Privacy Policy

1. Introduction

This Privacy Policy describes how ScamScan (the "App") collects, uses, and protects your information. By using the App, you agree to this Privacy Policy.

2. Information We Collect

The App collects and uses the following information.

2.1 Information for AI Analysis

• Message Text
  SMS, email, DM, or other message text that you input or paste into the App. Used for scam probability analysis.
• Image Data
  Screenshots or photos that you upload. Converted to Base64 format and used together with text for analysis.
• Authentication Data
  To prevent abuse of the AI analysis API, we use an ID token issued by Firebase Authentication (sent in the Authorization header) and a device identifier (terminalId) when issuing that token.

2.2 Usage Analytics (Google Analytics 4)

This App uses Google Analytics 4 for usage analytics and may automatically collect the following information.

• Google Analytics 4
  Collects data on App usage, screen transitions, engagement, etc. to improve service quality.

For Google's data collection and usage, please refer to Google's Privacy Policy:

• Google Analytics for Firebase Privacy Policy

3. Information We Do Not Collect

The App does not collect the following information.

• Location information (GPS)
• Device ID, IMEI, MAC address
• Contact information
• Call history
• SMS history (automatic collection)
• Camera or microphone access (except when manually triggered by user)
• Other information not directly related to scam detection

4. Purpose of Information Use

Collected information is used for the following purposes.

• Scam message analysis and detection
• Improving App quality and features
• Investigating and fixing bugs
• Statistical analysis of usage patterns (when using GA4)

5. Third-Party Sharing

Collected information may be shared with the following third parties.

5.1 AI Analysis API (OpenAI Inc.)

For message analysis, input text and image data are sent to the AI API provided by OpenAI Inc. (United States) via our secure proxy endpoint (https://api-gpt.eerf0309.workers.dev). Sent data is used for scam analysis and may also be used by OpenAI to improve and train their AI models.

Transmission Timing: Data is sent only after the user explicitly agrees in the consent modal and taps the AI analysis action. No data is sent automatically before consent.

Transmission Route: api-gpt.eerf0309.workers.dev (Cloudflare Workers) to the OpenAI API.

For OpenAI's data handling practices, please refer to:

• OpenAI Privacy Policy

5.2 Google LLC (Firebase / Google Analytics)

Through the use of Google Analytics 4, data collected by Google is processed in accordance with Google's Privacy Policy.

For AI API authentication, terminalId is sent to Firebase Functions, and Firebase Authentication issues ID tokens. This authentication data is used solely for AI feature access control and abuse prevention.

5.3 Legal Requirements

Information may be disclosed to third parties in the following circumstances:

• When required by law, such as court orders, police, or other government authorities
• When necessary to protect the App's rights, ensure user safety, or investigate fraud
• In the event of business transfer, merger, or acquisition

6. Data Retention and Management

6.1 Local Data

Analysis history and user settings are saved in local storage on your device. These data are not saved to the cloud and are not transferred outside your device. Therefore, data is managed only on your device and will be lost if you delete the App or factory reset your device.

Note: History data older than the specified retention period in settings will be automatically deleted (when retention feature is implemented).

6.2 AI API Sent Data

Message and image data sent for AI analysis is processed by OpenAI Inc. (United States). OpenAI may use your submitted data to train and improve their AI models. Data may also be retained temporarily for abuse monitoring as described in OpenAI's privacy policy. The App does not store this data on any external servers.

Firebase Authentication ID tokens are used only for authentication processing, and terminalId sent to Firebase Functions is used only for token issuance. The App does not persist these authentication data items in external storage.

7. Your Rights

You have the following rights:

• Right to Access
  You may request access to personal information that the App has collected about you.
• Right to Correct
  You may request correction of inaccurate information.
• Right to Delete
  You may request deletion of personal information. Additionally, uninstalling the App will delete all local data.
• Right to Opt-Out
  You may request cessation of information usage.
• Right to Opt-Out
  You may request cessation of information usage.

Please contact us at the contact information below for these requests.

8. Data Security

The App takes reasonable and appropriate technical and organizational measures to protect your information. However, we cannot guarantee 100% security for information transmitted over the internet.

9. Children Under 13

The App is not intended for children under 13 years of age. We do not knowingly collect personally identifiable information from children under 13. If we discover that a child under 13 has provided personal information, we will promptly delete it.

Parents or guardians who are aware that their child has used the App or provided personal information should contact us at the contact information below.

10. Disclaimer

The App's analysis is an AI-based estimation and does not guarantee 100% accuracy. The final decision should be made by you. We are not responsible for any damages resulting from the App's analysis results.

11. Changes to Privacy Policy

We may update this Privacy Policy as necessary. Changes will be posted on this page. We recommend that you review this page regularly.

12. Contact Us

For questions about this Privacy Policy, or requests for access, correction, or deletion of information, please contact us at: