Privacy Policy

Last Updated: March 2, 2026

1. Introduction

ScamFreeFX (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services, in accordance with the EU General Data Protection Regulation (GDPR) and the Norwegian Personal Data Act (Personopplysningsloven). By using our Services, you acknowledge the practices described in this Privacy Policy.

2. Information We Collect

2.1 Account Information

When you register for an account, we collect:

Email address
Display name
If you sign in via Google OAuth: your Google profile name and email (we do not receive your Google password)

2.2 User-Generated Content

Content you voluntarily submit, including:

Reviews and ratings of brokers, prop firms, and other entities
Scam reports and community discussions
Evidence uploads (screenshots, documents) attached to reports

2.3 Trust Scanner Inputs

When you use the Trust Scanner feature, we process:

Entity names and website URLs you submit for analysis
Social media links and other public information about the entity

2.4 Automatically Collected Information

When you visit our website, we automatically collect:

IP address (hashed via SHA-256 for rate limiting; we do not store raw IP addresses)
Browser type and version (via standard HTTP headers)
Referring page (if applicable)

2.5 Cookies & Local Storage

We use a minimal set of essential and functional cookies, plus browser local storage for preferences and caching. We do not use analytics or advertising cookies. For full details, see our Cookie Policy.

3. How We Use Your Information

We use the information we collect for the following purposes:

Service Delivery: To provide, operate, and maintain our platform, including displaying reviews, generating trust scores, and rendering map visualizations
AI Analysis: To process entity data (not your personal data) through the Trust Scanner for trust assessments
Account Management: To create, manage, and authenticate your account
Communication: To respond to your inquiries and send service-related notifications
Security: To detect and prevent abuse, including rate limiting and fraud prevention
Content Moderation: To review and moderate user-generated content
Legal Compliance: To comply with applicable laws and legal obligations

4. AI Processing & Third-Party Processors

We use the following third-party services to deliver our platform:

Anthropic (Claude AI)

Powers the Trust Scanner feature. What is sent: entity name, website URLs, social media links, and publicly available information about the entity being analyzed. What is NOT sent: your email, account details, IP address, or any personal information. Anthropic processes data under their Privacy Policy.

Supabase

Provides authentication, database storage, and file storage (including evidence uploads). Data is stored in Supabase-managed infrastructure. Privacy Policy

Mapbox

Renders interactive map visualizations. May load map tiles, fonts, and geocoding data. Privacy Policy

Vercel

Hosts our website on a global edge network. Vercel processes requests and may log access data. Privacy Policy

Google OAuth

Optional sign-in method. We receive only your name and email from Google. Google's own terms apply to the OAuth flow. Privacy Policy

5. Data Sharing

We do not sell your personal information. We may share your information in the following circumstances:

Service Providers: With the third-party processors listed in Section 4, solely to deliver our services
Legal Requirements: When required by law, court order, or government regulation
Public Content: Reviews, ratings, and reports you post are visible to other users and the public
Aggregate Statistics: We may share anonymized, aggregate data with affiliate partners (e.g., total review counts) that cannot identify individual users
Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction

6. Cookies & Tracking

We use a minimal set of cookies: one essential authentication cookie (Supabase) and one functional cookie (sidebar preference). We also use browser local storage for theme, form drafts, and entity caching.

We do not currently use any analytics or advertising trackers. For complete details, see our Cookie Policy.

7. Data Security

We implement appropriate technical and organizational security measures to protect your personal information, including:

All data transmitted over HTTPS (TLS encryption)
Passwords hashed using industry-standard algorithms (handled by Supabase Auth)
IP addresses hashed via SHA-256 before storage (for rate limiting only)
Supabase Row Level Security (RLS) policies to ensure users can only access their own data
Access controls and authentication procedures

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

8. Your Rights (GDPR)

Under the GDPR and Norwegian Personal Data Act, you have the following rights regarding your personal information:

Access: Request access to the personal information we hold about you
Correction: Request correction of inaccurate or incomplete information
Deletion: Request deletion of your personal information
Data Portability: Request a copy of your data in a portable format
Restriction: Request restriction of processing in certain circumstances
Objection: Object to processing based on legitimate interests
Withdraw Consent: Withdraw your consent at any time where processing is based on consent
Lodge a Complaint: You have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet) at datatilsynet.no

To exercise these rights, please contact us at contact@scamfreefx.com.

9. Children's Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

10. International Data Transfers

Your information may be transferred to and processed in countries outside the European Economic Area (EEA). Our processors operate in the following regions:

Supabase: EU and US data centers
Anthropic: United States
Vercel: Global edge network (data processed at nearest edge location)

Where data is transferred outside the EEA, we rely on Standard Contractual Clauses (SCCs) or other approved transfer mechanisms to ensure adequate protection of your personal data.

11. Data Retention

We retain your data for the following periods:

Account data: Retained while your account is active, plus 30 days after deletion to allow recovery
Reviews and reports: May persist in anonymized form after account deletion to maintain platform integrity
Trust Scanner cache: Cached results are retained for up to 30 days (14 days for mentors), then automatically purged
IP hashes: Retained only for the duration of the rate-limiting window, then discarded

12. Affiliate Relationships

ScamFreeFX participates in affiliate programs with some of the brokers and services listed on our platform. Important details about how this relates to your privacy:

Affiliate click tracking is handled entirely server-side via /go/ redirects — no affiliate tracking cookies are set in your browser
We do not share your personal information with affiliate partners
Affiliate relationships do not influence editorial content, trust scores, or review rankings

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Material changes will be communicated through a prominent notice on our website (e.g., a banner notification). We will update the “Last Updated” date at the top of this page. We encourage you to review this Privacy Policy periodically.

14. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

ScamFreeFX

Email: contact@scamfreefx.com

Subject: Privacy Policy Inquiry

If you are not satisfied with our response, you have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet) at datatilsynet.no.

Your Privacy Matters: We are committed to transparency and protecting your personal information. If you have any concerns about how we handle your data, please don't hesitate to reach out to us.