Privacy Policy

1. Introduction

ScammerGuardian LLC ("Company," "we," "us," or "our") respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the ScammerGuardian service ("Service"), including our website at www.scammerguardian.com, our mobile application, and our AI-powered call screening system.

Please read this Privacy Policy carefully. By using the Service, you consent to the data practices described in this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

2. Information We Collect

2.1 Information You Provide Directly

• Account information: Name, email address, and password (or third-party authentication data via Google) when you create an account
• Guardian contact details: Phone number for receiving SMS alerts about blocked calls
• Protected Person information: Name, phone number, and phone type (iPhone or Android) of the person whose calls are being screened
• Whitelist contacts: Names and phone numbers of trusted contacts added to the whitelist
• Blocklist entries: Phone numbers you manually add to the permanent block list
• Custom screening settings: Greeting name, custom challenge questions, sensitivity preferences, and any custom block rules you configure
• Payment information: Credit or debit card details provided during checkout (processed and stored by Stripe; we do not directly store your full card number)

2.2 Information Collected Automatically Through Call Screening

• Caller phone numbers: The phone number of each person who calls the Protected Person's forwarded number
• Call recordings: Audio recordings of the AI screening conversation with unknown callers (whitelisted calls are not recorded)
• Call transcripts: Automated transcriptions of screened calls and voicemail messages
• Caller speech content: What the caller says during the screening conversation, used by the AI to determine if the call is legitimate or a scam
• AI classification data: The AI's verdict (pass, block, or voicemail) and its reasoning for the classification
• Call metadata: Date, time, duration, and call status

2.3 Information Collected Automatically Through Website/App Usage

• Device information: Device type, operating system, browser type, and version
• Usage data: Pages visited, features used, buttons clicked, and session duration
• IP address: Used for security, fraud prevention, and general location estimation (not precise geolocation)
• Cookies and similar technologies: Session cookies for authentication and preferences (see Section 8)

3. How We Use Your Information

We use the information we collect to:

• Provide call screening: Route incoming calls, screen unknown callers via AI, execute block/pass/voicemail verdicts, and bridge legitimate calls to the Protected Person
• Send notifications: Deliver real-time SMS alerts when scam calls are blocked, daily email summaries, and weekly reports
• Maintain call history: Display call logs, recordings, transcripts, and AI reasoning in your dashboard
• Manage your whitelist and blocklist: Auto-whitelist callers that pass screening, maintain your manually curated contact lists
• Process payments: Charge subscription fees, manage billing, and handle refunds or cancellations
• Improve the Service: Analyze call patterns and AI accuracy to improve scam detection algorithms (using aggregated, de-identified data)
• Communicate with you: Send account-related emails (billing confirmations, password resets, service updates, trial ending reminders)
• Ensure security: Detect and prevent fraud, abuse, and unauthorized access to accounts
• Comply with legal obligations: Respond to lawful requests from law enforcement or regulatory authorities

4. How We Share Your Information

We do not sell your personal information. We share your information only in the following circumstances:

4.1 Service Providers

We share information with third-party service providers who perform services on our behalf:

• Twilio — receives caller phone numbers, Protected Person phone numbers, and call audio for telephony routing, recording, and transcription
• OpenAI — receives call transcripts for AI-powered scam classification; OpenAI processes this data according to their API data usage policy and does not use API inputs to train their models
• Stripe — receives payment information for subscription billing; Stripe is PCI DSS Level 1 certified
• Clerk — receives email and authentication credentials for account management
• Resend — receives email addresses for sending notifications, daily summaries, and weekly reports
• Railway — our cloud hosting provider where application data is stored and processed

4.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid legal requests by public authorities, including to meet national security or law enforcement requirements.

4.3 Business Transfers

If ScammerGuardian LLC is involved in a merger, acquisition, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or uses of your personal information.

4.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

5. Data Retention

We retain your information according to the following schedule:

You may request early deletion of your data at any time by contacting us at info@scammerguardian.com.

6. Data Security

We take the security of your personal information seriously and implement appropriate technical and organizational measures to protect it, including:

• Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher
• Encryption at rest: Sensitive data stored in our database is encrypted at rest
• Secure authentication: Account authentication is managed by Clerk with industry-standard security practices including password hashing
• PCI compliance: Payment processing is handled by Stripe, which is PCI DSS Level 1 certified. We never store your full credit card number on our servers
• Access controls: Internal access to user data is restricted to authorized personnel on a need-to-know basis
• Regular security reviews: We regularly review our security practices and update them to address new threats

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but will notify you of any data breach affecting your personal information as required by applicable law.

7. Call Recording and Caller Privacy

Our Service records calls from unknown callers during the AI screening process. This section addresses the privacy implications of call recording.

7.1 What Is Recorded

• The AI screening conversation between our system and unknown callers
• Voicemail messages left by callers when the AI classifies a call as uncertain

7.2 What Is NOT Recorded

• Calls from whitelisted contacts that are passed through directly
• Calls between the Protected Person and a caller after the call has been bridged (passed through by the AI)
• Outgoing calls made by the Protected Person

7.3 Caller Notification

All callers who are screened hear a verbal disclosure at the beginning of the call: "This call may be recorded for quality purposes." This provides notice to the caller, which is required under many state recording consent laws.

