← Back to Legal

Privacy Policy

Effective Date: November 26, 2025

Table of Contents

1. Introduction

Welcome to Is This A Scam? ("Service"), operated by FortifiedWall LLC ("Company", "we", "us", or "our"). We are committed to protecting your privacy and ensuring the security of your personal information.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our scam detection service at https://isthisascam.email and related services, including when you send suspicious content via email for analysis, access our dashboard at https://portal.isthisascam.email, or interact with our service in any way. The Service is currently offered only to users located in the United States, and payments are limited to US-issued payment methods and US billing addresses through our payment processor.

By using Is This A Scam?, you consent to the data practices described in this Privacy Policy. If you do not agree with these practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address used to register and communicate with our Service.
  • Payment Information: When you subscribe, payment processing is handled by our payment processor. We do not store your full credit card numbers. We receive and store subscription status, payment history, and billing-related identifiers from our payment processor.
  • Submitted Content: Suspicious content you send via email to our service for scam analysis, including but not limited to forwarded emails, text message screenshots, photos, images, QR codes, documents, PDFs, voicemail transcripts or screenshots, and similar attachments (audio files are not supported). Email serves as the transport for this content.
  • Group Management Data: If you invite members to your subscription group, we collect their email addresses.

2.2 Information Collected Automatically

  • Usage Data: Information about how you use our Service, including analysis requests and dashboard interactions.
  • Device Information: Browser type, operating system, and device identifiers when accessing our dashboard.
  • Log Data: IP addresses, access times, and pages viewed for security and service improvement purposes.
  • Infrastructure Analytics: Our infrastructure and cloud service providers may collect standard analytics data (such as page views, usage patterns, and performance metrics) to help us maintain and improve the Service.

2.3 Content Analysis Data

When you send suspicious content via email for analysis, we process:

  • Email headers (sender information, routing data, authentication results) when forwarding emails
  • Email body content (text, HTML) when forwarding emails
  • Attachments including images, screenshots, documents, PDFs, and other media for scam indicator analysis
  • URLs and links contained within the submitted content
  • QR codes embedded in images or attachments
  • Text message screenshots and photos of suspicious communications
  • Voicemail transcripts or screenshots (audio files are not supported)
  • Any other content or attachments you choose to submit for analysis

2.4 Third-Party Information in Submitted Content

When you forward suspicious emails or submit other content for analysis, that content may contain personal information about third parties (such as the original sender's name, email address, or other details). We collect this information solely for the purpose of providing scam analysis. This third-party information is:

  • Used only to deliver analysis to you and improve the Service
  • Not used to contact or market to the original senders
  • Not sold or shared for third-party marketing purposes
  • Retained under the same schedule as submitted content: raw content is typically deleted within 30 days after analysis completion; any third-party information contained in analysis reports may persist for the duration of your subscription (see Data Retention)

2.5 Cookies and Analytics

We use limited cookies and similar technologies to operate the Service and maintain security. We do not use cross-context behavioral advertising.

  • Our cookies (essential): Session and authentication cookies for the dashboard; a clearance cookie after you complete our bot-detection security check on the marketing site or portal, to avoid repeated challenges. These are necessary for the Service to function.
  • Third-party cookies when you leave our site: When you complete payment or manage billing, you may be directed to our payment processor’s website. Our payment processor may set cookies on its own domains; see their privacy and cookie policies for details.
  • Bot detection: Our marketing site and dashboard (portal) use a bot-detection service to prevent abuse. The bot-detection provider may use cookies or local storage in connection with that service on our domain.
  • Infrastructure: Our hosting and content delivery provider may collect standard technical and performance data in the course of serving requests; we do not set additional analytics cookies on our site.

You can control cookies through your browser settings; blocking essential cookies may limit functionality. We do not currently respond to Do Not Track (DNT) signals. For full details, see our Cookie Policy.

