Privacy Policy
Last updated: March 4, 2026
This Privacy Policy explains how Smells Phishy handles information when you use the web app and Chrome extension.
1. What We Collect
We collect only the information required to run phishing scans and operate the service.
- Scan content: email content that you paste into the web scanner, or email content/headers/metadata from Gmail when you trigger an extension scan.
- Links in scanned emails: URLs are extracted and checked for reputation/threat signals.
- Extension account/plan data: Google account identity (for sign-in), plan status, usage counters, and consent records.
- Technical data: limited operational data such as IP-based rate-limiting signals, extension version, and redacted error telemetry.
2. How We Use Information
- Run phishing analysis and return scan results.
- Check subscription entitlements and usage limits for extension plans.
- Protect service reliability and prevent abuse.
- Debug and improve service quality using redacted diagnostics.
3. Third-Party Processing
Scans rely on third-party providers. Their privacy policies and terms apply to data they process.
- Google Gemini (email content analysis)
- Google Safe Browsing (URL threat checks)
- URLScan.io (URL reputation checks)
- Google APIs (OAuth/Gmail API for extension scans)
- RevenueCat (subscription and entitlement management)
- Infrastructure providers (hosting, caching, and service operations)
By using the service, you acknowledge that scan data is sent to these providers as needed to deliver results.
4. Data Retention
Smells Phishy does not store, log, or retain raw email content after analysis is completed. We may retain operational records (for example entitlement status, usage counters, and consent/version records) as required to run and secure the service.
5. Security and Limits
We use reasonable safeguards, but no internet service can guarantee absolute security. Smells Phishy provides decision support, not guaranteed protection from all phishing or fraud attempts.
6. Cookies and Analytics
The service is designed to be privacy-first and avoids unnecessary tracking. If analytics are enabled, they are used in aggregate form and should not include raw email content.
7. Your Choices
You can stop using the service at any time and uninstall the extension. Because third-party processors are involved in scan execution, their separate rights and controls also apply.
8. Policy Updates
We may update this policy from time to time. The updated version will be posted on this page with a revised date.
9. Contact
For privacy questions, contact us at support@smellsphishy.app