IsThisSpam Logo
IsThisSpam.org

Privacy Policy

Effective Date: 19 January 2026

Last updated: 13/03/2026

1. Overview

IsThisSpam helps users assess suspicious emails, messages, links, and websites. We aim to minimise data collection, be transparent about what is processed, and give users meaningful control over how scans are handled.

This policy explains what data is processed, how it is used, and how different features affect data handling.

2. What data IsThisSpam processes

IsThisSpam processes content submitted for analysis, either manually or through optional automated features.

Depending on your settings and usage, this may include:

  • a) Personal communications: Email content or message text submitted for scam or phishing analysis.
  • b) Website content: Website URLs or domain names submitted or checked for reputation and risk indicators.

IsThisSpam does not collect passwords, authentication credentials, financial account details, or health information.

3. Manual checks vs automated protection

Manual checks

When you explicitly click to check content (for example, pasting an email or clicking “Check this site”):

  • The submitted content is processed to generate a verdict and explanation.
  • Processing occurs only in response to your action.

Automated protection (optional)

If you enable automated protection features in the extension settings:

  • URLs of websites you visit may be automatically checked against our threat detection services.
  • This occurs only when the feature is enabled by the user and can be disabled at any time.

IsThisSpam does not perform background scanning unless these features are explicitly enabled.

4. Free use & public scans (no login)

When you use IsThisSpam without signing in:

Scan content retention

  • Content submitted via public or unauthenticated checks (including text and URLs) may be stored to improve scam detection accuracy, identify emerging threats, and prevent abuse.
  • Stored content undergoes automated PII scrubbing to redact sensitive information such as email addresses, phone numbers, and credit card numbers before storage.

⚠️ Please do not submit sensitive personal information (such as passwords, financial details, or government identifiers) to the public checker. While we use automated scrubbing, avoiding submission of sensitive data is the safest practice.

Abuse prevention

We generate anonymised identifiers, such as cryptographic hashes of IP addresses, solely for:

  • Rate limiting
  • Abuse detection
  • Preventing automated misuse

These identifiers are not used for tracking or advertising. Public scan data is not linked to named accounts and is never sold or used for marketing purposes.

5. Optional sign-up & private scanning

Creating an account is optional. Users who sign in can enable private scanning, which changes how data is handled:

Private Scan Privacy

For logged-in users and authenticated license holders:

  • All scans are ephemeral: Both text and website/domain checks are processed in real-time and then immediately discarded.
  • No Caching: Results for private scans are not saved to the global cache or public logs.
  • No Training: Your private submissions are never used to train our detection models or added to public datasets.

Account data

We store:

  • Email address
  • Subscription or feature access status

Account data is not used for profiling, advertising, or resale.

6. How data is used

We process data strictly to operate and improve IsThisSpam:

  • Scam & spam detection: To generate risk assessments and explanations.
  • Detection improvement: Public scan submissions (anonymized and scrubbed) may be analyzed to improve accuracy and identify new scam patterns. Private scans are never used for this purpose.
  • Community safety signals: Anonymous indicators (e.g. “this message has been reported multiple times”) may be shown without exposing personal content.

7. Data retention

  • Public scans: Retained with PII redaction to improve detection, research scams, and prevent abuse.
  • Private scans: NOT retained. All content is processed in memory and discarded immediately after the result is returned.
  • Cached results: Only public, unauthenticated scans contribute to the global cache.

You may request deletion of account-related data at any time.

8. What IsThisSpam does NOT do

IsThisSpam does not:

  • Sell personal data
  • Use scan data for advertising
  • Track unrelated browsing history
  • Monitor keystrokes, clicks, or user behaviour
  • Collect passwords or authentication secrets

9. Security

We apply industry-standard safeguards, including:

  • Encryption in transit and at rest
  • Restricted access to stored data
  • Abuse-prevention mechanisms designed to minimise personal identification

10. Changes to this policy

We may update this policy as features evolve or legal requirements change. The latest version will always be available on this page.

11. Contact

For privacy questions or data requests: privacy@isthisspam.org

Back to Home