Privacy Policy | ScamsTester - Website Trust Verification

Last Updated: January 15, 2026

Effective Date: January 15, 2026

ScamsTester ("we," "us," "our," or the "Company") operates the website scamstester.com (the "Service"). This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you visit our website, use our trust verification tools, access our API, subscribe to our newsletter, or otherwise interact with our Service.

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this policy, please do not access or use our Service.

1. Information We Collect

1.1 Information You Provide Directly

We collect information that you voluntarily provide when you interact with our Service, including:

Contact Information: When you submit a contact form, report a website, or request a review, we collect your name, email address, and the content of your message.
Newsletter Subscription: When you subscribe to our newsletter, we collect your email address and any preferences you indicate.
Account Information: If you create an account for API access or premium features, we collect your name, email address, organization name, and billing information.
Search Queries: When you search for a website to check its trust score, we collect the domain names you submit.
Feedback and Surveys: If you respond to surveys, provide feedback, or participate in user research, we collect the information you provide in those interactions.
User-Generated Content: Any reviews, comments, or reports you submit about websites in our directory.

1.2 Information Collected Automatically

When you visit our Service, we automatically collect certain technical information through cookies, log files, and similar technologies:

Device Information: Browser type and version, operating system, device type (desktop, mobile, tablet), screen resolution, and device identifiers.
Usage Data: Pages visited, time spent on pages, click patterns, scroll depth, referring URLs, exit pages, and navigation paths through our site.
Network Information: IP address, approximate geographic location (city/country level derived from IP), Internet Service Provider (ISP), and connection type.
Log Data: Server logs that record the date and time of your visit, the pages you requested, HTTP status codes, data transferred, and the referring page.
Performance Data: Page load times, errors encountered, and other diagnostic information to help us improve the Service.

1.3 Information From Third Parties

We may receive information about you from third-party sources, including:

Analytics Providers: Aggregated usage data and demographic insights from services like Google Analytics.
Advertising Partners: Information about your interactions with advertisements that direct you to our Service.
Public Databases: Domain registration (WHOIS) data, SSL certificate information, and other publicly available data used in generating trust scores for websites.
Social Media Platforms: If you interact with our social media pages, we may receive information that you have made public on those platforms.

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Service Delivery and Improvement

Providing website trust scores, verification reports, and related analysis.
Processing and responding to your search queries, contact requests, and support inquiries.
Personalizing your experience and delivering content relevant to your interests.
Analyzing usage patterns to improve the design, functionality, and performance of our Service.
Developing new features, products, and services based on user needs and behavior.
Conducting research and statistical analysis to enhance the accuracy of our trust scoring algorithms.

2.2 Communication

Sending you our newsletter, scam alerts, and safety tips if you have opted in.
Notifying you of changes to our Service, policies, or terms.
Responding to your inquiries, feedback, and support requests.
Sending service-related announcements when necessary (e.g., maintenance notifications, security alerts).

2.3 Security and Fraud Prevention

Detecting, investigating, and preventing fraudulent, unauthorized, or illegal activity.
Protecting the security, integrity, and availability of our Service.
Enforcing our Terms of Service and other applicable policies.
Monitoring for abuse of our API and automated access features.

2.4 Legal Compliance

Complying with applicable laws, regulations, legal processes, or enforceable governmental requests.
Establishing, exercising, or defending legal claims.
Cooperating with law enforcement and regulatory authorities when required by law.

3. Legal Basis for Processing (EEA/UK Users)

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data based on the following legal grounds under the General Data Protection Regulation (GDPR):

Consent: Where you have given us explicit consent to process your personal data for specific purposes, such as receiving our newsletter or marketing communications.
Contract Performance: Where processing is necessary to perform our contractual obligations to you, including providing the Service and API access.
Legitimate Interests: Where processing is necessary for our legitimate business interests, such as improving our Service, preventing fraud, ensuring security, and conducting analytics—provided these interests are not overridden by your fundamental rights and freedoms.
Legal Obligation: Where processing is necessary to comply with our legal obligations under applicable law.

