Privacy Policy

Last Updated: February 26, 2026

Email Fraud Alert ("EFA", "we", "us", or "our") is operated by Baynac LLC. This Privacy Policy explains what information our Outlook add-in and browser extension (the "Service") process, how that information is used, and the choices available to you.

Plain language summary: EFA performs fraud analysis locally on your device. We do not collect, store, or transmit your email content, subject lines, attachments, or recipients. For reputation checks, EFA may transmit only a sender's registrable domain (e.g., example.com) over HTTPS to our reputation service.

1. Who we are

Data Controller: Baynac LLC, doing business as Email Fraud Alert.
Website: www.emailfraudalert.com
Contact: support@emailfraudalert.com

2. Information we process

2.1 Local email analysis

To detect potential fraud, EFA analyzes technical characteristics of the message within your mail client (for example: sender address, display name, reply‑to domain, header authentication results, URLs and attachments). This analysis happens locally on your device or within the Outlook runtime. We do not transmit email bodies, subjects, attachments, or recipients to our servers.

2.2 Domain reputation checks (optional)

When enabled, EFA may query our reputation service to assess sender risk. In doing so, the client transmits only the registrable domain (eTLD+1), e.g., example.com. We do not send full URLs, subdomains, paths, IP addresses, message headers, or any email content. Requests are sent over encrypted HTTPS. Limited, non-personal service telemetry (e.g., uptime metrics) may be collected by our edge provider.

2.3 Contacts (for lookalike detection)

With your permission, EFA may read your contacts (e.g., Microsoft 365 Outlook contacts) to compare incoming senders to known correspondents and detect lookalikes. This comparison is performed locally. Contact data never leaves your device and is never sent to our servers.

2.4 Account & billing (paid plans only)

If you subscribe to a paid plan, we collect your email address and billing details through our payment processor (Stripe). We do not store your full credit card number.

3. Information we do not collect

Email body/content
Subject lines
Attachments
Recipient names or addresses
Full URLs or paths (for reputation checks we use only the registrable domain)
Your contact list contents on our servers (contacts are processed locally only)
Browsing history or personal files

4. How we use information

To detect and warn you about potential email fraud locally
To check sender registrable domains against threat intelligence and domain‑age signals
To provide and support paid subscriptions (via Stripe)
To provide customer support
To improve detection quality using aggregated, non‑identifying usage metrics only (not email content or message metadata)

5. Data processing locations

Email analysis runs on your device/Outlook environment. Reputation checks (registrable domain only) are handled by our reputation service hosted with Cloudflare and/or our cloud provider. All communications use HTTPS/TLS.

6. Third‑party services

Cloudflare – secure delivery and reputation service hosting (requests contain only registrable domains). See Cloudflare's Privacy Policy.
Stripe – subscription and payment processing. See Stripe's Privacy Policy.
Microsoft Graph API – optional contact access for lookalike detection (processed locally). See Microsoft's Privacy Statement.

7. Security

We implement administrative, technical, and organizational measures appropriate to the nature of the limited data we process. Reputation queries are transmitted via HTTPS. Sensitive operations like billing are handled by audited third parties (e.g., Stripe). As with any software, no system is 100% secure; report issues to the contact below.

8. Data retention

We do not retain email content or message metadata. Reputation results may be cached on the client briefly to improve performance and are not associated with a user or message. Account and billing records are retained while your subscription is active and as required by law. We do not sell personal data.

9. Your rights & choices

Access/Deletion: You may request access to or deletion of your account/billing data by contacting support.
Revoke permissions: You can revoke the add‑in/extension's permissions (e.g., contact access) at any time in your Microsoft 365 settings.
Opt‑out: You may uninstall the add‑in/extension at any time.

10. Legal bases & regional disclosures

Where applicable (e.g., GDPR), our processing may rely on legitimate interests (fraud detection; service delivery), contract (paid subscriptions), and consent (optional permissions). For CCPA/CPRA, we do not "sell" or "share" personal information as defined by law.

11. Children's privacy

The Service is not directed to children under 13 (or the age of digital consent in your jurisdiction). We do not knowingly collect information from children.

12. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be indicated by updating the "Last Updated" date above and posting the revised policy at this URL.

13. Contact

Baynac LLC (Email Fraud Alert)
support@emailfraudalert.com
www.emailfraudalert.com