Security & Privacy

Cautellus is a consumer scam-detection platform operated by MCD LLC. Here's exactly how we handle your data.

What we scan

URLs, text messages, email content, screenshots, AI-generated images, and phone numbers. Every scan runs against 8+ threat intelligence sources including Google Safe Browsing, PhishTank, URLhaus, community reports, and domain age analysis.

What we do NOT store

Scan inputs — the text, URLs, screenshots, and images you submit — are processed in real time and immediately discarded. We do not retain, log, or save the content you analyze. We do not store your scan history on our servers.

Screenshots and images are processed in real time, discarded after analysis, and not used to train AI models.

How image uploads are handled

Uploaded images are compressed client-side before transmission, analyzed for AI-generation markers and scam indicators via our detection pipeline, and immediately discarded. Images may be sent to Anthropic Claude API and Google Cloud Vision API during processing. No images are saved, cached, or used for training purposes. By uploading, you confirm compliance with our Acceptable Use Policy.

How the Chrome extension works

Cautellus only scans when you ask it to. The extension does not run in the background, does not monitor your browsing, and does not read passwords, payment fields, private forms, or your browsing history.

When you click “Scan This Page,” the extension reads the current page's URL, title, meta description, and visible body text (up to 4,000 characters). This content is sent to our API for analysis and immediately discarded.

Right-click scanning and keyboard shortcuts work the same way — only the selected link or text is sent, and only when you explicitly trigger it.

Extension permissions

  • activeTab — Reads the current tab only when you click Scan. Automatically revoked when you navigate away.
  • scripting — Executes a single read-only script to extract page text. Nothing is modified or injected.
  • contextMenus — Adds right-click menu items for scanning links and selected text.
  • storage — Stores auth tokens and recent scan history locally in your browser only. Nothing leaves your device.

Payments

All payments are processed by Stripe. Cautellus never sees, stores, or has access to your credit card number, CVV, or billing details. Stripe is PCI DSS Level 1 certified — the highest level of payment security.

Data we never ask for

Cautellus will never ask for your banking password, full Social Security number, seed phrase, crypto wallet private key, or payment card number in a scan. If anything claiming to be Cautellus asks for this information, it is not us.

Data deletion

To request deletion of your account and any associated data, email support@cautellus.com. We will process your request within 30 days.

Report a vulnerability

If you discover a security vulnerability in Cautellus, please report it responsibly:

security@cautellus.com

Please include the affected URL, steps to reproduce, and whether user data may be involved. We take all reports seriously and will respond within 48 hours.

Trust by design

No stored scan input
Real-time image processing
Stripe-powered payments
HTTPS everywhere
Security headers (A grade)
User-controlled scanning
No background monitoring
Not used for AI training
Clear privacy disclosures

For privacy questions: support@cautellus.com · Privacy Policy · Terms of Service