1. Introduction
The Fraud Codex (“we,” “us,” or “our”) operates the website thefraudcodex.com (the “Site”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our Site and use our services, including the Fraud Scanner, Codex Encyclopedia, OSINT Tools, and related features.
We are committed to protecting your privacy. Please read this policy carefully. If you do not agree with the terms of this privacy policy, please do not access the Site.
2. Information We Collect
2.1 Information You Provide
When you use the Fraud Scanner, you voluntarily submit data for analysis, which may include:
- URLs and website addresses
- Email addresses (of suspected scammers, not your personal email)
- Phone numbers (of suspected scam operations)
- Cryptocurrency wallet addresses or token names
- Free-text descriptions of suspicious situations
Important: Do not submit your own passwords, Social Security numbers, banking credentials, or other sensitive personal information through the scanner. The scanner is designed to analyze suspected threats, not to collect your personal data.
2.2 Information Collected Automatically
When you visit the Site, we may automatically collect:
- Device information: Browser type, operating system, screen resolution, device type
- Usage data: Pages visited, time on page, click patterns, referring URL (via Google Analytics, only if you consent)
- IP address: Anonymized by Google Analytics (IP anonymization is enabled)
- General location: Country/region level, derived from anonymized IP (not precise geolocation)
2.3 Information We Do NOT Collect
- We do not require account creation or registration
- We do not collect names, personal email addresses, or mailing addresses
- We do not collect payment or financial information
- We do not use advertising cookies or tracking pixels
- We do not sell, rent, or trade any user data
3. Cookies & Tracking Technologies
3.1 Cookie Categories
We use the following categories of cookies and local storage:
| Category | Purpose | Cookies/Storage | Retention | Consent Required |
|---|---|---|---|---|
| Essential | Cookie consent preferences | fraudcodex_cookie_consent (localStorage) | 6 months | No (strictly necessary) |
| Analytics | Site usage analysis via Google Analytics 4 | _ga, _ga_[ID] | 14 months | Yes — opt-in only |
| Functional | Daily scan counter | fraudcodex_scans (localStorage) | 24 hours (resets daily) | Yes — opt-in only |
3.2 Google Consent Mode v2
We implement Google Consent Mode v2, which means:
- Google Analytics does not set cookies or collect data until you explicitly consent
- Default consent state is “denied” for all non-essential purposes
- If you reject analytics cookies, GA runs in “cookieless” mode with no personally identifiable data collected
- IP anonymization is enabled regardless of consent choice
3.3 Managing Your Preferences
You can change your cookie preferences at any time by clicking “Manage Cookies” in the site footer. You can also clear cookies through your browser settings.
4. How We Use Your Information
We use collected information to:
- Process and deliver fraud scan results in real time
- Maintain and improve the Site’s functionality and performance
- Understand aggregate usage patterns to improve user experience (with consent)
- Monitor for technical issues and security threats
- Comply with legal obligations
We do not use your information for advertising, profiling, automated decision-making affecting your rights, or any purpose not disclosed in this policy.
5. Third-Party Services
Scan data may be transmitted to the following third-party services for analysis:
- Anthropic (Claude AI): For AI-powered threat analysis. Subject to Anthropic’s Privacy Policy.
- VirusTotal: URL and domain reputation checks. Subject to VirusTotal’s Privacy Policy.
- Google Analytics: Anonymized site usage data (with consent only). Subject to Google’s Privacy Policy.
We do not sell, rent, or share personal data with any third party for their marketing purposes.
6. Data Retention
- Scan inputs: Not stored on our servers after the scan is complete. Results are generated in real time and not retained.
- Analytics data: Retained by Google Analytics for up to 14 months (if consent is granted), then automatically deleted.
- Cookie consent records: Stored locally on your device for 6 months.
- Server logs: Standard web server logs may be retained for up to 30 days for security and troubleshooting purposes.
7. Your Rights (GDPR, CCPA, and Other Privacy Laws)
Depending on your jurisdiction, you may have the following rights:
7.1 Under the EU/UK General Data Protection Regulation (GDPR)
- Right of Access: Request a copy of data we hold about you
- Right to Rectification: Correct inaccurate data
- Right to Erasure: Request deletion of your data (“right to be forgotten”)
- Right to Restrict Processing: Limit how we use your data
- Right to Data Portability: Receive your data in a portable format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw previously given consent at any time via “Manage Cookies”
Legal Basis for Processing (GDPR Art. 6): We process data based on (a) your explicit consent for analytics, and (b) legitimate interest for essential site operations and security.
7.2 Under the California Consumer Privacy Act (CCPA/CPRA)
- We do not sell personal information
- We do not share personal information for cross-context behavioral advertising
- California residents may request disclosure of data collected, request deletion, and opt out of any future sale (though none occurs)
To exercise any of these rights, contact us at privacy@thefraudcodex.com.
8. Data Security
We implement industry-standard security measures including:
- HTTPS/TLS encryption for all data in transit
- Server-side security hardening and access controls
- Regular security reviews and updates
- Minimal data collection practices (we cannot lose what we do not store)
No method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
9. Children’s Privacy
The Site is not directed to individuals under the age of 13 (or 16 in the EU/EEA). We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will take steps to delete such information.
10. International Data Transfers
If you access the Site from outside the United States, your data may be transferred to and processed in the United States. By using the Site, you consent to such transfer. We rely on standard contractual clauses and adequacy decisions where applicable for EU/UK data transfers.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last Updated” date. Continued use of the Site after changes constitutes acceptance of the revised policy.
12. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:
The Fraud Codex
Email: privacy@thefraudcodex.com
Website: thefraudcodex.com
This privacy policy is provided for informational purposes and may not cover all legal requirements applicable to your jurisdiction. We recommend consulting with a qualified legal professional for specific privacy compliance questions.