The short version: We process the messages you forward to us using third-party AI providers, automatically redact sensitive data like SSNs and credit card numbers before sending anything to those providers, and store analysis logs for 14 days to improve the service. We never sell your data.
1. What We Collect
When you use Second Look via text message (SMS/MMS)
- Your phone number — We store a one-way hash of your phone number (not the number itself) to manage rate limits, opt-out preferences, and subscription status.
- Message content — The text, images, and/or voicemail transcripts you forward to us. We automatically redact Social Security numbers, credit card numbers, and verification codes before storing.
- Our response — The risk analysis we send back to you.
- Metadata — Timestamps, message length, number of images, processing time.
When you use Second Look via email
- Your email address — Used to send you the analysis reply and manage your subscription. Stored as-is (not hashed) because we need it to reply to you.
- Forwarded email content — The text of the email you forward. We automatically redact sensitive data before storing. Attachments are noted but not stored or analyzed.
- Our response — The risk analysis we send back to you.
- Metadata — Timestamps, original sender domain, URLs found in the message, processing time.
When you subscribe (pay)
- Payment information — Processed entirely by Stripe. We never see or store your credit card number. We receive your email address, phone number (if provided), and subscription status from Stripe.
When you visit our website
- Basic analytics — We use cookies and the Meta Pixel to understand how visitors find and use our website. This includes page views, button clicks, and advertising attribution (e.g., which ad led you here).
- No message content is shared — Advertising platforms never receive any message content, analysis results, or details about what you send to Second Look.
2. How We Use Your Data
- To provide the service — We automatically redact sensitive data (SSNs, credit card numbers, verification codes) from your forwarded content, then send it to third-party AI providers for analysis and return the results to you.
- To improve the service — We review aggregated, redacted logs to identify common scam patterns and improve our analysis prompts.
- To prevent abuse — We use hashed identifiers and rate limits to prevent misuse of the service.
- To manage your subscription — We use your email and/or phone hash to determine your plan status and usage limits.
3. How We Protect Your Data
- Automatic redaction — SSNs, credit card numbers, and verification codes are automatically stripped from message content before storage.
- Output scrubbing — URLs, phone numbers, email addresses, and verification codes are removed from our analysis responses to prevent accidental redistribution of sensitive information.
- Phone number hashing — Your phone number is stored only as a one-way hash. We cannot reverse it to recover your actual number.
- 14-day retention — Analysis logs are automatically deleted after 14 days.
- No AI training by Second Look — We do not use your data to train any AI models. Message content is sent to third-party AI providers for analysis only, subject to their respective privacy policies linked below.
4. Third-Party Services
We use the following third-party services to operate Second Look:
- AI analysis providers — We use third-party AI providers to analyze message content. Sensitive data is automatically redacted before content is sent to these providers. We currently use Anthropic (Privacy Policy) and OpenAI (Privacy Policy). Providers may change over time.
- Twilio — Handles SMS/MMS message delivery. Subject to Twilio's Privacy Policy.
- Mailgun — Handles email delivery. Subject to Mailgun's Privacy Policy.
- Stripe — Processes payments. Subject to Stripe's Privacy Policy.
- Cloudflare — Hosts the service and stores data. Subject to Cloudflare's Privacy Policy.
- Meta (Facebook) — We use the Meta Pixel on our website to measure advertising effectiveness. The Pixel tracks page visits and button clicks on our website only. No message content or analysis results are shared with Meta. Subject to Meta's Privacy Policy.
5. What We Don't Do
- We never sell your data to anyone.
- We never share your data with advertisers.
- We never use your data to train AI models ourselves.
- We never store your credit card information.
- We never send unredacted sensitive data (SSNs, card numbers, verification codes) to AI providers.
- We never contact you for marketing purposes unless you opt in.
6. Your Rights
You can:
- Opt out of SMS at any time by replying STOP to our text number.
- Request data deletion by emailing hello@secondlookmail.com. We will delete all data associated with your phone number hash or email address.
- Cancel your subscription at any time through Stripe. Your access continues through the end of your billing period.
7. Children's Privacy
Second Look is not intended for use by anyone under 18 years of age. We do not knowingly collect information from children.
8. Changes to This Policy
We may update this policy from time to time. If we make material changes, we will update the "Last updated" date at the top of this page.
9. Contact
If you have questions about this privacy policy or want to exercise your data rights, contact us at hello@secondlookmail.com.