TrustScan ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Chrome Extension and website.
By using the TrustScan extension, you consent to the data practices described in this policy.
1. Data Collection and Usage
TrustScan is designed to analyze email content for authenticity. To provide this service, we process specific types of data:
A. User Content (Gmail Data)
When you open an email in Gmail or manually click "Analyze", our extension temporarily extracts:
- The email body text.
- The sender's email address and name.
- Image URLs or embedded image data (only when you hover to scan).
Ephemeral Processing: This content is transmitted securely to our backend for analysis by Artificial Intelligence (OpenAI). We do not store the content of your emails or images permanently. Once the analysis (score/verdict) is generated and returned to your browser, the raw content is discarded from memory.
B. Account Information
To manage your subscription and usage quotas, we collect:
- Your email address (via Google Sign-In).
- Your name and profile picture (as provided by Google).
- Usage metadata (e.g., number of scans performed).
2. Chrome Extension Permissions
Our extension requires specific permissions to function:
- activeTab / host_permissions (mail.google.com): Required to read the email text currently displayed on your screen so it can be analyzed. We do not read emails in the background or access emails you are not actively viewing.
- identity: Used to securely authenticate you using your Google Account.
- storage: Used to save your preferences (e.g., enabling/disabling the extension).
- scripting: Required to inject the trust score badge directly into the Gmail interface so results are displayed next to the email subject line. This permission is only used on mail.google.com and does not interact with any other websites.
3. Third-Party Service Providers
We share data with trusted third-party service providers solely for the purpose of operating our service:
- OpenAI (API): We send anonymized text and image data to OpenAI for analysis. OpenAI does not use data submitted via their API to train their models (per the settings we use).
- Google Firebase: Used for secure hosting, authentication, and database management.
4. Google User Data Policy (Limited Use)
TrustScan's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. TrustScan also complies with the Chrome Web Store User Data Policy.
We do not use Google user data for any of the following purposes:
- Serving advertisements.
- Selling to third parties.
- Determining creditworthiness or for lending purposes.
- Any purpose not disclosed in this Privacy Policy.
5. Data Retention
Email content (body text, sender address, images) is processed ephemerally and never stored permanently. It is discarded immediately after the analysis result is returned to your browser.
Account information (email address, name, scan usage count) is retained for as long as your account is active. You may request deletion of your account and all associated data at any time by contacting us at support@trustscan.email. We will process deletion requests within 30 days.
6. International Data Transfers
TrustScan operates globally. Your data may be processed by our third-party service providers (OpenAI, Google Firebase) in the United States or other countries outside your jurisdiction, including outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place in accordance with applicable data protection laws, including Standard Contractual Clauses where required.
7. Children's Privacy
TrustScan is not directed at or intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately at support@trustscan.email and we will delete it promptly.
8. Data Security
We implement industry-standard security measures, including encryption in transit (HTTPS/TLS) and encryption at rest for database records. However, no method of transmission over the Internet is 100% secure.
9. GDPR and Your Rights
If you are a resident of the European Economic Area (EEA), you have the following rights:
- Right to Access: You can request copies of your personal data.
- Right to Rectification: You can request that we correct any information you believe is inaccurate.
- Right to Erasure: You can request that we erase your personal data ("Right to be forgotten").
- Right to Restriction: You can object to the processing of your personal data.
To exercise these rights, please contact us at the email below.
10. Changes to This Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.
11. Contact Us
If you have any questions about this Privacy Policy, please contact us:
Email: support@trustscan.email