Privacy Policy

Who We Are

GrannySafe is a Chrome browser extension that helps protect elderly users from online scams by analyzing webpage content in real time. The extension and website are operated at grannysafe.io. When we say "GrannySafe," "we," "us," or "our" in this policy, we mean the team behind the GrannySafe extension and website.

What Data We Collect

Account information (when you sign in)

When you sign in with Google, we receive and store the following information from your Google account:

• Email address — used to identify your account and manage your subscription
• Google account ID — a unique identifier used to link your Google account to your GrannySafe account
• Display name — used to personalize your experience
• Profile photo URL — used to display your avatar in the extension popup

This information is used solely for authentication and subscription management. We do not use it for advertising, marketing, or profiling purposes.

Page content sent for analysis

When you visit a webpage, GrannySafe extracts the visible text content of that page and sends it to our backend API for analysis. This text is processed by an AI model (powered by Anthropic's Claude API) to determine whether the page exhibits characteristics of known scam patterns. The analysis returns a risk score and safety assessment — nothing more.

The page text is used solely for the purpose of scam detection. It is not stored permanently on our servers, is not indexed, and is not used to build profiles about you or your browsing habits.

What we do NOT collect

• Browsing history: GrannySafe does not record, store, or transmit your browsing history. We do not know which sites you visit unless a page is actively being analyzed.
• Passwords or form data: The extension never accesses, reads, or transmits passwords, credit card numbers, or any data you enter into forms.
• Keystrokes: GrannySafe does not log keystrokes or monitor your input in any way.

Local storage

The extension uses chrome.storage.local (your browser's local storage) to cache analysis results so that pages you revisit do not need to be re-analyzed. This data stays on your device and is never transmitted to us. Cached results expire automatically after 24 hours. You can clear this data at any time by uninstalling the extension or clearing your browser data.

The extension also stores your preferences locally, such as whitelisted domains and protection mode settings. These never leave your device.

What the Website Collects

Contact form submissions

If you contact us through any form on grannysafe.io, we collect the information you voluntarily provide — typically your email address and message content. We use this solely to respond to your inquiry and do not add you to marketing lists unless you explicitly opt in.

Analytics

We may use privacy-respecting analytics to understand how visitors use our website (pages visited, time on page, referral source). These analytics do not track individual users across websites and do not use persistent identifiers. No analytics data from the website is connected to your extension usage.

Cookies

The grannysafe.io website uses minimal cookies. We do not use advertising cookies, tracking pixels, or retargeting tools. Any cookies present are strictly functional — for example, to remember if you have dismissed a notification. The GrannySafe extension itself does not set or read cookies on any website you visit.

How We Use Your Data

We use the data we collect for the following purposes only:

• Authentication: To verify your identity and sign you into your GrannySafe account via Google OAuth.
• Subscription management: To manage your trial period, paid subscription, and billing status.
• Scam detection: To analyze web page content and determine whether a site poses a risk to you.
• Product improvement: To understand aggregate usage patterns (e.g., how many scams detected) — never individual browsing behavior.

We do NOT sell your data to third parties. We have never sold user data and never will. We do not use your data for advertising, ad targeting, or any purpose unrelated to providing and improving the GrannySafe service.

Third-Party Services

GrannySafe uses the following third-party services in the course of providing the Service:

• Google OAuth (Google Identity Services): Used for account authentication. When you sign in with Google, Google processes your authentication credentials. Google's privacy policy applies to data Google collects during the sign-in process. GrannySafe only receives the account information listed above (email, name, Google ID, profile photo).
• Anthropic Claude API: Page text sent for scam analysis is processed using Anthropic's Claude API. Anthropic acts as a data processor on our behalf. Under Anthropic's data usage policy, API inputs are not used to train their models.
• Stripe: Payment processing for paid subscriptions is handled by Stripe. GrannySafe does not store your credit card number, CVV, or full payment details — these are handled entirely by Stripe's PCI-compliant infrastructure. We receive only your Stripe customer ID and subscription status.

