Privacy Policy

1. Introduction

ScamShield ("we", "us", "our") is operated by Werner Rall. This Privacy Policy explains how we collect, use, store, and protect your personal information in compliance with the Protection of Personal Information Act, 2013 (POPIA) and the Electronic Communications and Transactions Act, 2002 (ECT Act) of the Republic of South Africa.

By using ScamShield, you consent to the practices described in this policy.

2. Information We Collect

We collect only the minimum information required to perform fraud risk checks:

• Check inputs: URLs, phone numbers, email addresses, or bank details you voluntarily submit for risk scanning
• Scam reports: Information you choose to submit when reporting a suspected scam
• Technical data: IP address, browser type, and device information collected automatically for security and rate-limiting purposes

We do not collect identity numbers, passwords, PINs, or login credentials for any third-party service.

3. How We Use Your Information

• To perform fraud risk assessments and return results to you
• To aggregate anonymised scam intelligence for community protection
• To prevent abuse of the platform (rate limiting, bot detection)
• To improve our risk scoring models using anonymised, aggregated data

We will never sell your personal information to third parties, use it for marketing without your consent, or share individually identifiable data without a lawful basis.

4. Third-Party Data Sources

To generate risk scores, we query external services on your behalf. Your check input (e.g. a URL or email address) may be transmitted to:

• RDAP/WHOIS registries (domain age verification)
• DNS resolvers (mail server and domain verification)
• Google Safe Browsing API (phishing and malware detection)

These services have their own privacy policies. We transmit only the specific data point being checked — no additional personal information is shared.

5. Data Retention

• Check results: Retained for up to 90 days, then automatically deleted
• Scam reports: Retained for the purpose of community protection until manually withdrawn or moderated
• Technical logs: Retained for up to 30 days for security purposes

6. Data Security

We implement industry-standard security measures to protect your data:

• Encryption in transit (TLS 1.2+)
• Encryption at rest for stored data
• Rate limiting and abuse prevention
• Input validation and sanitisation on all submissions
• No personal information in application logs

7. Your Rights Under POPIA

As a data subject under POPIA, you have the right to:

• Request access to the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your personal information
• Object to the processing of your personal information
• Withdraw consent previously given
• Lodge a complaint with the Information Regulator of South Africa

To exercise any of these rights, contact us at scamshieldhelpza@outlook.com. We will respond within 30 days.

8. Cookies

ScamShield uses only essential cookies required for the site to function (e.g. session management). We do not use advertising or tracking cookies. No third-party analytics or tracking scripts are loaded.

9. Children

ScamShield is not directed at children under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has submitted data to us, please contact us immediately for deletion.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via a notice on the website. Continued use of ScamShield after changes constitutes acceptance of the updated policy.

11. Information Officer

Name: Werner Rall

Email: scamshieldhelpza@outlook.com

Information Regulator of South Africa: inforegulator.org.za