SusScam Logo

Privacy Policy

Last Updated: March 2026

1. Scope of Privacy

At SusScam, our mission is the complete dismantling of malicious infrastructure. Our privacy policy reflects our operational mandate: we care deeply about tracking threat actors, and we care absolutely zero about tracking our users.

This document outlines our stringent data minimization practices. By utilizing the SusScam Public Intake or the Enterprise Bearer API, you consent to the ingestion and subsequent neural processing of the telemetry you submit.

2. Zero-Trust Telemetry Ingestion

2.1 What We Do NOT Collect

  • IP Addresses: Our load balancers are strictly configured to drop user IP headers at the edge. We do not log the source origin of benign reporters.
  • Browser Fingerprints: We do not deploy tracking pixels, analytics suites, or cross-site cookies.
  • Personally Identifiable Information (PII): Unless explicitly provided during an Enterprise API onboarding or email alert subscription, we do not require names, addresses, or billing data.

2.2 What We DO Collect

  • Adversarial Indicators of Compromise (IoCs): Scam URLs, cryptocurrency wallet addresses, fraudulent phone numbers, and malicious email headers submitted via our portal.
  • Photographic Evidence: Screenshots uploaded for AI Vision classification. (All imagery is mathematically scrubbed for metadata prior to storage).
  • B2B Contact Information: For enterprise partners requesting Bearer Tokens, we retain standard corporate contact logic (Work Email, Organization Name).

3. Data Syndication & Mesh Sharing

When a threat is mathematically classified and verified by our Neural Engine, the resulting structural data (the malicious domain, hosting IP, and pattern logic) is synthesized into our public index.

Note for Victim Reporters: We permanently decouple the identity of the reporter from the intelligence they provide. Your email address (used strictly for OTP verification) is one-way hashed and heavily salted. When we syndicate the verified threat intelligence to enterprise firewalls, telecommunications providers, and cybersecurity vendors, it is 100% anonymous.

4. Retention Horizons

Malicious domain structures and associated cyber-criminal telemetry are retained indefinitely to train our Large Vision Models and maintain historical velocity tracking.

User OTP sessions and temporary image processing blobs are automatically purged from our architecture within 72 hours of successful classification.

5. Law Enforcement & DMCA Disclosures

SusScam actively collaborates with global registrars, hosting providers, and international law enforcement agencies. We will execute autonomous takedown requests and share raw threat intelligence (IoCs) to facilitate the dismantling of criminal infrastructure.

We do not possess user tracking data to hand over to law enforcement. We can only provide data pertaining to the threat actors themselves.