3. How We Use Your Information

We use the information we collect to:

  • Provide Scam Analysis: Analyze suspicious content you send via email - including forwarded emails, screenshots, images, QR codes, documents, and other attachments - using automated AI-powered analysis (large language models from third-party providers) to identify scam indicators and provide you with detailed reports. This analysis is automated; see Section 4.1 for how we share data with AI model providers.
  • Manage Your Account: Create and maintain your account, process subscriptions, and enable group membership features.
  • Send Communications: Deliver analysis reports, subscription notifications, and service-related updates.
  • Improve Our Service: Enhance our scam detection algorithms, improve accuracy, and develop new features. This includes analyzing aggregated, anonymized patterns from submitted content to improve scam detection accuracy. Any third-party sender information contained in submitted content is used only for this purpose.
  • Ensure Security: Detect and prevent fraud, abuse, and security threats to our Service.
  • Comply with Legal Obligations: Meet legal requirements and respond to lawful requests from authorities.

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We use the following types of service providers. Where they process personal data on our behalf, we have agreements in place that require them to protect your information and use it only for the purposes we specify:

  • Payment processor (currently Stripe) - Payment processing and subscription management. When you subscribe or manage billing, you may be directed to our payment processor’s website; their privacy and cookie policies apply on their sites. We may change payment processors at any time.
  • Email delivery provider (currently Resend) - Sending transactional and notification emails (e.g. analysis reports, magic links, subscription notices). Our email delivery provider processes email delivery only; it does not set cookies on our website. We may change email delivery providers at any time.
  • Infrastructure and bot detection provider (currently Cloudflare) - Hosting, security, content delivery, and bot detection. Our infrastructure provider may set or use cookies in connection with bot detection on our marketing site and portal; see Section 2.5 (Cookies and Analytics). We may change infrastructure and bot-detection providers at any time.
  • AI model providers - Submitted content (emails, attachments, and related text/images) is sent for scam analysis to third-party large language model (LLM) providers (which may be routed through AI gateway services). As of the date of this policy, these providers include Anthropic, Google, and OpenAI; however, we may add, remove, or change AI providers and models at any time without prior notice. Content is processed only to generate your assessment report; we do not allow these providers to use your content for their own model training or to retain it for their own purposes. Each provider’s data processing is governed by our agreements and their published policies.
  • Other providers - Database storage and authentication services.

Some of these providers are located outside your country (including the United States). Where required by law, we use appropriate safeguards (such as standard contractual clauses) for international transfers.

4.2 Legal Requirements

We may disclose your information if required by law, court order, or government request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

5. Data Retention

  • Submitted Content and Analysis Data: Suspicious content you send (including forwarded emails, screenshots, images, documents, and other attachments) and analysis results are retained for the duration of your active subscription to allow you to reference past analyses. Raw submitted content is typically deleted within 30 days after analysis completion, while analysis summaries and reports (which may include third-party information contained in your submissions) are retained for the duration of your subscription.
  • Account Information: Retained while your account is active and for 2 years after account closure for legal and business purposes, unless you request earlier deletion.
  • Payment Records: Retained for 7 years as required for tax, accounting, and legal compliance purposes.

5.1 Data Retention After Cancellation

Upon subscription cancellation:

  • Your analysis history and reports remain accessible for 30 days after cancellation to allow you to export or review your data.
  • After 30 days, analysis data is scheduled for deletion unless you request an extension.
  • Account information is retained for 2 years for legal and business purposes.
  • You may request immediate deletion of your data at any time by contacting us.

You may request deletion or export of your data by contacting us at [email protected].

6. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption in transit (TLS/SSL) and at rest
  • Secure API authentication and access controls
  • Regular security audits and vulnerability assessments
  • Employee access controls and security training
  • Secure cloud infrastructure with our service providers

While we strive to protect your information, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

6.1 Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you as required by applicable law. We will provide notification via email to the address associated with your account and/or through prominent notice on our Service.

7. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate personal information.
  • Deletion: Request deletion of your personal information, subject to legal retention requirements.
  • Data Portability: Request your data in a structured, commonly used format.
  • Opt-Out: Unsubscribe from marketing communications (service-related communications may still be sent).
  • Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

To exercise these rights, contact us at [email protected]. We will respond to your request within 45 days, or within one month where required by applicable law (e.g. GDPR). In some cases, we may need to verify your identity before processing your request. You also have the right to lodge a complaint with a data protection supervisory authority in your jurisdiction if you believe our processing of your data violates applicable law.

