Privacy Policy - TrustScan, AI Email Detector & Phishing Scanner for Gmail

TrustScan ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Chrome Extension and website.

By using the TrustScan extension, you consent to the data practices described in this policy.

1. Data Collection and Usage

TrustScan is designed to analyze email content for authenticity. To provide this service, we process specific types of data:

A. User Content (Gmail Data)

When you open an email in Gmail or manually click "Analyze", our extension temporarily extracts:

The email body text.
The sender's email address and name.
Image URLs or embedded image data (only when you hover to scan).

Ephemeral Processing: This content is transmitted securely to our backend for analysis by Artificial Intelligence (OpenAI). We do not store the content of your emails or images permanently. Once the analysis (score/verdict) is generated and returned to your browser, the raw content is discarded from memory.

B. Account Information

To manage your subscription and usage quotas, we collect:

Your email address (via Google Sign-In).
Your name and profile picture (as provided by Google).
Usage metadata (e.g., number of scans performed).

2. Chrome Extension Permissions

Our extension requires specific permissions to function:

activeTab / host_permissions (mail.google.com): Required to read the email text currently displayed on your screen so it can be analyzed. We do not read emails in the background or access emails you are not actively viewing.
identity: Used to securely authenticate you using your Google Account.
storage: Used to save your preferences (e.g., enabling/disabling the extension).

3. Third-Party Service Providers

We share data with trusted third-party service providers solely for the purpose of operating our service:

OpenAI (API): We send anonymized text and image data to OpenAI for analysis. OpenAI does not use data submitted via their API to train their models (per their enterprise policy).
Google Firebase: Used for secure hosting, authentication, and database management.
Stripe: Used for payment processing. We do not store your credit card information; it is handled directly by Stripe.

4. Google User Data Policy (Limited Use)

TrustScan's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

We do not use Google user data for serving advertisements, nor do we sell this data to third parties.

5. Data Security

We implement industry-standard security measures, including encryption in transit (HTTPS/TLS) and encryption at rest for database records. However, no method of transmission over the Internet is 100% secure.

6. GDPR and Your Rights

If you are a resident of the European Economic Area (EEA), you have the following rights:

Right to Access: You can request copies of your personal data.
Right to Rectification: You can request that we correct any information you believe is inaccurate.
Right to Erasure: You can request that we erase your personal data ("Right to be forgotten").
Right to Restriction: You can object to the processing of your personal data.

To exercise these rights, please contact us at the email below.

7. Changes to This Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

8. Contact Us

If you have any questions about this Privacy Policy, please contact us:

Email: support@trustscan.email