4. Cookies and Tracking Technologies

4.1 Types of Cookies We Use

We use the following categories of cookies and similar tracking technologies:

Strictly Necessary Cookies: Essential for the operation of our website. These cookies enable core functionality such as security, session management, and accessibility. You cannot opt out of these cookies as the Service cannot function without them.
Analytics Cookies: Help us understand how visitors interact with our website by collecting and reporting information anonymously. We use this data to improve the structure and content of our Service.
Functional Cookies: Allow our website to remember choices you make (such as your preferred language or region) and provide enhanced, personalized features.
Advertising/Marketing Cookies: Used to deliver advertisements relevant to you and your interests. They also help measure the effectiveness of advertising campaigns. These cookies may be set by third-party advertising networks with our permission.

4.2 Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to block or delete cookies. However, if you choose to block all cookies, some parts of our Service may not function properly. You can also opt out of interest-based advertising by visiting:

Digital Advertising Alliance: optout.aboutads.info
Network Advertising Initiative: optout.networkadvertising.org
European Interactive Digital Advertising Alliance: youronlinechoices.eu

4.3 Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not wish to be tracked. There is no uniform standard for how DNT signals should be interpreted, and our Service does not currently respond to DNT signals. However, you can manage your privacy preferences using the cookie controls described above.

5. Third-Party Services

We use trusted third-party service providers to help operate, maintain, and improve our Service. These providers have access to your personal information only to perform tasks on our behalf and are obligated not to disclose or use it for other purposes.

5.1 Categories of Third-Party Providers

Hosting and Infrastructure: Cloud hosting providers that store and serve our website and data (e.g., Amazon Web Services, Cloudflare).
Analytics: Services that help us analyze website traffic and user behavior (e.g., Google Analytics, Plausible Analytics).
Email Services: Providers that facilitate our newsletter distribution and transactional emails (e.g., Mailchimp, SendGrid).
Payment Processing: Secure payment processors for API subscription billing (e.g., Stripe). We do not store credit card numbers on our servers.
Content Delivery: CDN providers that deliver website assets efficiently to users worldwide.
Security: Services that help protect our website from DDoS attacks, bot abuse, and other security threats.
Customer Support: Tools that help us manage and respond to support requests.

5.2 Third-Party Links

Our Service contains links to third-party websites that are not operated by us. When you click on a third-party link, you will be directed to that party's site. We strongly advise you to review the privacy policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party websites or services.

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your information in the following circumstances:

With Your Consent: When you have given us explicit permission to share your information for a specific purpose.
Service Providers: With third-party vendors who perform services on our behalf, as described in Section 5.
Legal Requirements: When we believe in good faith that disclosure is necessary to comply with a legal obligation, protect our rights or property, prevent fraud, or ensure the safety of our users or the public.
Business Transfers: In connection with a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal data.
Aggregated or De-identified Data: We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you for research, analytics, or business purposes.

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Specific retention periods include:

Account Data: Retained for the duration of your account's existence and for up to 30 days after account deletion to allow for recovery.
Contact Form Submissions: Retained for up to 24 months after the inquiry is resolved.
Newsletter Subscriptions: Retained until you unsubscribe, plus up to 30 days for processing the unsubscription.
Analytics Data: Aggregated analytics data is retained for up to 26 months. Individual-level data is anonymized after 14 months.
Server Logs: Retained for up to 90 days for security and diagnostic purposes.
Search Queries: Domain search queries are anonymized and aggregated within 30 days for statistical purposes.
Legal and Compliance Records: Retained for as long as required by applicable law, typically 5–7 years.

When personal data is no longer required, we securely delete or anonymize it using industry-standard methods.

