Privacy Policy

ScamSandbox uses minimal cookies necessary for the operation of the Service:

• • CSRF Token: A security cookie required by our web framework to prevent cross-site request forgery attacks. This is a session cookie and is deleted when you close your browser.
• • Session Cookie: Used to maintain basic session state. This is a session cookie.

We do not use advertising cookies, tracking pixels, or third-party analytics services that track individual users across websites. We do not participate in ad networks or sell any data to advertisers.

When you initiate a scan, we send the submitted URL or domain to the following third-party APIs to gather threat intelligence data. Each of these services has its own privacy policy:

• • VirusTotal (Google) — URL and domain reputation scanning
• • Google Safe Browsing — Malware and phishing database lookups
• • AbuseIPDB — IP address reputation checks
• • URLScan.io — Live website analysis and screenshot capture
• • Trustpilot — Business review and trust score data
• • Shodan — Internet-facing service detection

We only send the URL or domain you submitted for scanning to these services. We do not send your personal information (IP address, email, etc.) to any third-party API.

• • Scan Results: Stored indefinitely to build our threat intelligence database and provide historical safety data. Scan results are associated with domains, not individual users.
• • Community Reports: Stored indefinitely unless a valid removal request is approved.
• • IP Addresses: Retained in server logs for up to 90 days, then automatically purged.
• • Contact Form Data: Retained for as long as necessary to resolve your inquiry, then deleted within 12 months.
• • Removal Requests: Retained for record-keeping purposes for 24 months after resolution.

If you are a resident of the European Economic Area (EEA), United Kingdom, or another jurisdiction with applicable data protection laws, you have the following rights:

• • Right of Access: You may request a copy of the personal data we hold about you.
• • Right to Rectification: You may request correction of inaccurate personal data.
• • Right to Erasure: You may request deletion of your personal data, subject to legal obligations and legitimate interests.
• • Right to Restrict Processing: You may request that we limit how we use your data.
• • Right to Data Portability: You may request your data in a structured, machine-readable format.
• • Right to Object: You may object to the processing of your personal data for certain purposes.

To exercise any of these rights, please contact us at contact@scamsandbox.com. We will respond to your request within 30 days as required by applicable law.

We implement appropriate technical and organizational measures to protect your data, including:

• • TLS/SSL encryption for all data in transit
• • Encrypted database storage
• • Regular security audits and updates
• • Access controls limiting who can view personal data
• • Automated threat monitoring on our own infrastructure

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.