Privacy notice
Last updated: 2026-07-11 · DRAFT — pending owner and legal review. Magyar változat: Adatvédelmi tájékoztató. Plain-language GDPR notice. Consumer-protection service; not investment advice.
1. Controller
Data controller: Sánta Gábor, a private individual, based in the Netherlands. As the controller is a natural person, no company registration number applies, and no DPO is designated. Privacy contact: help@proofofscam.com.
You also have the right to lodge a complaint with your supervisory authority — in the Netherlands, the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).
2. What we collect & why (purpose, legal basis)
- Your query (token / company / link you check) — to produce the scan. Basis: contract (providing the service you asked for). Queries about third parties are risk-research data, not marketing data.
- Your email — to deliver the scan, run your account (registration, double opt-in confirmation, receipts). Basis: contract; for the optional product-news emails: consent (separate checkbox, withdrawable any time).
- Registration metadata — acceptance of terms (what, when), confirmation status. Basis: legal obligation / legitimate interest (proof of consent).
- Payment metadata — plan, amount, payment status and the payment reference from Stripe. Your card data goes directly to Stripe; we never see or store card numbers. Basis: contract + legal obligation (accounting).
- Technical logs (IP-based rate-limiting, security logs) — to run and protect the service. Basis: legitimate interest.
We do not sell your data and do not share it with advertisers. No profiling, no automated decisions with legal effect.
3. Processors & recipients
- Stripe (payments — independent controller/processor for card data)
- Resend (transactional email delivery) and Google (Google Workspace / Gmail) (mailbox for support/privacy contact)
- Cloudflare (hosting/CDN, edge API, DNS)
We share data with authorities only when legally required.
4. International transfers
Our processors (Stripe, Cloudflare, the email provider) may process data outside the EEA (typically in the US) under the EU Standard Contractual Clauses and/or the EU–US Data Privacy Framework, per their DPAs.
5. Retention
- Free scan requests: kept while needed to deliver + improve the library, then deleted or anonymised.
- Account data: while your account exists; deleted on account deletion (except what we must keep by law).
- Payment records: as long as accounting law requires [OWNER-INPUT: statutory retention — e.g. 7 years under NL law].
- Beta test data may be reset — see the Beta terms.
6. Cookies & analytics
No advertising cookies and no third-party analytics. We use only functional local storage (your language, your email if you tick "remember me") — stored in your browser, not sent to us until you submit a form. If we ever add analytics, we'll update this notice and ask for consent where required.
7. Your rights (GDPR)
- Access, rectify, delete, or receive a portable copy of your data; restrict or object to processing based on legitimate interest.
- Withdraw consent (e.g. unsubscribe) any time — it doesn't affect prior lawful processing.
- Complain to your supervisory authority (in Hungary: NAIH — naih.hu; or the authority of your residence).
Requests: privacy@proofofscam.com — we answer within 30 days.
Consumer-protection information — NOT investment advice. We publish sourced, evidence-driven risk information; a “red flag” is not proven fraud.
© 2026 Proof of Scam · Home · Terms · Beta terms