The short version: We process the messages you forward to us, automatically redact sensitive data like SSNs and credit card numbers, and store analysis logs for 14 days to improve the service. We never sell your data. We never use your data to train AI models.
1. What We Collect
When you use Second Look via text message (SMS/MMS)
- Your phone number — We store a one-way hash of your phone number (not the number itself) to manage rate limits, opt-out preferences, and subscription status.
- Message content — The text and/or images you forward to us. We automatically redact Social Security numbers, credit card numbers, and verification codes before storing.
- Our response — The risk analysis we send back to you.
- Metadata — Timestamps, message length, number of images, processing time.
When you use Second Look via email
- Your email address — Used to send you the analysis reply and manage your subscription. Stored as-is (not hashed) because we need it to reply to you.
- Forwarded email content — The text of the email you forward. We automatically redact sensitive data before storing. Attachments are noted but not stored or analyzed.
- Our response — The risk analysis we send back to you.
- Metadata — Timestamps, original sender domain, URLs found in the message, processing time.
When you subscribe (pay)
- Payment information — Processed entirely by Stripe. We never see or store your credit card number. We receive your email address, phone number (if provided), and subscription status from Stripe.
2. How We Use Your Data
- To provide the service — We send your forwarded content to Anthropic's Claude API for analysis and return the results to you.
- To improve the service — We review aggregated, redacted logs to identify common scam patterns and improve our analysis prompts.
- To prevent abuse — We use hashed identifiers and rate limits to prevent misuse of the service.
- To manage your subscription — We use your email and/or phone hash to determine your plan status and usage limits.
3. How We Protect Your Data
- Automatic redaction — SSNs, credit card numbers, and verification codes are automatically stripped from message content before storage.
- Output scrubbing — URLs and phone numbers are removed from our analysis responses to prevent accidental redistribution of malicious links.
- Phone number hashing — Your phone number is stored only as a one-way hash. We cannot reverse it to recover your actual number.
- 14-day retention — Analysis logs are automatically deleted after 14 days.
- No AI training — Your data is not used to train any AI models. Anthropic's Claude API does not use API inputs for model training.
4. Third-Party Services
We use the following third-party services to operate Second Look:
5. What We Don't Do
- We never sell your data to anyone.
- We never share your data with advertisers.
- We never use your data to train AI models.
- We never store your credit card information.
- We never contact you for marketing purposes unless you opt in.
6. Your Rights
You can:
- Opt out of SMS at any time by replying STOP to our text number.
- Request data deletion by emailing [email protected]. We will delete all data associated with your phone number hash or email address.
- Cancel your subscription at any time through Stripe. Your access continues through the end of your billing period.
7. Children's Privacy
Second Look is not intended for use by anyone under 18 years of age. We do not knowingly collect information from children.
8. Changes to This Policy
We may update this policy from time to time. If we make material changes, we will update the "Last updated" date at the top of this page.
9. Contact
If you have questions about this privacy policy or want to exercise your data rights, contact us at