — transactional and account email delivery;
• Cloud hosting and infrastructure providers — to run and deliver the Service securely.

This list may change as the Service evolves; we will keep it current and provide notice of material changes where required by law. To request the most current list, contact help@scamsweep.com. Submitted Content sent to our analysis sub-processor is processed to return your result and is not used by that provider to train its general models except as permitted by our agreement with it.

8. International data transfers

We operate from the United States. If you access the Service from outside the United States, your information may be processed in the U.S. and in other countries where our sub-processors operate. When we transfer personal information from the EEA, UK, or Switzerland to the United States or other countries, we use appropriate safeguards where required, such as standard contractual clauses or other approved mechanisms, together with supplemental measures where appropriate.

9. Data retention

We keep personal information only as long as needed for the purposes described in this policy, unless a longer period is required or permitted by law. Retention can depend on the type of data (for example, account records versus short-lived server logs) and our need to resolve disputes, enforce our terms, or meet security requirements. We may de-identify or aggregate information and retain it in that form without limitation where permitted.

10. Security

We implement appropriate technical and organizational measures designed to protect personal information against unauthorized access, loss, or misuse. These measures can include access controls, encryption in transit where standard for the Service, secure development practices, and vendor assessments. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. If you believe your account or data has been compromised, contact help@scamsweep.com promptly.

In the event of a data breach affecting your personal information, we will notify you and the relevant authorities as and when required by applicable law.

11. Your privacy rights and choices

Depending on where you live, you may have the following types of rights, subject to exceptions:

• Access / know — request a copy of or more detail about the personal information we hold about you;
• Correction — request that we correct inaccurate information;
• Deletion — request that we delete certain personal information;
• Portability — where applicable, request a copy of your information in a structured, machine-readable format;
• Objection or restriction — in some jurisdictions, object to or ask us to restrict certain processing;
• Opt-out of certain processing— such as non-essential marketing communications or, where required, certain analytics or "sharing" (we describe sale/share above);
• Non-discrimination — we will not deny services or change prices solely for exercising privacy rights where that is prohibited by law.

To exercise rights, contact help@scamsweep.com or use in-product controls (such as account settings) where we provide them. We may need to verify your request and may decline requests that are manifestly unfounded, excessive, or prohibited by law.

11.1 EEA, UK, and related complaints

If you are in the EEA, UK, or certain other regions, you may have the right to lodge a complaint with a supervisory authority. We encourage you to contact us first so we can try to resolve your concern. Our contact for privacy inquiries is help@scamsweep.com.

11.2 California residents (summary)

The California Consumer Privacy Act, as amended ("CCPA"), may grant California residents specific rights, including the right to know, delete, and correct personal information, and the right to opt out of the "sale" of personal information or "sharing" for cross-context behavioral advertising, where applicable. As stated above, we do not sell personal information for money in the traditional sense, and we do not share personal information for cross-context behavioral advertising as those terms are commonly used. You may still submit privacy requests as described in this section.

If you are a California resident, you may designate an authorized agent to make a request on your behalf, subject to verification. We do not offer financial incentives for data collection that would require a separate notice under the CCPA; if we add such a program, we will provide the required notice.

11.3 Other U.S. states

Several other U.S. states have enacted consumer privacy laws with varying scopes. Where a law applies to our processing, we will honor the rights and requirements applicable to the Service, including responding to verified requests in line with that law. Contact help@scamsweep.com to submit a request.

11.4 Nevada residents

Nevada law (NRS Chapter 603A) gives Nevada consumers the right to direct certain businesses not to make a covered "sale" of certain personal information. We do not sell your personal information as defined under Nevada law. Nevada residents who wish to submit a verified opt-out request may nonetheless contact us at help@scamsweep.com.

12. Children's privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, contact help@scamsweep.com and we will take steps to delete it, subject to law. If you are a parent or guardian and your teen uses the Service, please supervise their use and review this policy with them.

13. Do Not Track and Global Privacy Control

There is not yet a consistent industry standard for "Do Not Track" browser signals, and we do not respond to all DNT headers uniformly. Where required by applicable law, we treat a recognized Global Privacy Control (GPC) signal as a valid request to opt out of the "sale" or "sharing" of personal information for the browser or device that sends it. We otherwise handle privacy choices through this policy, applicable law, and any cookie or analytics controls we provide.

14. Third-party sites and services

The Service may link to third-party websites, educational resources, or social platforms. This policy does not govern those services. We encourage you to read their privacy policies before you provide information to them.

15. Changes to this Privacy Policy

We may update this policy from time to time. We will post the updated version on this page and revise the "Last updated" date. If we make material changes, we will provide additional notice as required by law (for example, by email or a prominent notice in the Service). Your continued use of the Service after the effective date of the updated policy is subject to the new policy, unless prohibited by law.

16. How to contact us

For questions about this Privacy Policy or to exercise your privacy rights, contact us at the following. Please include a clear subject line and enough detail for us to help you. We will respond within the timeframes required by applicable law, where they apply.

This policy is provided for general information and is not legal advice. You should have qualified counsel review it for your business model, jurisdictions, and data practices.