8. Data Security

We take the security of your personal information seriously and implement a range of technical and organizational measures to protect it, including:

Encryption: All data transmitted between your browser and our servers is encrypted using TLS 1.3 (256-bit encryption). Sensitive data at rest is encrypted using AES-256.
Access Controls: Access to personal data is restricted to authorized employees who need it to perform their job functions. All access is logged and monitored.
Infrastructure Security: Our servers are hosted in SOC 2 Type II certified data centers with physical security controls, redundant power, and environmental monitoring.
Regular Audits: We conduct regular security assessments, penetration testing, and vulnerability scans to identify and address potential risks.
Incident Response: We maintain a documented incident response plan and will notify affected users and relevant authorities of any data breach in accordance with applicable laws.

While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

9. Your Privacy Rights

9.1 Rights Under GDPR (EEA/UK Residents)

If you are a resident of the European Economic Area or the United Kingdom, you have the following rights under the General Data Protection Regulation:

Right of Access: You have the right to request a copy of the personal data we hold about you.
Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data.
Right to Erasure: You have the right to request that we delete your personal data, subject to certain legal exceptions.
Right to Restrict Processing: You have the right to request that we limit how we use your personal data.
Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
Right to Object: You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes.
Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw your consent at any time without affecting the lawfulness of prior processing.
Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.

9.2 Rights Under CCPA (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with the following rights:

Right to Know: You have the right to know what personal information we collect, use, disclose, and sell, including the categories and specific pieces of personal information collected.
Right to Delete: You have the right to request deletion of your personal information, subject to certain legal exceptions.
Right to Correct: You have the right to request that we correct inaccurate personal information.
Right to Opt-Out of Sale/Sharing: You have the right to opt out of the sale or sharing of your personal information. Note: ScamsTester does not sell your personal information.
Right to Limit Use of Sensitive Personal Information: You have the right to limit our use of sensitive personal information to purposes necessary for providing the Service.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

9.3 Rights Under Other Jurisdictions

Residents of other jurisdictions (including Brazil under LGPD, Canada under PIPEDA, and Australia under the Privacy Act) may have additional or different rights regarding their personal data. We are committed to honoring your privacy rights regardless of where you are located. Please contact us to exercise your rights.

9.4 Exercising Your Rights

To exercise any of the privacy rights described above, please contact us using the information provided in Section 13. We will respond to your request within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before processing your request to protect your privacy and security.

10. International Data Transfers

ScamsTester is based in the United States, and your information may be processed and stored in the United States or other countries where our service providers maintain facilities. If you are located outside the United States, please be aware that your information may be transferred to, stored, and processed in a country where data protection laws may differ from those in your jurisdiction.

When we transfer personal data from the EEA, UK, or Switzerland to countries that have not been deemed to provide an adequate level of data protection, we rely on appropriate safeguards, including:

Standard Contractual Clauses (SCCs) approved by the European Commission.
Data Processing Agreements with our service providers.
Certification under recognized frameworks where applicable.

11. Children's Privacy

Our Service is not directed to individuals under the age of 16 ("Children"). We do not knowingly collect personal information from children. If you are a parent or guardian and you become aware that your child has provided us with personal information, please contact us immediately. If we discover that we have collected personal information from a child without verified parental consent, we will take steps to delete that information from our servers as quickly as possible.

If you are between the ages of 16 and 18, you may use our Service only with the involvement of a parent or guardian who agrees to be bound by this Privacy Policy.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

Update the "Last Updated" date at the top of this page.
Post a prominent notice on our website for at least 30 days.
Send email notification to registered users and newsletter subscribers when significant changes are made.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of the Service after any changes to this policy constitutes your acceptance of the updated terms.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us through any of the following channels:

Email: privacy@scamstester.com
Contact Form: scamstester.com/contact
Postal Address: ScamsTester, Attn: Privacy Team, 548 Market Street, Suite 92100, San Francisco, CA 94104, United States

For GDPR-related inquiries, you may also contact our Data Protection Officer (DPO) at dpo@scamstester.com.

We aim to respond to all legitimate requests within 30 days. Occasionally, it may take longer if your request is particularly complex or if you have made multiple requests. In this case, we will notify you and keep you updated on our progress.