Privacy Policy

What we collect

We never store the text you submit. Your input is hashed (SHA-256) before anything is written to our database — the original text cannot be recovered from the hash.

If you submit a confirmation vote ("Was this a scam?"), we store the hash of your input, the verdict, your response, and a timestamp. No account, name, or email is required or collected.

Rate limiting

Your IP address is used to enforce a daily limit of 10 checks. It is held in a short-term cache and automatically deleted after 24 hours — never written to our main database.

Third-party services

Your input is sent to Groq for AI analysis. Hashed data is stored via Supabase. The app is hosted on Vercel, which may log basic request metadata.

We cross-reference indicators against public threat feeds (URLhaus, PhishTank, OpenPhish, StopForumSpam). Your input is not shared with these services.

Cookies & tracking

No tracking cookies, analytics, or advertising networks are used.