No other third-party services receive your page content or personal data through the extension.

Google API Services Compliance

GrannySafe's use of information received from Google APIs will adhere to the Google API Services: User Data Policy, including the Limited Use requirements.

Specifically, we limit our use of Google user data as follows:

• We only request access to the data necessary for GrannySafe to function (email, profile name, and profile photo).
• We do not transfer Google user data to third parties except as necessary to provide and improve the Service, comply with applicable laws, or as part of a merger or acquisition with adequate data protection provisions.
• We do not use Google user data to serve advertisements.
• We do not allow humans to read Google user data unless we have your affirmative consent, it is necessary for security purposes, to comply with applicable law, or the data is aggregated and anonymized for internal operations.

Data Retention and Deletion

• Account data (email, name, Google ID): Retained for as long as your account is active. You can request deletion at any time by emailing support@grannysafe.io — we will delete your account and all associated data within 30 days.
• Page text sent for analysis: Processed in real time and not stored on our servers after the analysis response is returned.
• Cached results on your device: Automatically expire after 24 hours. You can delete them at any time.
• Payment data: Managed by Stripe. We do not store payment card details. Your Stripe customer ID is retained only while your account is active.
• Contact form submissions: Retained for as long as needed to resolve your inquiry, then deleted within 90 days unless ongoing communication requires otherwise.
• Analytics data: Aggregated and anonymized. No individual-level data is retained beyond 26 months.

Your Rights

Regardless of where you are located, you have the right to:

• Request access to the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your account and all associated data.
• Request data portability — receive your data in a structured, machine-readable format.
• Withdraw consent at any time by uninstalling the extension and requesting account deletion.

To exercise any of these rights, email us at support@grannysafe.io. We respond to all requests within 30 days.

Data Security

All communication between the extension and our backend API is encrypted using TLS (HTTPS). We apply industry-standard security practices to our infrastructure, including regular security reviews and access controls. While no system is perfectly immune to every threat, we treat your data with the seriousness it deserves.

Your Rights Under GDPR

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights regarding your personal data:

• Access: You can request a copy of any personal data we hold about you.
• Rectification: You can ask us to correct inaccurate data.
• Erasure: You can ask us to delete your data (right to be forgotten).
• Restriction: You can ask us to limit how we process your data.
• Portability: You can request your data in a structured, machine-readable format.
• Objection: You can object to data processing based on legitimate interests.

Because GrannySafe collects minimal personal data by design, many of these requests may be straightforward — in most cases, we simply do not have data to provide or delete. To exercise any of these rights, email us at support@grannysafe.io.

Our legal basis for processing page text is legitimate interest — specifically, the interest of protecting users from fraudulent and harmful web content. For contact form data, our basis is consent (you choose to contact us).

California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act gives you specific rights:

• Right to know: You can request what personal information we collect and how we use it. This policy is our primary disclosure.
• Right to delete: You can request deletion of personal information we have collected from you.
• Right to opt out of sale: We do not sell personal information. We have never sold personal information. There is nothing to opt out of.
• Non-discrimination: We will not treat you differently for exercising your privacy rights.

To make a CCPA request, contact us at support@grannysafe.io.

Children's Privacy

GrannySafe is not directed at children under 13 (or under 16 in the EEA). We do not knowingly collect personal information from children. The extension is designed for use by adults, particularly elderly users and their family members. If you believe a child has provided us with personal data, contact us immediately at support@grannysafe.io and we will delete it.

Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or for legal and regulatory reasons. When we make meaningful changes, we will update the "Last updated" date at the top of this page. For significant changes, we may also notify users through the extension or via email if we have your contact information.

Contact Us

If you have questions about this privacy policy, want to exercise your data rights, or have concerns about how GrannySafe handles your information, reach out to us:

Email: support@grannysafe.io

We respond to all privacy-related inquiries within 30 days.