8. Professional Security and Technology Consultation Data

If you use our Professional Consultation services with certified cybersecurity and technology professionals, additional data practices apply:

8.1 Information Collected During Consultations

  • Session Booking Data: Name, email, preferred time slots, and reason for consultation.
  • Session Content: Information you voluntarily share during the consultation session about your situation, including details about potential scams, communications you've received, security concerns, and actions you've taken.
  • Session Notes: Consultants may take notes during sessions to provide better security and technology guidance. These notes are treated as confidential.
  • Technical Data: Video conferencing metadata (connection quality, duration) but NOT recordings unless explicitly agreed to in writing by both parties.

8.2 How Consultation Data Is Used

  • To provide personalized security and technology guidance during your consultation session.
  • To follow up on your case if you book additional sessions.
  • To improve our consultation services (using anonymized, aggregated data only).
  • To comply with legal obligations.

8.3 Consultation Data Retention

  • Session Notes: Retained for 90 days after your last consultation session, then deleted unless you request extended retention.
  • Booking Records: Retained for the duration of your subscription plus 2 years for business and legal purposes.
  • No Recordings: Sessions are not recorded. Any exception requires written consent from both parties and would be governed by separate terms.

8.4 Consultation Confidentiality

Information shared during security and technology consultation sessions is treated as confidential. However, we may be required to disclose information:

  • If required by law, court order, or government request.
  • To prevent imminent harm to you or others.
  • If you disclose intent to commit a crime.
  • In cases involving child exploitation or abuse.

Consultation sessions do not create attorney-client privilege, doctor-patient privilege, or any similar legally protected relationship. Our consultants are security and technology professionals, not legal or healthcare professionals.

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).

9.1 Categories of Personal Information We Collect

In the past 12 months, we have collected the following categories of personal information:

  • Identifiers: Email address, IP address, account name
  • Commercial Information: Subscription history, payment records
  • Internet Activity: Browsing history on our Service, interactions with our dashboard
  • Inferences: Analysis results and scam detection assessments based on content you submit

9.2 How We Use Personal Information

We use personal information for the purposes described in Section 3 of this Privacy Policy, including providing our scam detection service, managing accounts, improving our Service, and complying with legal obligations.

9.3 Sale and Sharing of Personal Information

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising purposes. We only share personal information with service providers as described in Section 4 of this Privacy Policy.

9.4 Your California Privacy Rights

As a California resident, you have the right to:

  • Know: Request information about the categories and specific pieces of personal information we have collected about you, the sources of that information, our purposes for collecting it, and the categories of third parties with whom we share it.
  • Delete: Request deletion of your personal information, subject to certain exceptions.
  • Correct: Request correction of inaccurate personal information.
  • Opt-Out of Sale/Sharing: While we do not sell or share personal information for advertising, you may still exercise this right.
  • Non-Discrimination: We will not discriminate against you for exercising any of your California privacy rights.

9.5 How to Exercise Your Rights

To exercise your California privacy rights, you may:

  • Email us at [email protected] with "California Privacy Request" in the subject line
  • Include your account email address and specify which right(s) you wish to exercise

We will verify your identity before processing your request and respond within 45 days. You may designate an authorized agent to make a request on your behalf.

9.6 Retention

We retain personal information as described in Section 5 of this Privacy Policy. We do not retain personal information longer than necessary for the purposes for which it was collected.

10. Third-Party Services

We use third-party service providers as described in Section 4.1. When you interact with their sites (for example, our payment processor’s checkout or billing portal), their privacy and cookie policies apply. We are not responsible for the privacy practices of third parties. We encourage you to review their policies where applicable.

11. Children's Privacy

Is This A Scam? is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately so we can delete it.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States, where many of our service providers operate. Where required by law, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by relevant authorities and, where applicable, the EU-US Data Privacy Framework or equivalent mechanisms. We take steps to ensure your data is protected in accordance with this Privacy Policy regardless of where it is processed.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Effective Date." Your continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact Us and Data Controller

For the purposes of applicable data protection laws, FortifiedWall LLC is the data controller responsible for your personal data.

If you have questions about this Privacy Policy or our data practices, or to exercise your privacy rights, please contact us:

  • Email: [email protected]
  • Company: FortifiedWall LLC
  • Address: 2305 Red Oak Drive, Little Elm, TX 75068

If your jurisdiction gives you the right to lodge a complaint with a data protection supervisory authority, you may do so.