Privacy Policy

Valid for: www.scamscope.ai
Operator: CEK Invest AG, Kernserstrasse 17, 6060 Sarnen, Switzerland
Last updated: December 2025

This Privacy Policy explains how ScamScope processes personal data. ScamScope is a service operated by CEK Invest AG (“we”, “us”), based in 6060 Sarnen, Switzerland.

1. Controller

The controller under Swiss data protection law and – where applicable – the EU General Data Protection Regulation (GDPR) is:

CEK Invest AG
Kernserstrasse 17
6060 Sarnen, Switzerland
E-mail: support@scamscope.ai

2. Types of data we process

2.1 Uploaded data (images, text, profiles)

We process the data you actively submit to ScamScope, in particular:

• Profile photos and other images that you upload
• Optional profile links (e.g. dating / social media profiles)
• Optional free-text input (e.g. notes about the profile)

This data is used to perform an AI-based analysis to assess the credibility of a profile. Uploads are processed technically and are generally stored only as long as needed to generate your report. Longer-term storage only occurs where necessary for service operation (for example, to allow you to re-open a report).

2.2 Verification and contact data

• E-mail address (for sending verification codes and service emails where necessary)
• Verification code (time-limited, typically 15 minutes)
• Hash-based session identifier (“client_hash”) in the browser’s local storage

We use this data to protect access to ScamScope, prevent abuse and link your usage session to your verification.

2.3 Payment data

Payments are processed via PayPal. We typically receive from PayPal:

• payer_email (email address of the PayPal account)
• payment_id / transaction ID
• Payment status (e.g. “completed”)
• Time and amount of the transaction

We do not receive full credit card numbers or PayPal passwords. Processing is carried out to deliver the services you purchase and to comply with legal record-keeping obligations.

2.4 Technical data / log data

When you access our website and use the service, technical data is automatically processed, in particular:

• IP address and approximate region (derived via infrastructure logs)
• Date and time of access
• Requested URL and response status
• Browser type and operating system

This data is primarily used for security purposes (e.g. defending against attacks), to stabilise operations and for anonymised statistics.

2.5 Cookies and LocalStorage

ScamScope uses cookies and LocalStorage in particular to:

• Manage your session (client_hash, verified status)
• Store your cookie consent
• Remember language settings
• Control the purchase flow and upload slots

Advertising cookies (e.g. via Google AdSense) are only used if you have consented via the cookie banner.

3. Purposes of processing

We process your data for the following purposes:

• Providing the ScamScope service (AI-based profile analysis)
• Carrying out verification processes (email code)
• Processing payments and managing packages / analysis slots
• Abuse and fraud prevention (e.g. bot protection, rate limiting)
• Improving the stability and security of the platform
• Operating advertising (e.g. Google AdSense), if you consent

4. Legal bases (where GDPR applies)

• Art. 6(1)(b) GDPR – performance of a contract: Providing analyses and handling purchases you request.
• Art. 6(1)(f) GDPR – legitimate interests: Ensuring the security and stability of our services, preventing abuse and fraud.
• Art. 6(1)(a) GDPR – consent: Use of advertising cookies and optional marketing functions.

5. Retention periods

• Verification codes: typically around 15 minutes (TTL in the database).
• Uploaded data: generally only for as long as needed to perform the analysis and provide the report.
• Payment and billing data: up to 10 years (statutory retention obligations).
• Log data: according to AWS default retention (typically 30–90 days), unless longer retention is needed for security reasons.

6. Disclosure to third parties / processors

We use the following service providers:

• Amazon Web Services (AWS) – hosting, CloudFront, Lambda, SES, DynamoDB
• PayPal – payment service provider
• Google AdSense – ad delivery (only after cookie consent)

Processing is based on data processing agreements and, where required, EU Standard Contractual Clauses or comparable safeguards.

7. Your rights as a data subject

Subject to applicable data protection law, you have in particular the right to:

• Request information about the personal data we hold about you
• Request rectification of inaccurate data
• Request deletion (“right to be forgotten”)
• Request restriction of processing
• Receive your data in a commonly used, machine-readable format (data portability)
• Object to certain processing activities (in particular direct marketing)

To exercise your rights, please contact us at support@scamscope.ai.

8. AI-based analysis

ScamScope uses AI models to provide an assessment of the credibility of a profile. These are probabilistic evaluations and may contain errors. The results are intended as decision support tools only and do not replace investigations by law enforcement or authorities.

9. International data transfers

Because we use cloud infrastructure (in particular AWS), data may be processed in other countries. Where there is no adequacy decision for a given country, we rely on Standard Contractual Clauses or comparable safeguards to protect your data.

10. Changes to this Privacy Policy

We may update this Privacy Policy if our services or the legal framework change. The version published on this page at the time of your visit applies.

This document is for transparency purposes and does not constitute legal advice.