ScammerWatch (“we”, “us”, “our”) operates the website scammerwatch.com. This Privacy Policy explains how we collect, use, store, and share personal data submitted to us through our report forms, contact forms, and email communications. It also explains your rights under applicable data protection law including the General Data Protection Regulation (GDPR).
ScammerWatch is an independent online fraud reporting and safety publication. We review reports of phishing pages, fake trading platforms, scam tokens, wallet drainers, impersonation attempts, and other online fraud. We prepare structured abuse reports for submission to registrars, hosting providers, payment processors, and security teams.
For data protection purposes, ScammerWatch is the data controller for personal data submitted through this website. For inquiries regarding data or privacy, contact us at: [email protected]
We collect personal data only when it is voluntarily submitted by users through our report submission form, contact form, or direct email communication. The types of data we may collect include:
Do not submit passwords, seed phrases, private keys, full payment card numbers, or identity documents. We do not request these and have no secure process to handle them.
Under the GDPR, we process personal data on the following legal bases:
Legitimate interests (Article 6(1)(f)): Processing report submissions to review fraud claims, prepare abuse reports, and share relevant evidence with registrars, hosting providers, security teams, and law enforcement. Our legitimate interest is the prevention and documentation of online fraud.
Consent (Article 6(1)(a)): Where you voluntarily submit a report, you consent to us using the submitted information for the purposes described in this policy. You may withdraw consent at any time by contacting us.
Legal obligation (Article 6(1)(c)): Where we are required to retain or disclose data to comply with applicable law, court order, or regulatory requirement.
We use data submitted through report forms and contact forms for the following purposes:
We may share relevant report information with third parties when necessary to process a fraud, phishing, or abuse complaint. Recipients may include:
We share only the minimum information necessary to support the abuse report. We do not sell personal data. We do not share personal data with advertisers or marketing platforms.
When submitting abuse reports to registrars including Namecheap, the information shared typically includes: the suspicious URL, report category, incident summary, evidence screenshots, timestamps, and current review status. Reporter contact details are not included in provider-facing reports unless the reporter explicitly consents.
We use standard website analytics and security tools to understand traffic patterns, prevent spam and abuse, and protect the website. These tools may automatically collect IP addresses, browser type, device type, pages visited, and timestamps. This data is processed in aggregate and is not used to identify individual users.
We use Cloudflare for website security and performance. Cloudflare may process request data in accordance with its own privacy policy. We do not use advertising cookies or third-party tracking pixels.
We retain submitted report data for as long as necessary to:
Report data is not retained indefinitely. When a case is closed and no legal or investigative obligation applies, data is deleted or anonymised. You may request deletion of your data by contacting us — subject to the retention requirements above.
If you are located in the European Economic Area or the United Kingdom, you have the following rights regarding your personal data:
Right of access: You may request a copy of the personal data we hold about you.
Right to rectification: You may request correction of inaccurate data.
Right to erasure: You may request deletion of your data, subject to retention obligations for active investigations.
Right to restrict processing: You may request that we limit how we use your data in certain circumstances.
Right to data portability: You may request a copy of your data in a structured, machine-readable format.
Right to object: You may object to processing based on legitimate interests. We will consider your objection and cease processing unless we have compelling legitimate grounds that override your interests.
Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection authority if you believe we have not handled your data correctly.
ScammerWatch may transfer data to registrars, hosting providers, or security teams located outside the EEA. When we do so, we ensure that appropriate safeguards are in place in accordance with GDPR requirements, including reliance on adequacy decisions or standard contractual clauses where applicable.
ScammerWatch uses original, licensed, public-domain, or properly attributed media. We do not treat images found on the internet as automatically free to use. If you believe your copyrighted material appears on ScammerWatch without permission, contact [email protected].
We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page reflects the most recent revision. Continued use of the website after a policy update constitutes acceptance of the revised policy.
For privacy-related inquiries, data subject requests, or questions about this policy:
Privacy: [email protected] Abuse reports: [email protected] Legal / copyright: [email protected]