IsThisAScam
5/5

Privacy Policy

Last updated: April 15, 2026

Zeplik, Inc. ("Zeplik," "we," "us," or "our"), a Delaware C-Corporation, operates the IsThisAScam platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, API, browser extension, and related services. Please read this policy carefully. By accessing or using the Service, you agree to the practices described herein.

Table of Contents

1. Information We Collect

1.1 Account Information

When you create an account, we collect your email address and, if you choose to sign in via a third-party provider, the basic profile information provided by that service (such as your name and profile picture). If you subscribe to a paid plan, your billing information (including payment card details) is collected and processed directly by Stripe; we do not store your full card number on our servers.

1.2 Content You Submit for Analysis

When you use the Service to analyze a URL, email, text message, phone number, or other content (collectively, "Submitted Content"), we process that content to provide our scam-detection analysis. Submitted Content may include URLs, email headers and bodies, sender addresses, phone numbers, and message text.

1.3 Usage Data

We automatically collect certain technical information when you access the Service, including your IP address, browser type and version, operating system, referring URL, pages visited, timestamps, and device identifiers. This information helps us maintain security, diagnose issues, and improve the Service.

1.4 Cookies and Similar Technologies

We use strictly necessary cookies to maintain your session and authentication state. We may also use analytics cookies to understand how the Service is used. You can control cookie preferences through your browser settings. We do not use advertising or tracking cookies.

2. Information We Don't Collect

We want to be transparent about what we do not collect or store:

  • Full payment card numbers. All payment processing is handled by Stripe. We only receive a truncated card identifier and transaction confirmation.
  • Passwords in plaintext. If you create an account with a password, it is cryptographically hashed before storage. We never have access to your plaintext password.
  • Biometric data. We do not collect fingerprints, facial recognition data, or any other biometric identifiers.
  • Location data. We do not collect precise geolocation. IP-based approximate location may be inferred for fraud prevention and compliance purposes only.
  • Contact lists or address books. We never access or upload your contacts.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing the Service: Analyzing Submitted Content for potential scams, fraud, phishing, and malicious activity using our multi-layer detection engine.
  • Account management: Creating and maintaining your account, authenticating your identity, and managing your subscription.
  • Service improvement: Analyzing aggregated, de-identified usage patterns to improve detection accuracy, performance, and user experience.
  • Security and fraud prevention: Detecting and preventing unauthorized access, abuse, and other malicious activity directed at the Service itself.
  • Communications: Sending you transactional emails (such as subscription confirmations and security alerts) and, with your consent, product updates. You may opt out of non-transactional emails at any time.
  • Legal compliance: Fulfilling our legal obligations, responding to lawful requests from public authorities, and enforcing our Terms of Service.

4. Third-Party Services

We share information with the following third-party service providers, each of which has its own privacy policy governing its use of data:

Stripe

Purpose: Payment processing for subscription plans. Stripe receives your payment card details, billing address, and email to process transactions. We never store your full card number. Stripe is PCI DSS Level 1 certified. See Stripe's Privacy Policy.

Anthropic

Purpose:AI-powered scam analysis. When you submit content for analysis, portions of that content may be sent to Anthropic's API to perform advanced natural language analysis. Anthropic processes this data under our data processing agreement and does not use it to train their models. See Anthropic's Privacy Policy.

Google Web Risk

Purpose:URL reputation checking. URLs you submit may be checked against Google's Web Risk database to identify known phishing, malware, and social engineering threats. See Google's Privacy Policy.

VirusTotal

Purpose:Malware and threat intelligence. URLs and file hashes may be submitted to VirusTotal for cross-referencing against multiple security vendor databases. Note that content submitted to VirusTotal may be shared with VirusTotal's security partners. See VirusTotal's Privacy Policy.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share aggregated, de-identified data that cannot reasonably be used to identify you.

5. Data Retention

We retain your information only for as long as necessary to fulfill the purposes described in this policy:

  • Account data: Retained for as long as your account is active, plus 30 days after deletion to allow for account recovery.
  • Submitted Content and analysis results: Retained for up to 90 days for authenticated users to provide scan history. Free-tier scans without an account are retained for 24 hours and then permanently deleted.
  • Usage and log data: Retained for up to 12 months for security and operational purposes, then aggregated or deleted.
  • Billing records: Retained for up to 7 years as required by applicable tax and financial reporting laws.

When data is no longer needed, it is securely deleted or irreversibly anonymized.

6. Your Rights (GDPR & CCPA)

Depending on your jurisdiction, you may have the following rights regarding your personal data:

For All Users

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete personal data.
  • Deletion: Request deletion of your personal data, subject to legal retention requirements.
  • Data portability: Request your data in a structured, machine-readable format.

Additional Rights Under the GDPR (EEA/UK Residents)

  • Restriction of processing: Request that we limit how we use your data in certain circumstances.
  • Objection: Object to our processing of your data based on legitimate interests.
  • Withdraw consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.
  • Lodge a complaint: You have the right to lodge a complaint with your local data protection authority.

Our legal bases for processing under the GDPR include: performance of a contract (providing the Service), legitimate interests (security, fraud prevention, service improvement), and consent (where applicable).

Additional Rights Under the CCPA (California Residents)

  • Right to know: You have the right to know what personal information we collect, use, disclose, and sell (we do not sell personal information).
  • Right to delete: You may request deletion of your personal information.
  • Right to opt out of sale: We do not sell personal information. No opt-out is necessary.
  • Non-discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise any of these rights, please contact us at support@isthisascam.to. We will respond to verified requests within 30 days (or sooner where required by law).

7. Children's Privacy

The Service is not directed to children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children under these ages. If we become aware that we have collected personal information from a child under the applicable age, we will take steps to promptly delete that information. If you believe a child has provided us with personal data, please contact us at support@isthisascam.to.

8. International Data Transfers

Zeplik, Inc. is based in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission where required, and we comply with applicable data transfer frameworks.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated policy on the Service with a revised "Last updated" date. For significant changes, we will provide additional notice, such as an email notification or a prominent banner on the Service. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Zeplik, Inc.

Email: support@isthisascam.to

Registered in the State of Delaware, United States