7.4 State-Specific Recording Laws

Call recording laws in the United States vary by state. "One-party consent" states allow recording if at least one party to the conversation consents. "Two-party consent" (or "all-party consent") states require all parties to consent.

States with two-party / all-party consent requirements:

California, Connecticut, Delaware, Florida, Illinois, Maryland, Massachusetts, Michigan, Montana, Nevada, New Hampshire, Oregon, Pennsylvania, Vermont, and Washington.

ScammerGuardian provides verbal recording notice to all callers regardless of which state they or the Protected Person are located in. By continuing the call after hearing this notice, the caller is deemed to have provided implied consent.

Important: As the Guardian, it is your responsibility to ensure that the Protected Person is aware of and consents to the call screening and recording process. If you have questions about the recording laws in your state, we recommend consulting with a legal professional.

8. Cookies and Tracking Technologies

We use the following cookies and similar technologies:

• Essential cookies: Required for authentication, session management, and security. These cannot be disabled.
• Functional cookies: Remember your preferences and settings (e.g., timezone, notification preferences).
• Analytics cookies: Help us understand how users interact with our website and Service to improve functionality and user experience. We use aggregated, anonymized analytics data.

We do not use advertising or tracking cookies. We do not sell data to advertisers.

9. Your Rights and Choices

9.1 All Users

Regardless of where you reside, you have the right to:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete personal information
• Deletion: Request deletion of your personal information (subject to legal retention requirements)
• Data portability: Request an export of your call logs and whitelist data in a machine-readable format (CSV)
• Opt-out of communications: Unsubscribe from daily summary emails and weekly reports through dashboard Settings (security and account alerts cannot be opted out of)

9.2 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to know: You have the right to know what personal information we collect, use, disclose, and sell (we do not sell personal information)
• Right to delete: You may request deletion of personal information we have collected from you
• Right to correct: You may request correction of inaccurate personal information
• Right to opt-out of sale/sharing: We do not sell or share your personal information for cross-context behavioral advertising
• Right to non-discrimination: We will not discriminate against you for exercising your privacy rights
• Right to limit use of sensitive personal information: Phone numbers and call recordings may constitute sensitive personal information under CPRA. We use this information only as necessary to provide the Service

Categories of personal information collected (last 12 months):

• Identifiers (name, email, phone number, IP address)
• Commercial information (subscription history, payment records)
• Internet/electronic network activity (usage data, device information)
• Audio information (call recordings, voicemails)
• Inferences drawn from the above (AI call classifications)

To exercise your CCPA/CPRA rights, contact us at info@scammerguardian.com or call us at the number listed on our website. We will verify your identity before processing your request.

9.3 Virginia, Colorado, Connecticut, Utah, and Other State Residents

Residents of states with comprehensive consumer privacy laws (including the Virginia Consumer Data Protection Act, Colorado Privacy Act, Connecticut Data Privacy Act, and Utah Consumer Privacy Act) have similar rights to access, correct, delete, and port their personal data. You may also opt out of certain data processing activities. To exercise these rights, contact us at info@scammerguardian.com.

9.4 European Economic Area (EEA) and UK Residents (GDPR)

If you are located in the European Economic Area or the United Kingdom, you have rights under the General Data Protection Regulation (GDPR), including:

• Right of access (Article 15)
• Right to rectification (Article 16)
• Right to erasure / right to be forgotten (Article 17)
• Right to restriction of processing (Article 18)
• Right to data portability (Article 20)
• Right to object to processing (Article 21)
• Right not to be subject to automated decision-making (Article 22) — note that our AI call screening constitutes automated decision-making; you may request human review of any AI classification decision through the dashboard

Legal basis for processing: We process your data based on (a) your consent, (b) the necessity to perform our contract with you (providing the Service), (c) our legitimate interests in improving the Service and preventing fraud, and (d) compliance with legal obligations.

To exercise your GDPR rights, contact our designated representative at info@scammerguardian.com. You also have the right to lodge a complaint with your local data protection authority.

10. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18 without parental consent, we will take steps to delete that information. If you believe we have collected information from a child under 18, please contact us at info@scammerguardian.com.

11. International Data Transfers

Your information may be transferred to and processed in the United States, where our servers and third-party service providers are located. If you are accessing the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in a country that may have different data protection laws than your country of residence.

By using the Service, you consent to the transfer of your information to the United States and the processing of your information in accordance with this Privacy Policy.

12. Third-Party Links

The Service may contain links to third-party websites or services that are not operated by us (e.g., Stripe Customer Portal for billing management). We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party websites or services. We encourage you to review the privacy policy of every site you visit.

13. Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature that sends a signal to websites indicating that the user does not wish to be tracked. Because there is no uniform standard for responding to DNT signals, we do not currently respond to DNT signals. However, we do not engage in cross-site tracking or sell your personal information to third parties.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through a prominent notice on the Service at least 30 days before the changes take effect. We encourage you to review this Privacy Policy periodically.

The "Last updated" date at the top of this page indicates when this Privacy Policy was last revised.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: info@scammerguardian.com
• Website: www.scammerguardian.com

For CCPA/CPRA requests, please include "Privacy Rights Request" in the subject line of your email and specify which right you wish to exercise. We will respond to verified requests within 45 days, as required by law.