๐Ÿ“„ Legal Document

Privacy Policy

Version 2.2 Effective: April 2026 Last Updated: April 2026
Regions covered: UAE ยท Saudi Arabia ยท Qatar ยท Kuwait ยท Bahrain ยท Oman ยท India ยท Bangladesh ยท Philippines

Contents

  1. 01 Introduction
  2. 02 No Account Required
  3. 03 First-Time User Consent
  4. 04 What Data We Collect
  5. 05 Data Storage & Security
  6. 06 Data Retention
  7. 07 How We Use the Data
  8. 08 Data Sharing
  9. 09 App Store Compliance
  10. 10 Children's Privacy
  11. 11 Your Rights
  12. 12 Regional Legal Compliance
  13. 13 Cookies & Tracking
  14. 14 Changes to This Policy
  15. 15 Contact Us
1

Introduction

ScamCheck AI is an AI-powered scam detection application designed to help individuals identify and report scam messages, links, QR codes, calls, and emails. We are committed to protecting your privacy while building a safer digital community across the GCC, India, Bangladesh, and the Philippines.

This Privacy Policy explains what data we collect, why, how it is stored, your rights, and how we comply with UAE PDPL, Saudi Arabia PDPL, India DPDP Act 2023, Bangladesh Digital Security Act 2018, Philippines Data Privacy Act 2012 (Republic Act No. 10173), and Apple App Store and Google Play Store requirements.

By using ScamCheck, you agree to the practices described in this Privacy Policy.
2

No Account Required

๐Ÿ”“
Fully Anonymous

ScamCheck does not require you to create an account, register, or provide any personally identifiable information (PII). All features are available completely anonymously.

3

First-Time User Consent

On your first launch, ScamCheck displays the following notice before any data is processed:

"To protect the community, ScamCheck may store scam content when our AI detects high risk (70% or above), or when you choose to report a scam manually. No personal data is ever stored. Tap Continue to agree."

You must acknowledge this before using the app. This satisfies consent requirements under Apple App Store guidelines, Google Play Store Data Safety requirements, UAE PDPL, India DPDP Act 2023, Bangladesh Digital Security Act 2018, and Philippines Data Privacy Act 2012.

4

What Data We Collect and Why

ScamCheck collects data through two distinct, clearly defined triggers. We do not collect your name, phone number, email, device identifiers, IP address, location, or any information that identifies you as a user.

4.1 Trigger 1 โ€” AI-Detected Scam (Automatic)

โšก Automatic

When you submit content for scanning and our AI returns a risk score of 70% or higher, the following is automatically stored:

  • The scanned content (message text, URL, QR data, or phone number submitted)
  • The AI-generated risk score
  • The detected scam category
  • Date and time of scan โ€” no user identity attached
  • Data source tag: "ai_detected"
Purpose: To build scam intelligence, train AI models, and protect other users from the same scam.

Below 70%: Content is immediately discarded and never stored on any system.

4.2 Trigger 2 โ€” User-Reported Scam (Intentional)

โœ‹ Manual Report

When you manually submit a report via "Report a Scammer" or "Report Scam", the following data is initially recorded. However, a reported phone number or email address will only be retained if independently reported by multiple users. Single, uncorroborated reports are discarded.

  • The reported phone number or email address
  • The selected scam category (e.g., Scam Call, Phishing Email, Fake Offer)
  • Your custom description of the scam (if provided)
  • Date and time of the report
  • Data source tag: "user_reported"
Important: A reported phone number or email address is only retained where the same identifier has been independently reported by more than one user. This corroboration requirement is a deliberate safeguard against false, mistaken, or maliciously submitted reports. Uncorroborated reports are permanently discarded.

4.3 Data We Never Collect

  • Your name, personal email address, or phone number as a user
  • Device identifiers, advertising IDs, or IP addresses
  • Location data of any kind
  • Contacts, photos, microphone, or camera (QR scanning is in-session only, never stored)
  • Browsing history, app usage behaviour, or third-party analytics
  • Payment or financial information of any kind
5

Data Storage and Security

๐Ÿ”’
Encryption at Rest

All data is stored securely using industry-standard encryption at rest.

๐Ÿ”
Encryption in Transit

All data in transit is protected with TLS 1.2+ encryption.

๐Ÿ—
Data Residency

Storage infrastructure is compliant with GCC, India, Bangladesh, and Philippines data residency and security requirements.

๐Ÿ‘
Access Control

Access to stored data is restricted to authorised ScamCheck personnel only. Regular security audits and vulnerability assessments are conducted.

6

Data Retention

  • AI-Detected Scans (Trigger 1): Retained for as long as reasonably necessary for scam threat intelligence and community protection, subject to periodic review.
  • User-Reported Scams (Trigger 2): Where a reported identifier meets the corroboration threshold, retained as long as reasonably necessary. Uncorroborated reports are discarded immediately.
  • Content Scoring Below 70%: Immediately discarded, never stored.

ScamCheck periodically reviews retained data to assess whether continued storage remains necessary. Data that no longer serves an active intelligence function will be deleted.

