PHISHSCORE.ai
← Back to PhishScore.ai
PRIVACY POLICY
EFFECTIVE DATE: MARCH 24, 2026

Your privacy matters to us. This policy explains how PhishScore.ai collects, uses, and protects your information. We are committed to transparency about our data practices.

Key commitment: We never sell your data, never use it for advertising, and never share it with third parties for marketing purposes. Phone numbers and message content submitted for analysis are used solely for scam detection and community threat intelligence.

1. Introduction

PhishScore.ai ("we," "our," or "the Service") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data. By using PhishScore.ai, you agree to the practices described in this policy.

2. Information We Collect

Submission Data: When you submit a message for analysis, we may collect the message content, detected scam category, AI-generated score and tags, a one-sentence AI summary, and any phone numbers or email addresses visible in the submission. The level of data stored depends on your chosen visibility setting (Public, Private, or Anonymous).

Deep Intel Cases: For paid forensic investigations, we collect your email address, submitted content, a description of what happened, and payment confirmation details (order ID only — we never store card numbers).

Technical Data: We collect IP addresses for rate limiting purposes only and do not store them persistently or link them to your submissions.

Phone Numbers: Phone numbers submitted as part of suspicious messages are used solely for scam pattern identification and cross-referencing against threat intelligence databases. They are not used to contact you and are not shared with third parties for marketing.

3. How We Use Your Information

We use the information we collect to: provide AI scam analysis and scoring; display community threat intelligence in the dashboard; generate and deliver forensic investigation reports; improve AI detection accuracy through optional anonymized training data; and prevent abuse through rate limiting. We do not use your data for advertising, profiling, or sale to third parties.

4. Visibility Settings

Public submissions display your score, scam category, tags, and an AI-generated one-sentence summary in the community feed. No raw message content, sender addresses, or personal details are shown publicly.

Private submissions show only your score, category, and tags in the community feed. Message content and source are stored securely but never displayed publicly.

Anonymous submissions store nothing after analysis is complete. Only the score and category briefly appear in the feed with no content retained.

5. Data Storage and Security

Your data is stored in Supabase, a secure cloud database hosted on servers in the United States. We implement row-level security policies to protect your data. Payment processing is handled by our payment provider — we never receive or store your payment card details.

6. PhishScore AI Training (Optional)

When you opt in to "Train PhishScore AI" on the submission form, we extract anonymized features from your submission — score, scam category, tag labels, red flag types, and structural signals. Your original message content is never stored for training and is discarded immediately after features are extracted. This opt-in is entirely voluntary and your submission is analyzed identically whether you participate or not.

7. Third-Party Services

PhishScore.ai uses the following third-party services: Anthropic Claude API — AI analysis of submitted messages per Anthropic's privacy policy. Google Cloud APIs — URL threat checking (Web Risk), trend analysis (Gemini), entity extraction (Natural Language API), and image analysis (Vision API) for Deep Intel investigations. Resend — email delivery for forensic reports. Vercel — platform hosting. URLScan.io, AbuseIPDB, WhoisXML, VirusTotal — URL and domain threat intelligence for Deep Intel. Twilio — phone number intelligence for scam pattern analysis.

8. Data Retention

Public and Private submission data is retained indefinitely to power the community intelligence dashboard. Deep Intel case files are retained for a minimum of 90 days. Anonymous submissions are not retained after analysis. Anonymized training data records are retained until you request removal. You may request deletion of your data at any time by contacting us.

9. Your Rights

Depending on your location, you may have the right to: access the personal data we hold about you; request correction of inaccurate data; request deletion of your data; object to or restrict certain processing; and data portability. To exercise any of these rights, please contact contact@phishscore.ai. We will respond within 30 days.

10. GDPR and International Users

If you are located in the European Economic Area (EEA), United Kingdom, or other jurisdictions with data protection laws, you have additional rights under applicable regulations including GDPR. Our legal basis for processing is legitimate interest (community fraud detection) and contract performance (for paid Deep Intel services). By using the Service, you consent to your data being processed in the United States.

11. CCPA — California Residents

California residents have the right to know what personal information we collect, request deletion of personal information, and opt out of the sale of personal information. We do not sell personal information. To submit a CCPA request, contact contact@phishscore.ai.

12. Children's Privacy

PhishScore.ai is not directed at children under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has submitted information to our Service, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes by posting a notice on the platform. Continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact Us

For privacy-related questions, data requests, or concerns:
contact@phishscore.ai  |  phishscore.ai

This document is a draft and should be reviewed by a qualified attorney before publication.  |  View Terms & Conditions