Privacy & Data¶
ScamShield Nepal is built around one rule: your messages stay on your phone.
What never leaves your phone¶
- The full text of your SMS messages
- Your actual phone number, or the actual phone number of a sender
- Any messages you've marked as "Not a scam" or deleted
What may be sent — and only when needed¶
For messages your on-device AI isn't confident about (the "medium confidence" range — see How It Works), ScamShield sends a small metadata package to the cloud for a second opinion:
| Sent | Example | Not the same as |
|---|---|---|
| A one-way hash of the sender's number | a1b2c3d4… (64 characters) |
The actual phone number — cannot be reversed |
| Links found in the message | https://example.com |
The surrounding message text |
| Message length | 142 |
The message content |
| Whether the message uses Nepali script | true / false |
The message content |
| On-device confidence score | 0.71 |
— |
The server never stores message text — only the hashed sender, the final label, and a timestamp.
Phone number hashing¶
Sender numbers are converted using SHA-256, a one-way cryptographic hash. This means:
- The same number always produces the same hash, so repeat-offender numbers can be recognised
- The original number cannot be recovered from the hash
Correcting a result ("Not a scam")¶
If you mark a message as "Not a scam" in your Scam Inbox, ScamShield sends only:
- The message ID (a random local identifier)
- The hashed sender
- The corrected label (Safe) and the original label (e.g. Scam)
The message text is never included.
How long is data kept?¶
- On your device: flagged messages are automatically deleted after 90 days
- On the server: only hashed sender, label, and timestamp — no message content is ever stored
Full-text cloud analysis (opt-in only)¶
A future premium feature may offer full-text cloud analysis for even better accuracy. This will always be off by default and require your explicit opt-in.