Legal / Privacy

Privacy Policy

A plain-English privacy policy for GuardScope's user-triggered Gmail analysis, no email-content storage posture, subprocessors, retention, and Chrome Web Store disclosures.

Effective: May 15, 2026 / Last updated: May 15, 2026

1. Scope and summary

GuardScope is a Chrome extension and web service that helps Gmail users analyze suspicious emails for phishing and social-engineering signals. This policy explains the information we process, what we do not store, the third-party services involved, retention practices, and how to contact us about privacy requests.

2. User-triggered scans only

GuardScope analyzes an email only when you choose to run a scan. The extension reads the currently open Gmail message for the purpose of producing that requested risk report. GuardScope does not continuously monitor your inbox, read unrelated Gmail messages, or collect browsing history outside the extension purpose.

3. Information processed during a scan

  • Email fields: message body, subject, visible sender information, recipients visible in the message, headers available to the extension, URLs, and attachment names may be transmitted to the GuardScope backend for the scan you request.
  • Security signals: sender authentication, domain and URL reputation, domain age, DNS/RDAP data, threat-intelligence results, and AI-assisted assessment.
  • Usage metadata: scan count, account tier, timestamps, request identifiers, and abuse-prevention signals needed for quota enforcement, diagnostics, and service reliability.
  • Account data: email address and authentication data when you create an account, handled through Supabase Auth.
  • Promo and billing data: launch-code status, subscription status, payment status, and support records needed to operate the service.

4. What GuardScope does not store

  • Email bodies, subjects, sender details, recipients, and headers are not stored in GuardScope databases after the analysis response is produced.
  • Extracted email URLs may be checked during analysis but are not retained as email content.
  • Gmail passwords, address books, contact lists, and full inbox contents are not collected by GuardScope.
  • Browsing history outside Gmail is not collected.
  • Full payment card numbers are not handled by GuardScope; payment processors handle payment details.

5. Purpose of processing

  • Provide user-requested Gmail email threat analysis and advisory results.
  • Enforce anonymous, free, promo, and paid quotas.
  • Prevent abuse, fraud, API scraping, and attempts to bypass service limits.
  • Operate accounts, promo codes, subscriptions, support, and diagnostics.
  • Improve reliability and security without storing user email content.

6. Subprocessors and third-party services

GuardScope uses third-party services only where needed to provide analysis, authentication, hosting, payment, or support:

  • InceptionLabs Mercury-2: receives email text needed for AI-assisted threat analysis.
  • VirusTotal, Google Safe Browsing, PhishTank, URLhaus, and SpamHaus: receive URLs or domains needed for threat-intelligence checks.
  • Cloudflare DNS and RDAP providers: receive domains needed for sender authentication, DNS, and domain-age checks.
  • Supabase: provides authentication and database services for accounts, quotas, promo codes, and subscription state.
  • Stripe and Paystack: process payments and return billing status to GuardScope when paid plans are enabled.
  • Vercel: hosts the website and backend API.
  • Resend: may send transactional email such as promo codes, account messages, or support responses.

7. Retention

  • Anonymous usage counters support the 5-messages-per-day quota and abuse prevention.
  • Signed-in free-account counters support the 5-messages-per-month quota and account operation.
  • Promo records support the 30-day launch-code program and may be retained for support, fraud prevention, and audit purposes.
  • Account and subscription records are retained while your account is active and as needed for legal, tax, fraud-prevention, dispute-resolution, or security reasons.
  • Email content submitted for analysis is not retained in GuardScope databases after the analysis response is produced.

8. Chrome Web Store Limited Use disclosure

GuardScope uses information received from Chrome extension functionality and Google-related surfaces only to provide Gmail email threat analysis, quota enforcement, account operation, security, and user-requested support. GuardScope does not sell this data or use it for advertising. GuardScope will use information received from Google APIs in accordance with the Chrome Web Store User Data Policy, including the Limited Use requirements.

9. Cookies, analytics, and marketing

The Chrome extension does not use advertising cookies. The website may use essential cookies or equivalent storage for authentication and service operation. GuardScope does not use third-party advertising pixels on the launch website. If analytics are added later, they should be limited to product and site reliability metrics and disclosed here.

10. Your choices and rights

  • Access: request a copy of account, quota, promo, or subscription records associated with your account.
  • Deletion: request account deletion and removal of associated account records, subject to legal, security, fraud-prevention, and dispute-resolution retention obligations.
  • Correction: ask us to correct inaccurate account or promo records.
  • Opt out: uninstall the extension or stop using the service at any time.

Email privacy requests to privacy@guardscope.app.

11. Regional privacy notes

GuardScope is designed around data minimization and user-triggered processing. Users may have rights under privacy laws such as the Nigeria Data Protection Act, GDPR, UK GDPR, or state privacy laws depending on location and circumstances. Nothing in this policy limits mandatory rights available under applicable law.

12. Children

GuardScope is not directed to children under 13, and we do not knowingly collect data from children.

13. Contact

Privacy questions: privacy@guardscope.app General support: support@guardscope.app

GuardScope

These documents should be reviewed by qualified counsel before launch.