7

How We Use the Data

  • To detect and flag scam content for the protection of all users
  • To train, improve, and validate our AI scam detection models
  • To build a community-driven scam intelligence database for the GCC, India, Bangladesh, and the Philippines
  • To generate anonymised regional scam trend reports shown in the Scam Alerts feature
  • We do not sell, rent, or share data with third parties for commercial or advertising purposes
  • We do not use data for user profiling or behavioural targeting of any kind
8

Data Sharing

We do not sell or rent any data. We may share anonymised, aggregated scam intelligence with:

  • Government cybersecurity agencies (e.g., UAE CIRT, CERT-In India, BGD e-GOV CIRT Bangladesh, DICT Philippines) for public safety
  • Law enforcement agencies when legally required by court order or applicable law
  • Our secure cloud infrastructure provider, solely for storage and processing
Our infrastructure provider is contractually bound by appropriate privacy and security standards. We do not share data with advertisers, data brokers, analytics providers, or commercial third parties.
9

App Store and Play Store Compliance

๐ŸŽ Apple App Store

Data Linked to YouNone
Data Not Linked to YouScam content โ‰ฅ70%
Used to Track YouNone
PurposeApp functionality only

๐Ÿค– Google Play Store

Data CollectedAnonymised scam content
Encrypted in TransitYes (TLS 1.2+)
Encrypted at RestYes
Users Can Request DeletionYes
Shared with Third PartiesNo
Used for Tracking/AdsNo
10

Children's Privacy

ScamCheck is not directed at children under 13 (or under 18 where applicable). We do not knowingly collect data from minors. If you believe a minor has used the app, contact support@scamcheck-ai.com immediately and we will take appropriate action.
11

Your Rights

Depending on your jurisdiction, you have the right to:

  • Know what scam content data (if any) was stored from your submission
  • Request deletion of specific data you submitted (e.g., a specific phone number or message)
  • Withdraw consent at any time by uninstalling the app โ€” no further data is collected
  • Lodge a complaint with your local data protection authority
Since we do not collect personal identifiers, deletion requests are processed based on the submitted content. Contact: support@scamcheck-ai.com
12

Regional Legal Compliance

๐Ÿ‡ฆ๐Ÿ‡ช UAE โ€” Personal Data Protection Law (PDPL)

  • No personal data collected without explicit first-launch consent
  • Processing strictly limited to stated scam detection purpose
  • Data stored securely with appropriate technical and organisational safeguards

๐Ÿ‡ธ๐Ÿ‡ฆ Saudi Arabia โ€” PDPL

  • Data processing limited to scam intelligence purposes only
  • No cross-border transfer of personal data occurs
  • Users informed of all data processing at first launch

๐Ÿ‡ถ๐Ÿ‡ฆ Qatar โ€” Personal Data Privacy Protection Law (Law No. 13 of 2016)

  • Compliant with Law No. 13 of 2016 administered by the Ministry of Transport and Communications
  • No personal data of users in Qatar is collected, stored, or processed
  • All submitted scam content is fully anonymised at the point of submission

๐Ÿ‡ฐ๐Ÿ‡ผ Kuwait โ€” Law No. 20 of 2014 & Cybercrime Law No. 63 of 2015

  • Compliant with applicable electronic communications and cybercrime legislation
  • No personal data of users in Kuwait is collected, stored, or processed
  • ScamCheck will cooperate with Kuwaiti authorities where lawfully required

๐Ÿ‡ง๐Ÿ‡ญ Bahrain โ€” Personal Data Protection Law (Law No. 30 of 2018)

  • Compliant with Bahrain PDPL, administered by the PDPA of Bahrain
  • No personal data of users in Bahrain is collected, processed, or stored
  • Processing conducted on a lawful basis consistent with Article 4 of Bahrain PDPL
  • Users may exercise rights under Bahrain PDPL via support@scamcheck-ai.com

๐Ÿ‡ด๐Ÿ‡ฒ Oman โ€” Personal Data Protection Law (Royal Decree No. 6 of 2022)

  • Compliant with Oman PDPL (in force 13 February 2023), supervised by the ITA
  • No personal data of users in Oman is collected, stored, or processed
  • Users may exercise rights under the Omani PDPL via support@scamcheck-ai.com

๐Ÿ‡ฎ๐Ÿ‡ณ India โ€” Digital Personal Data Protection Act (DPDP) 2023

  • Consent obtained at first launch as required under Section 6 of the DPDP Act
  • Data processed only for stated purpose of scam detection and community protection
  • Data Fiduciary obligations met as all scam content is fully anonymised

๐Ÿ‡ง๐Ÿ‡ฉ Bangladesh โ€” Digital Security Act 2018 & ICT Act 2006

  • ScamCheck does not collect personal data of users in Bangladesh
  • User consent obtained at first launch
  • ScamCheck will cooperate with BGD e-GOV CIRT where legally required

๐Ÿ‡ต๐Ÿ‡ญ Philippines โ€” Data Privacy Act 2012 (Republic Act No. 10173)

  • Compliant with RA 10173 and its Implementing Rules and Regulations (IRR)
  • No personal, sensitive, or privileged information collected from users in the Philippines
  • Users have rights to be informed, to object, to access, and to erasure under RA 10173
  • ScamCheck will cooperate with the National Privacy Commission (NPC)
13

Cookies and Tracking

๐Ÿšซ
No Tracking

ScamCheck does not use cookies, web beacons, advertising identifiers, analytics SDKs, or any tracking technologies. The app does not track your behaviour across other apps or websites.

14

Changes to This Privacy Policy

We may update this Privacy Policy periodically. When we do, we will update the "Last Updated" date and notify users via an in-app notice on the next launch. Continued use of ScamCheck after any changes constitutes your acceptance of the updated policy.

15

Contact Us

๐Ÿ›ก๏ธ
ScamCheck AI
โœ‰๏ธ
Email: support@scamcheck-ai.com
๐ŸŒ
Website: www.scamcheck-ai.com
๐Ÿ“„
Privacy Policy URL: www.scamcheck-ai.com/privacy-policy

This Privacy Policy is publicly accessible at www.scamcheck-ai.com/privacy-policy as required by Apple App Store and Google Play Store submission guidelines.