Privacy Policy

Scamlytics mobile app - Last updated: May 19, 2026

Privacy-first summary: Scamlytics is anonymous-first. We do not require an account, login, profile, contacts upload, or social identity to use core scam detection features. Scamlytics is also designed to be local-first, but some optional or protection-related features may use remote checks, uploaded reports, community content, diagnostics, and trusted service providers to deliver scam detection and abuse prevention.

Privacy Policy

1. Who This Policy Covers

This Privacy Policy explains how Scamlytics handles information when you use the Scamlytics mobile app and related backend services. It is intended to describe our app behavior clearly for users and app store review.

2. Local And On-Device Processing

Scamlytics is built around local-first scam detection. Rule-based analysis, AI/ML classifier checks, semantic scam rules, blacklist checks, OCR image scanning, notification analysis, and live speech-to-text scam detection are designed to run on your device whenever possible.

Scamlytics is designed to process scam checks locally first whenever possible. Full message bodies, notification contents, OCR text, audio, and transcripts are not uploaded by default for general analytics. Some features may send limited extracted indicators, such as URLs, phone numbers, domains, hashes, risk signals, or user-submitted evidence, when you request remote checks, submit reports, use community features, or enable optional server-assisted protection features.

3. URL And Phone Checks

When you check a suspicious link or phone number, the app may send the link, domain, phone number, normalized value, hash, or related metadata to Scamlytics servers or trusted service providers to return reputation or abuse information. We use this data to provide the requested safety result, prevent abuse, and improve scam protection and abuse detection.

4. Permissions We May Request

Depending on the features you use, Scamlytics may request permissions such as notifications, microphone, photos/media, or camera access. These permissions are used only for the feature you enable, such as live scam alerts, speech-based scam detection, OCR scanning, or screenshot report uploads. Permission-based features can be disabled from Android settings.

  • Notification access: Used to detect scam or phishing patterns in notifications from selected apps. Notification content is analyzed locally by default and is not uploaded unless you choose to include it in a report.
  • Microphone access: Used for live speech-to-text scam detection. Audio is processed on-device when possible. We do not record, store, or upload raw microphone audio by default.
  • Photo/media and camera access: Used when you select or capture screenshots and images for OCR scam analysis, or when you choose to upload screenshots with a community report.

5. Information We Do Not Collect By Default

  • We do not create mobile user accounts or public user profiles.
  • We do not collect account passwords or social login details.
  • We do not collect your contact list.
  • We do not upload raw notifications or raw messages to the server by default.
  • We do not upload raw microphone audio by default.
  • We do not upload screenshots or photos unless you choose to submit them, such as in a community report.
  • We do not sell personal or sensitive user data.

6. Information The Server May Receive

Depending on the feature you use, our backend may receive:

  • Anonymous installation data: a random installation ID generated by the app, app version, Android SDK version, device manufacturer and model, locale, timezone, and similar technical details.
  • Anonymous analytics: feature event keys, timestamps, app health metadata, model/rule versions, and aggregated usage signals used to improve reliability and protection quality.
  • Model and data sync requests: requests for updated AI models, semantic rules, blacklist data, scam detection templates, manifests, versions, cache headers, and download status.
  • Optional community reports: reports, descriptions, target hints, screenshots, images, and evidence you choose to upload.
  • Anti-abuse signals: limited technical signals such as hashed IP or device signals, request IDs, rate-limit records, and moderation outcomes when needed to protect the service.

7. Community Reports And Screenshot Uploads

Community reports are optional. Community posts, report descriptions, screenshots, images, tags, votes, and other content you choose to submit may be reviewed, moderated, stored, and displayed to other users as part of the community safety feed. Do not submit private, financial, medical, identity, or highly sensitive information unless necessary for the report.

8. Local Storage On Your Device

The app may store scan history, alert logs, cached protection data, user preferences, and recent safety results on your device. You can remove local app data by using available in-app controls or your device's app storage settings.

9. Analytics

Scamlytics may use anonymous analytics to understand whether features work, which detection versions are active, how often protection updates are used, and where reliability problems occur. Analytics should be limited to product health and protection improvement. We do not use analytics to create person-level behavior profiles.

10. Third-Party Services

Scamlytics may use trusted service providers for hosting, security, crash diagnostics, reputation lookup, speech recognition, OCR, analytics, app distribution, or content moderation. These providers may process limited data needed to operate those features. We do not sell personal data.

11. Data Retention And Deletion

We keep uploaded reports, community content, abuse-prevention records, and aggregated protection data for as long as needed to provide protection, moderate abuse, comply with legal obligations, and improve scam detection. Temporary anti-abuse data such as nonce checks and rate-limit counters may expire quickly. You may contact us to request deletion or review of content you submitted.

12. Security Practices

For production services, we use reasonable technical safeguards such as secure transport, access controls, data minimization, aggregation, and retention limits where appropriate. No system can be guaranteed completely secure.

13. User Choices And Rights

  • You can use core local detection without creating an account.
  • You can choose whether to enable notification, microphone, photo/media, or camera-based features.
  • You can turn off app permissions in Android settings.
  • You can choose whether to submit reports, screenshots, or community content.
  • You can avoid including personal information in optional report descriptions or screenshots.
  • You may request deletion of content you uploaded or ask privacy questions through the contact method listed below.
  • You can uninstall the app to stop future collection from that installation.

14. Children's Privacy

Scamlytics is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has submitted personal information, please contact us.

15. Changes To This Policy

We may update this Privacy Policy as Scamlytics changes. When we make material changes, we will update the date at the top of this page and, when appropriate, notify users through the app or app store listing.

In-App Permission Disclosure Texts

These short disclosures are intended to be shown in the app before requesting the related Android permission or sensitive access.

Notification Access

Scamlytics uses notification access to scan notification text from selected apps for scam, phishing, and suspicious content warnings. Notification analysis runs locally on your device by default. Raw notification content is not uploaded to our server unless you choose to include it in a report. You can disable notification access at any time in Android settings.

Microphone

Scamlytics uses microphone access for live speech-to-text scam detection. Audio is processed on-device when possible so the app can warn you about suspicious speech patterns. Scamlytics does not record, store, or upload raw microphone audio by default. You can stop this feature or revoke microphone access at any time.

OCR And Photos

Scamlytics uses photo/media or camera access when you choose an image or screenshot for OCR scam scanning, or when you choose to attach screenshots to a community report. OCR scanning is processed on-device when possible. Images are not uploaded unless you submit them as part of a report, where they may be reviewed for moderation and abuse prevention.

Contact Information

Contact: thisisbaomail@gmail.com