Privacy Policy

We are committed to ensuring that your privacy is protected and maintaining transparency about our data practices.

Introduction

This Privacy Policy describes how Scamy ("we," "our," or "us") collects, uses, and protects your information when you use our website security services. We are committed to ensuring that your privacy is protected and maintaining transparency about our data practices.

Information Collection

Our service collects minimal information necessary to provide website security verification:

Website domains that you submit for security analysis

URL you submit or the active tab URL when you click the extension

User interactions with security warnings

Optional name and email if you contact us or report a scam

Your email address to check against third-party data breach databases

Results of security checks associated with your email address

Data Usage

The information we collect is used exclusively for the following purposes:

To verify the security status of websites you wish to check

To improve our threat detection accuracy

To maintain and enhance our security database

To provide you with relevant security notifications

To check your email address against third-party data breach databases to alert you if your credentials have been compromised

To provide personalized security recommendations based on potential breach exposure

Data Protection

We implement the following data protection measures:

Account preferences (locale, scan-history toggle, marketing-email consent) are stored on our servers and tied only to your account

When you use the Chrome extension anonymously (no account), we do not retain a browsing record. The extension uses the Chrome "activeTab" permission, which lets it read only the URL of the tab you check.

When you are signed in, see "Account Scan History" below for what we keep and for how long

Website domains are processed solely for security verification

Account Scan History

When you are signed in, we keep a small amount of scan activity on your account so the dashboard can show you what we have caught for you. This section explains exactly what is kept, why, and how to remove it.

What we keep:

  • A per-day count of scans you ran (no domains attached). Used for your "scans this week" stats and any activity graph.
  • Domains of scans that flagged as suspicious or dangerous, kept for 30 days. These appear in your Recent Activity and Mobile Reports tab so you can see what we caught.
  • We do not retain the domains of scans that came back safe — only the day-count.

Why we keep it:

  • To show you a meaningful dashboard ("X scans this week, Y threats caught")
  • To let you review threats you encountered in the last 30 days
  • To compute your security health score

Your control:

  • You can disable scan history any time from Settings. While disabled, neither the day-count nor threat records are written.
  • You can clear all scan history with one click from Settings → "Clear history".
  • Threat records auto-delete after 30 days regardless of any other action.
  • Deleting your account wipes everything, including the day-count history.

Security Monitoring & Breach Detection

When you create an account with Scamy, we automatically check your email address against third-party data breach databases that aggregate information about publicly disclosed security incidents. This helps us determine if your credentials may have been compromised.

What we check:

  • Your email address is checked against known data breaches
  • We identify if your credentials appeared in any publicly disclosed security incidents
  • We store the results to provide you with personalized security recommendations
  • We never see, know, or store your compromised passwords from these breaches. We only receive notification that your email was involved in a specific incident.

Why we do this:

  • To immediately alert you if your email has been found in data breaches
  • To help you take preventive action to secure your accounts
  • To provide better security awareness and protection as part of our core service

Your control & Third-party processing:

  • Initial security check is performed automatically as part of our security service
  • You can enable or disable ongoing monitoring from your dashboard settings
  • We use reputable third-party security databases for breach verification
  • Your email address is transmitted securely to these services, which operate their own privacy practices

Data Sharing & Third-Party Services

Our commitment to your privacy includes strict controls on data collecting and sharing:

• No Personal Data Collection

We do not collect personal information unless you choose to provide it (for example, when you submit a contact form or report a scam).

• No Data Sales

We do not sell any data to any third parties.

• Secure API Processing

Website domains are only processed through our secure API.

• No Advertising

We do not use any data for advertising purposes.

Cookie Information

Scamy.io Cookie:

Malicious Domain Preference Cookie – Remembers your malicious domain selections to prevent false positives.

Third-Party Services:

Google Captcha – Bot protection

Google Analytics – Traffic analysis

Microsoft Clarity – UX insights

Third-party services are used solely for analytics with anonymized data. These providers may have their own advertising cookies beyond our control. You can manage cookies through our consent banner.

Questions About Privacy?

If you have questions about our privacy practices, contact us via email at [email protected].

Contact UsBack to Home
Back to Home
Hero background