Privacy Policy

Scampy Ltd. (“Scampy”, “we”, “us”) is a company registered in England and Wales. We are the data controller for the personal data described in this policy.

We collect the following categories of information:

• Account data: name, email address, password hash, and authentication provider identifiers.
• Trip data: destinations, travel dates, and saved itineraries you choose to add.
• Location data: approximate location used to deliver nearby alerts. You can disable precise location in your device settings at any time.
• Device and usage data: device model, OS version, language, crash reports, and product analytics events.
• Billing data: handled by our payment processor; we receive a token and the last four digits of the card.

• Deliver real time, location based scam alerts and trip risk summaries.
• Operate, secure, and improve our products, including training and tuning SCAMPYV1 on aggregated, de identified signals.
• Send transactional emails, security notices, and (where you opt in) product updates.
• Detect abuse, prevent fraud, and meet our legal obligations.

We process personal data under one or more of the following lawful bases: performance of a contract with you, our legitimate interests in running and improving the service, your consent (which you can withdraw), and compliance with legal obligations.

We do not sell personal data. We share limited data with vetted processors who help us run the service, including cloud hosting, analytics, payments, customer support, and email delivery. Each is bound by a written data processing agreement. We may also disclose information where required by law or to protect the rights and safety of our users.

Scampy operates globally. Where personal data leaves the UK or EEA we rely on UK and EU Standard Contractual Clauses, the UK International Data Transfer Addendum, or another approved safeguard.

We keep account data for as long as your account is active and for a reasonable period afterward to handle disputes and meet legal duties. Aggregated, de identified data may be kept indefinitely. You can request deletion at any time.

Depending on where you live, you may have the right to access, correct, delete, port, or restrict processing of your personal data, and to object to certain processing. To exercise any of these, email privacy@scampy.app. You can also lodge a complaint with your local data protection authority.

Scampy is not intended for children under 16. We do not knowingly collect personal data from children. If you believe a child has given us personal data, contact us so we can remove it.

Questions or requests: privacy@scampy.app. Postal mail: Scampy Ltd., Data Protection Officer, 1 Finsbury Avenue, London EC2M 2PF, United Kingdom.