Skip to content
Back to FraudShield

Privacy Policy

FraudShield by CloudTrunk Technologies

Last Updated: March 2026

Our Privacy Promise

100% on-device analysis. Zero data uploaded. Your phone, your data.

FraudShield is built by CloudTrunk Technologies Private Limited, an Indian company that believes privacy is a fundamental right. This policy complies with the Digital Personal Data Protection (DPDP) Act, 2023.

How FraudShield Works

FraudShield scans URLs, UPI IDs, phone numbers, SMS messages, and QR codes for fraud indicators. All scanning and analysis happens entirely on your device. We maintain an offline database of known scam patterns that is bundled with the app.

What We Collect

On-Device Only

Scan history, threat alerts, and your preferences are stored locally on your device using an encrypted database. This data never leaves your phone.

Optional API Checks

When you scan a URL or UPI ID, the app may send that specific item to our API for a real-time check. We do not store these queries beyond the time needed to process them. No personal information is sent with these requests.

What We Don't Do

We don't read your SMS messages on our servers
We don't upload your call logs or contacts
We don't track your location
We don't use advertising SDKs or tracking pixels
We don't serve advertisements
We don't sell or share your data with third parties
We don't create user profiles for marketing

Permissions We Request

FraudShield requests certain Android permissions to provide its protection features. Each permission is optional and you control what to grant:

SMS (READ_SMS, RECEIVE_SMS)

To scan incoming SMS messages for scam patterns on your device. Messages are analyzed locally and never uploaded.

Call Log (READ_CALL_LOG)

To analyze your call history for known scam numbers. All analysis happens on-device.

Phone State (READ_PHONE_STATE)

To detect potential 'digital arrest' scam calls from unknown numbers in real-time.

Camera

To scan QR codes for fraudulent UPI payment requests.

Contacts (READ_CONTACTS)

To distinguish known contacts from unknown callers during digital arrest detection. Contact data stays on your device.

Internet

To perform optional real-time API checks against our threat intelligence database.

DPDP Act 2023 Compliance

FraudShield is designed to comply with India's Digital Personal Data Protection Act, 2023:

Consent: You control all permissions via granular toggles in the Privacy Center
Purpose limitation: Data is only used for scam detection, nothing else
Data minimization: We process the minimum data needed for each scan
Right to erasure: Delete all your data anytime from Settings > Privacy Center
Right to access: Export all your local data as JSON from the Privacy Center
Data retention: Scan history auto-deletes after 90 days, alerts after 30 days
Age verification: Users must confirm they are 18 or older during onboarding

Data Retention

Scan History:Automatically deleted after 90 days
Threat Alerts:Automatically deleted after 30 days
Manual Deletion:Delete all data anytime from Settings > Privacy Center > Delete My Data

Deleting Your Data

Option 1:Go to Settings > Privacy Center > Delete My Data (removes all local data and server records)
Option 2:Uninstall the app (all local data is deleted with the app)

Third-Party Services

FraudShield uses Google ML Kit for on-device QR code scanning. ML Kit processes images entirely on your device and does not send camera data to Google servers. We do not integrate any analytics, advertising, or social media SDKs.

Children's Privacy

FraudShield is intended for users aged 18 and above. We do not knowingly collect data from children. An age verification gate is presented during onboarding.

Contact

Privacy questions or data requests? Contact our Data Protection Officer: privacy@cloudtrunk.tech

CloudTrunk Technologies Private Limited
India

Changes to This Policy

If we update this policy, we will update this page and notify users via the app. Continued use of the app after changes constitutes acceptance of the revised policy.