Effective Date: March 1, 2026 · Last Updated: March 18, 2026
ScamAtlas ("we," "our," or "the App") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights. We designed ScamAtlas with privacy as a core principle — we collect only what's necessary to deliver a great experience.
The short version: We don't sell your data. We will not share, sell, or disclose your mobile information to third parties for marketing or promotional purposes. We don't track you across other apps. Your Timestamp Vault photos never leave your device unless you choose to export them. Your address book is never uploaded — Signal contacts are stored locally on your device. We collect minimal analytics to improve the app.
When you create an account, we collect your email address and the authentication credentials you use to sign in. If you subscribe to ScamAtlas Pro, payment processing is handled entirely by Apple through the App Store — we never see or store your payment details.
The Signal feature lets you share your GPS location with people you designate as trusted contacts. To use Signal, you grant ScamAtlas access to your device address book so you can select contacts. Your address book is accessed on-device only and is never uploaded to our servers. The contact details you save (name, phone number, and messaging channel preference) are stored locally on your device using encrypted storage. Your display name (used to identify you in messages sent to your contacts) is also stored locally on your device — it is included in outbound Signal messages so recipients know who shared their location, but is never stored on our servers.
When you send a Signal, your current GPS coordinates are shared with your trusted contacts via their chosen messaging channel. Free users' messages are sent via the device's native messaging app (iMessage/SMS). Pro users' messages are delivered server-side through Twilio via SMS or WhatsApp. Your coordinates and the recipient's phone number are transmitted through our server to Twilio for Pro delivery. We do not store the content of sent Signal messages on our servers after delivery.
By adding trusted contacts and initiating a Signal share or enabling the Check-In Timer, you consent to ScamAtlas sending SMS or WhatsApp messages on your behalf to the contacts you designate. Message frequency varies based on your usage — messages are sent only when you manually tap "Share My Location" or when a Check-In Timer expires without a check-in. No automated marketing or promotional messages are ever sent. Message and data rates may apply to message recipients.
You can stop all messaging at any time by removing your trusted contacts or disabling the Check-In Timer within the app. We will not share, sell, or disclose your mobile opt-in information or your contacts' phone numbers to any third parties for marketing or promotional purposes. Phone numbers are transmitted to Twilio solely for the purpose of delivering your requested safety messages.
We collect basic usage analytics to understand how the app is used and to improve it. This includes which screens you visit, which cities you search for, app version, device type, and OS version. We do not collect precise location data unless you explicitly grant location permission, and even then it is used only to suggest your current city — it is never stored on our servers.
When you seal a capture in the Timestamp Vault, a cryptographic hash (a unique digital fingerprint) of your photo or video is transmitted to our server along with the GPS coordinates, capture timestamp, and a randomly generated device identifier. Your actual photos and videos are never uploaded. This seal metadata is used solely to provide independent, server-side verification that your capture existed at a specific time and place — supporting your documentation in the event of a dispute. The cryptographic hash cannot be used to reconstruct or view your images.
We use the information we collect to provide and maintain the ScamAtlas service, deliver city-specific scam intelligence to you, process your subscription through Apple, send important service updates (such as security alerts), improve app performance and fix bugs, and understand aggregate usage patterns to guide product development.
Account data and city preferences are stored on Supabase, our cloud database provider, with encryption in transit and at rest. Offline dossier data is cached on your device using encrypted local storage. Timestamp Vault captures (photos and videos) are stored exclusively on your device and are never uploaded to our servers. Vault seal metadata — consisting of the cryptographic hash, GPS coordinates, timestamp, and a device identifier — is stored on our server to enable independent verification. This seal metadata cannot be used to view, reconstruct, or identify the contents of your captures.
We use a limited number of third-party services:
We do not use any advertising SDKs, tracking pixels, or data brokers. We do not share, sell, or rent your personal information to third parties.
You have the right to access, correct, or delete your personal data at any time. You can:
ScamAtlas may include links to third-party services such as eSIM providers, transportation apps, and other travel tools within city dossiers and arrival briefings. Some of these links are affiliate links, meaning ScamAtlas may earn a commission if you make a purchase or sign up through them. This comes at no additional cost to you.
We only recommend services that we believe are relevant and useful for traveler safety. Affiliate relationships never influence which scams we report or how we rate a city's risk level. Our scam intelligence is editorially independent from any commercial partnerships.
When a link is an affiliate link, it is labeled within the app. We do not share any of your personal data with affiliate partners — clicking an affiliate link is handled by your device's browser or the partner's app, subject to that partner's own privacy policy.
ScamAtlas is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
We retain your account data for as long as your account is active. If you delete your account, we remove your personal data from our servers within 30 days. Anonymized, aggregated analytics data (which cannot identify you) may be retained indefinitely to improve the service.
ScamAtlas is operated from the United States. If you are located outside the US, your data may be transferred to and processed in the US. By using the app, you consent to this transfer. We comply with applicable data protection laws, including GDPR for European users.
We may update this Privacy Policy from time to time. We will notify you of material changes through the app or via email. Your continued use of ScamAtlas after changes are posted constitutes acceptance of the updated policy.
If you have questions about this Privacy Policy or your data, contact us at: