Privacy Policy
Last updated: April 2026
What Scam Gym collects
Scam Gym is designed to work with as little data collection as possible. Most of your practice data — your attempts, scores, streaks, and bookmarks — stays entirely on your device and is never sent to our servers.
Data stored on your device only
- Your practice attempt history (correct/incorrect, confidence, timestamps)
- Your accuracy stats and vulnerability profile
- Bookmarked practice rounds
- Streak and milestone progress
- App settings (theme, focus families, vacation mode)
This data lives in your browser's local storage and IndexedDB. It is not accessible to us. Clearing your browser data or uninstalling the app deletes it permanently.
Data collected when you sign in (optional)
If you choose to sign in with Google to sync your Pro status across devices, we store the following in Firebase Firestore:
- Your email address
- The date you unlocked Pro
- Your Stripe session ID (to verify the purchase)
We do not store your practice history server-side. Sign-in is optional and only used to restore your Pro status on a new device.
Third-party services
- Firebase (Google) — authentication and Pro status sync. Firebase Privacy Policy
- Stripe — payment processing for Pro. We never see your card details. Stripe Privacy Policy
- PostHog — anonymized usage analytics (e.g. which screens are visited, quiz completion rates). No personally identifiable information is sent. PostHog Privacy Policy
Cookies and tracking
We do not use advertising cookies or sell your data. PostHog analytics uses a first-party cookie to count unique sessions; you can opt out in Settings → Analytics.
Children
Scam Gym is not directed at children under 13. We do not knowingly collect data from children.
Deleting your data
To delete all local data: Settings → Reset All Data. To delete your account and server-side data (if signed in): Settings → Delete Account. To request data deletion by email: kevincoder@protonmail.com.
Contact
Questions? Email kevincoder@protonmail.com.