DoubleCheck
HomeAskNewsReportSearchInstitutionsDashboard

DoubleCheck Privacy Policy

Effective Date: December 26, 2025 • Last Updated: December 26, 2025

DoubleCheck (“DoubleCheck,” “we,” “our,” or “us”) provides scam detection, fraud-prevention, and incident-triage services to individuals and organizations. We are committed to protecting privacy, handling data responsibly, and being transparent about how information is collected, used, and safeguarded.

This Privacy Policy explains how DoubleCheck collects, uses, discloses, retains, and protects information when:

  • individuals use DoubleCheck directly (the “Free DoubleCheck” service),
  • organizations (such as financial institutions, cities, utilities, schools, employers, or other entities) use DoubleCheck for Institutions, and
  • individuals interact with DoubleCheck through an organization that provides DoubleCheck as part of its services.

1. Who We Are

DoubleCheck is operated by a Michigan-based company with its principal place of business in the State of Michigan, United States.

This Privacy Policy is governed by the laws of the State of Michigan and applicable United States privacy laws.

2. Scope of This Policy

This Policy applies to:

  • our websites, widgets, APIs, dashboards, and applications,
  • DoubleCheck-hosted tools embedded on third-party sites or portals,
  • data processed on behalf of institutional customers, and
  • data collected for scam detection, prevention, and threat-intelligence purposes.

This Policy does not apply to third-party websites, platforms, or services that may link to or integrate with DoubleCheck but operate under their own privacy policies.

3. Categories of Users

A. Individual Users (Free DoubleCheck)

People who use DoubleCheck directly without an institutional sponsor.

B. Institutional Customers

Organizations that license DoubleCheck for internal use or to provide DoubleCheck to their customers, residents, members, students, patients, or employees.

C. End Users via Institutions

Individuals who use DoubleCheck through an organization (for example, a bank customer, city resident, utility customer, student, or employee).

4. Information We Collect

4.1 Information You Provide Directly

Depending on how you use DoubleCheck, we may collect:

  • Message content you submit for analysis (e.g., text messages, emails, chat transcripts, descriptions of phone calls)
  • Uploaded artifacts, such as screenshots or documents
  • Incident details, including:
    • type of contact (SMS, email, call, social media)
    • actions taken (clicked link, sent money, shared credentials)
    • approximate dates and times
  • Optional contact information, if you choose to provide it (e.g., email address for follow-up or case reference)
  • Responses to guided questions during scam or fraud intake

You are not required to provide personal identifiers unless explicitly requested or necessary for a specific workflow.

4.2 Information Collected Automatically

We may automatically collect limited technical data, such as:

  • IP address (used for security, fraud prevention, and abuse detection)
  • device and browser type
  • approximate location (city/state level, derived from IP)
  • timestamps and interaction metadata
  • system logs and error diagnostics

4.3 Information from Institutional Customers

When DoubleCheck is provided by an organization, we may receive:

  • an internal reference ID (e.g., customer ID, case ID, or anonymized user token)
  • institution-defined configuration or routing rules
  • case or workflow metadata necessary to provide the service

DoubleCheck does not require access to bank account numbers, Social Security numbers, or full payment credentials unless explicitly configured by an institution—and we strongly discourage collection of unnecessary sensitive data.

5. How We Use Information

We use information for the following purposes:

5.1 Core Service Functionality

  • analyzing content for scam, fraud, and impersonation indicators
  • classifying scam patterns and risk levels
  • generating guidance, next steps, and educational information
  • creating structured incident summaries or evidence packs
  • routing incidents to appropriate institutional workflows (when applicable)

5.2 Institutional Operations

For institutional customers, we may use data to:

  • support customer service, fraud operations, and compliance workflows
  • reduce false positives and improve consistency of guidance
  • generate internal reports and metrics (aggregated and anonymized)

5.3 Scam & Threat Intelligence (Anonymized)

DoubleCheck retains and anonymizes data to:

  • identify new and emerging scam techniques
  • improve detection accuracy and safety guidance
  • research fraud trends across industries
  • protect users and institutions from evolving threats

Anonymized data cannot reasonably be used to identify an individual.

6. Data Anonymization and Aggregation

Before using data for threat-intelligence or research purposes, DoubleCheck applies measures such as:

  • removal of direct personal identifiers
  • redaction of sensitive fields
  • aggregation across multiple incidents
  • transformation of content into non-identifiable signals and patterns

Anonymized or aggregated data may be used indefinitely to improve DoubleCheck and contribute to fraud-prevention insights.

7. Data Sharing and Disclosure

We do not sell personal information.

We may share information only in the following circumstances:

7.1 With Institutional Customers

When you use DoubleCheck through an organization, relevant case information may be shared with that organization as part of providing the service.

7.2 Service Providers

We may share data with trusted service providers who assist with:

  • cloud hosting
  • security monitoring
  • analytics
  • customer support infrastructure

These providers are contractually obligated to protect data and use it only for authorized purposes.

7.3 Legal and Safety Reasons

We may disclose information if required by law or if necessary to:

  • comply with legal obligations
  • protect the safety, rights, or property of users, institutions, or the public
  • prevent fraud, abuse, or security threats

8. Data Retention

8.1 Operational Data

We retain identifiable data only as long as necessary to: provide the service, meet contractual obligations, and comply with legal requirements. Retention periods may vary based on institutional configuration.

8.2 Anonymized Data

Anonymized and aggregated data used for scam and threat intelligence may be retained indefinitely.

9. Data Security

DoubleCheck uses reasonable administrative, technical, and organizational safeguards designed to protect information, including:

  • encryption in transit and at rest
  • access controls and least-privilege policies
  • audit logging and monitoring
  • regular security reviews

No system is 100% secure, but we continuously work to protect information against unauthorized access, misuse, or disclosure.

10. Your Choices and Rights

Depending on your relationship with DoubleCheck and applicable law, you may have the right to: request access to personal data we hold about you, request correction of inaccurate data, request deletion of identifiable personal data (subject to legal and contractual limits), and object to certain uses of data.

If you use DoubleCheck through an institution, requests may need to be coordinated through that organization.

11. Children’s Privacy

DoubleCheck is not intended for use by children under 13. We do not knowingly collect personal information from children under 13 without appropriate authorization.

12. Third-Party Integrations

DoubleCheck may integrate with third-party systems (e.g., ticketing or support platforms) at the direction of institutional customers. Data shared with those systems is governed by the institution’s agreements and the third party’s privacy policies.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the “Last Updated” date and, where appropriate, provide additional notice.

14. Contact Us

If you have questions about this Privacy Policy or DoubleCheck’s data practices, contact:

DoubleCheck Privacy Team
Email: privacy@scamguard.io
Mailing Address:
1306 Kent Rd.
Ortonville, MI 48462
United States