← HomeLast updated: June 18, 2026

Privacy Notice

This Notice explains how H & R Morris Consulting ("we", "us"), trading as ScamShield AI, collects and uses your personal data when you use the Service. We act as the data controller for the personal data described below.

1. Data we collect

  • Account data: name, email address, login credentials.
  • Organization data: team name, member roles and invitations.
  • Submitted content: text, URLs, images, and files you submit for risk assessment.
  • Usage & telemetry: features used, scan history, timestamps, error logs.
  • Device & technical data: IP address, browser type, device identifiers, cookies.
  • Support communications: messages you send us.

Payment card details are collected and processed directly by Paddle; we do not store card numbers.

2. Why we use it (purposes & legal basis)

  • Provide the Service (contract): account creation, running scans, returning reports, team features.
  • Security & fraud prevention (legitimate interests / legal obligation): detecting abuse, protecting users.
  • Product improvement & analytics (legitimate interests): understanding usage and improving accuracy.
  • Customer support (contract / legitimate interests): responding to your inquiries.
  • Marketing communications (consent): only where you have opted in; you can unsubscribe at any time.
  • Legal compliance (legal obligation): tax, accounting, responding to lawful requests.

3. Sharing your data

We share personal data with the following categories of recipients:

  • Service providers / subprocessors — hosting, database, email delivery, analytics, and customer-support tooling that operate the Service on our behalf.
  • AI model providers — to generate risk assessments from content you submit.
  • Merchant of Record (Paddle) — for sale of the Service, subscription management, payments, tax compliance, and invoicing.
  • Professional advisers — legal, accounting, and compliance advisers, under confidentiality.
  • Authorities — where required by law, regulation, or valid legal process.

4. International transfers

Some of our service providers may process data outside your country of residence, including outside the UK/EEA. Where that is the case, we rely on appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms.

5. Data retention

We keep account and scan data for as long as your account is active, and for a reasonable period afterwards to meet legal, accounting, and dispute-resolution obligations. When data is no longer needed, we delete or anonymise it.

6. Your rights

Subject to applicable law (including UK/EU GDPR where it applies to you), you have the right to access, rectify, erase, restrict, or port your personal data, and to object to certain processing. Where processing is based on consent, you may withdraw it at any time. You also have the right to lodge a complaint with your supervisory authority. To exercise these rights, contact us at privacy@scamshieldai.cloud. We aim to respond within one month.

7. Security

We implement appropriate technical and organisational measures, including encryption in transit, role-based access controls, and audit logging, to protect your personal data. No system is perfectly secure, but we work to reduce risk continuously.

8. Cookies

We use cookies and similar technologies that are essential to operate the Service (such as authentication and security), and limited analyticscookies to understand aggregate usage. You can manage cookies through your browser settings.

9. Children

The Service is not directed to children under 16, and we do not knowingly collect their personal data.

10. Changes

We may update this Notice from time to time. Material changes will be communicated via the Service or by email.

11. Contact

H & R Morris Consulting — privacy@scamshieldai.cloud

Back to ScamShield AI