Privacy Policy

Last updated:

TL;DR

  • We scan your emails to catch scams
  • We can't send, delete, or modify anything
  • We don't store your emails
  • We never sell your data
  • You can revoke access anytime

Antigrift ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our scam protection service.

What We Collect

  • Account information: Email address and name (for account setup)
  • Gmail access: Read-only access to your inbox to scan for scams
  • Content you submit: Screenshots, voicemails, links, and phone numbers you send us for analysis
  • Family contacts: Email addresses of family members (if you use the Family plan)

How We Use Your Data

  • Scan your emails for scam patterns and social engineering attempts
  • Analyze content you submit for on-demand scam checks
  • Send you alerts when threats are detected
  • Deliver weekly scam digest briefings

We do NOT sell your data. Ever.

Who Can Access Your Data

  • You — you always have full access to your data
  • Our scam detection system — AI-powered analysis processes your data to identify threats

We do not share your data with third parties except as necessary to provide the service.

Gmail Access

  • We request read-only access to scan your emails for threats
  • We cannot send emails as you
  • We cannot delete your emails
  • You can revoke access at any time at myaccount.google.com/permissions

OAuth Scopes We Request

When you connect your Gmail account, we request the following permissions (OAuth scopes):

  • gmail.readonly — Read-only access to your email messages and settings. This lets us scan your inbox for scam patterns. We cannot send, delete, or modify any emails.

We request the minimum permissions needed to provide our service. No additional scopes are requested or used.

Google API Services Disclosure

Antigrift's use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Data Protection & Security

We take the security of your data seriously and implement the following measures to protect sensitive information:

  • Encryption in transit: All data transmitted between your devices and our servers is encrypted using TLS (HTTPS)
  • Encryption at rest: Stored data, including scan results and account information, is encrypted at rest using industry-standard AES-256 encryption
  • No email storage: Email content is processed in memory for scam analysis and is never written to persistent storage. Only scan verdicts and metadata are retained
  • Access controls: Access to customer data is restricted to authorized systems only. Our AI scam detection operates autonomously — no human reads your emails
  • OAuth 2.0 tokens: Gmail access tokens are securely stored with encryption and can be revoked by you at any time
  • Third-party processors: We use trusted third-party providers (e.g., Cloudflare for hosting, Anthropic for AI analysis, Resend for email delivery) that maintain their own security and privacy standards. We share only the minimum data necessary for each service to function
  • Regular review: We regularly review and update our security practices to address new threats and vulnerabilities

Data Retention

  • We keep scan results for 30 days
  • If you cancel your account, we delete your data within 7 days

Contact Us

If you have questions about this Privacy Policy, contact us at support@antigrift.com.