Privacy Policy
Last updated: June 2026
Who we are
Can We Trust It? is operated by GIK TOK LLC, a Wyoming-registered limited liability company. References to “we”, “us”, or “our” throughout this policy refer to GIK TOK LLC.
What we collect, and for what purpose
We collect only what we need to run the service. Each category below lists what we collect, why, and how long we keep it.
- ▸Text content you submit for analysis — the text, URL, email, or message you paste into the checker. This is sent to our AI provider (Anthropic) for analysis. The full submitted content is discarded immediately after analysis is returned to you, except in the two cases described below (“Image content” and “Wall of Shame”).
- ▸Image content you submit for analysis — if you upload a screenshot for analysis, the image is sent to our AI provider (Anthropic) for analysis and is discarded immediately after analysis is returned to you. We do not retain images, except in the two cases described below (“Wall of Shame”).
- ▸IP address (for rate-limiting) — when you use the free tier, we store a short-lived hashed key derived from your IP address to enforce the 3-checks-per-24-hour limit. This key expires automatically after 24 hours.
- ▸Country-level location (for aggregate analytics) — we store the country code associated with each check (for example, “GB”, “US”, “IL”) in a cumulative tally. We do not store your IP, city, region, or any more precise location. This data is used to understand which countries the service is being used in and is retained indefinitely as aggregate counts only.
- ▸Email address (only if you create an account) — if you subscribe to a paid plan or sign in to manage one, we store your email address. We use it to send you the magic-link sign-in emails, your payment receipts, and (rarely) service notices. We retain it for as long as your account is active, and for a reasonable period after cancellation in case you wish to restore access. You can ask us to delete it at any time by emailing hello@canwetrustit.com.
- ▸Stripe customer ID (only if you have a paid plan) — once you start a paid subscription, our payment provider Stripe creates a customer ID linked to your email. We store this ID alongside your subscription tier, billing period (monthly or yearly), and counters for usage during the current billing period. We retain this for as long as your subscription is active and for our records of past transactions.
- ▸Session cookie (only when signed in) — when you sign in, we set a secure, HTTP-only, HMAC-signed cookie in your browser to keep you signed in. This cookie contains your email address (signed so it cannot be tampered with) and expires after a reasonable period. It is never readable by JavaScript and is never sent to third parties.
The Wall of Shame (opt-in only)
We operate a public “Wall of Shame” at canwetrustit.com/wall where users can choose to anonymously share scams they have submitted, so that others receiving the same scam may recognize it.
This is strictly opt-in. The default is that your submitted content is never added to the Wall. The opt-in checkbox only appears when an analysis returns a suspicious or high-risk verdict, and it is unchecked by default. If you tick that checkbox and confirm submission, the following happens:
- Before storage, the content is automatically scrubbed. Personal details that identify you (your name, your address, your phone number, account numbers, identification numbers, specific dollar amounts that could identify you) are replaced with
[redacted]. Scammer phone numbers and email addresses are partially masked. Scammer lookalike domains are displayed intact but with dots bracketed so they are not clickable. - The scrubbed entry is stored for 24 hours in a hidden queue. During this window it is not visible to the public. You may request immediate removal during this window by emailing appeals@canwetrustit.com with no questions asked.
- After 24 hours, the entry becomes publicly visible on
canwetrustit.com/walland at its own permalink URL. We store: the scrubbed text, the verdict and risk score, the scam category, the country code (no more precise location), and the date submitted. We do not store: your email, your IP address, your name, or anything that links the entry back to you. - You may request removal at any time, even after publication, by emailing appeals@canwetrustit.com. We will remove the entry within a reasonable period.
- Anyone can flag a Wall entry as a possible false positive by clicking “Report this entry.” A reported entry is automatically hidden pending our review.
Once a Wall entry is published, it is intended as a permanent public warning. We retain it indefinitely unless you or another good-faith reporter requests removal.
Browser storage
A small number of preferences and flags are stored in your browser’s local storage. These never leave your device and are never sent to our servers:
- –Your chosen interface language (a short code like fr or he), if you have switched away from the auto-detected language.
- –A flag recording that you accepted our Terms of Service, so you do not see the checkbox every visit.
- –A flag (install_prompt_dismissed) recording that you dismissed the “Add to your phone” prompt.
- –Cached icon files if you added the app to your home screen.
You can clear any of these by clearing your browser’s site data for canwetrustit.com.
What we do not do
- ✓We do not sell, rent, or share your data with third parties for commercial purposes.
- ✓We do not use cookies for tracking or advertising.
- ✓We do not use your submitted content to train AI models.
- ✓We do not display advertising.
- ✓We do not store your IP address beyond the 24-hour rate-limit window.
- ✓We do not store the analysis content of safe (non-suspicious) verdicts beyond the moment of analysis.
Third parties we use
- –Anthropic — receives your submitted text or image for AI analysis. Governed by Anthropic’s privacy policy.
- –Stripe — processes payments if you subscribe. We never see or store your card details. Governed by Stripe’s privacy policy.
- –Resend — sends the magic-link sign-in emails and the payment receipts. We send only your email address and the message content.
- –Vercel — hosts the service.
- –Upstash — provides the database that stores subscriber records, the Wall, and the rate-limit counters.
Your rights
You may at any time:
- –Request a copy of any personal data we hold about you (your email, your subscription details, your Wall submissions if any).
- –Request deletion of your account, your subscription history, or specific Wall entries you submitted.
- –Withdraw consent for any Wall entries you previously opted in to share.
To exercise any of these rights, email hello@canwetrustit.com.
Children
The service is not directed at children under 13. We do not knowingly collect personal data from anyone under 13. If you believe a child has provided us with personal data, please contact us and we will delete it.
Governing law
This Privacy Policy is governed by the laws of the State of Wyoming, United States. Any disputes arising under this policy will be subject to the jurisdiction of the courts of Wyoming.
Contact
For privacy enquiries, contact us at hello@canwetrustit.com. For removal requests relating to the Wall of Shame specifically, contact appeals@canwetrustit.com.