ForwardToSafety

Privacy Policy

Last updated: April 24, 2026

1. Introduction

ForwardToSafety (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our security analysis services, including email phishing detection, URL safety screening, website monitoring, browser extensions, and the ForwardToSafety — Email Safety Checker Outlook add-in.

Important: While we strive to provide accurate security analysis, no security service can guarantee 100% accuracy. Our analysis results, verdicts, and screening outcomes are informational assessments intended as one factor in your decision-making process, not safety endorsements.

2. Information We Collect

2.1 Email Content

When you forward an email to check@forwardtosafety.com, we receive and process the email content, including:

  • Email headers (sender, recipient, subject, timestamps)
  • Email body content (text and HTML)
  • Attachments (analyzed for threats but not permanently stored)
  • Embedded links and URLs

2.2 Account Information

For paying customers, we collect:

  • Email address
  • Billing information (processed securely by Authorize.net)
  • Usage statistics (number of emails analyzed)

2.3 URL Safety Screening Data

When you submit a URL for safety screening (including via the website, browser extension, bookmarklet, or API), we collect:

  • The URL submitted for checking
  • Your IP address (for rate limiting and abuse prevention)
  • Timestamp of the request
  • Screening results (domain age, SSL status, blocklist matches, threat feed results)

URL screening does not require an account. If you use URL screening without logging in, your submitted URLs are associated with your IP address only, not with any account or email address.

2.4 Automatically Collected Information

When you visit our website, we may collect standard web analytics data including IP address, browser type, pages visited, and referring URLs.

3. How We Use Your Information

We use the information we collect to:

  • Analyze forwarded emails for phishing threats
  • Screen submitted URLs for known threat indicators
  • Perform AI-powered deep analysis of URLs and emails (for authenticated users)
  • Monitor websites for ongoing safety (for authenticated users)
  • Send you analysis results via email
  • Enforce rate limits and prevent abuse of free screening services
  • Detect aggregate threat patterns and emerging campaigns from anonymized check data
  • Maintain and improve our detection algorithms
  • Process payments and manage subscriptions
  • Communicate service updates and security alerts
  • Comply with legal obligations

4. Email Analysis & Privacy

4.1 What We Analyze

When you forward an email to check@forwardtosafety.com, we analyze:

  • Email headers (sender, authentication records, routing information)
  • Email body content (to identify phishing patterns, urgency language, threats)
  • Links and URLs (to check for malicious destinations)
  • Attachments (if present, to identify malware signatures)

4.2 Outlook Add-in

When you use the ForwardToSafety — Email Safety Checker add-in for Microsoft Outlook, the add-in reads the content of the email you select for analysis, including headers, body, and attachments. This data is transmitted securely over HTTPS to our analysis service and processed identically to emails forwarded via check@forwardtosafety.com. The add-in does not access any other emails in your mailbox, does not modify your emails, and does not run in the background. It only processes the specific email you choose to submit.

4.3 What We Do Not Do

  • Read or access your personal emails beyond the specific message you choose to submit for analysis
  • Access your email account or inbox (you forward messages manually)
  • Share your forwarded emails with third parties (except as required by law)
  • Use your email content for marketing or advertising purposes
  • Sell your data to data brokers or advertisers

5. Data Retention

5.1 Analyzed Emails

Analyzed emails are retained for 90 days with full sender information so you can review your submission history. After 90 days, sender information is anonymized (removed or replaced with non-identifying values) and the email content is retained indefinitely in anonymized form for threat intelligence, detection improvement, and aggregate analysis. You will no longer be able to identify the original sender after anonymization.

5.2 Analysis Results

Verdicts, risk scores, and threat findings are retained indefinitely as part of our threat intelligence database. For the first 90 days, results are linked to your account for your reference. After 90 days, sender information is anonymized but analysis results remain available for service improvement and aggregate threat detection.

5.3 Account Data

Email address, billing information, and account settings are retained while your account is active. If you cancel your subscription or request account deletion, a 30-day cooling period begins during which you may cancel your request. After 30 days, your personal account data is permanently deleted, except where retention is required for legal, tax, or fraud prevention purposes. Previously analyzed emails that have already been anonymized (per Section 5.1) will remain in our threat intelligence database in anonymized form.

5.4 URL Screening Data

URLs submitted for screening, their results, and associated IP addresses are retained indefinitely for product testing, service improvement, threat detection, rate limiting, and abuse prevention.

5.5 Anonymized and Aggregate Data

We may retain anonymized and aggregate data indefinitely for testing, development, improving our detection algorithms, and identifying threat trends. This includes anonymized URL screening patterns (e.g., aggregate counts of checks against specific domains, without association to individual users or IP addresses). Anonymized data has all personally identifiable information removed and cannot be linked back to you.

5.6 Legal Holds and Preservation Requests

Notwithstanding the retention periods described above, we may retain data (including data that would otherwise be anonymized or deleted) for longer periods when required by law, court order, subpoena, regulatory investigation, or other valid legal process. We may also retain data at the request of a customer to support an internal investigation, litigation hold, or similar lawful purpose. In such cases, the data will be retained for as long as necessary to satisfy the legal obligation or customer request, after which normal retention schedules will resume.

5.7 System Backups

Encrypted system backups are created regularly for disaster recovery purposes. Personal data that has been anonymized or deleted per the schedules above may persist in these backups for a limited period. Backup data is stored securely and is only accessed in the event of a system recovery. Restored data will be re-processed to apply any pending anonymization or deletion obligations.

6. Data Sharing

We do not sell your personal information. We may share information with:

  • Service Providers: Third parties who assist in operating our service (payment processing, email delivery)
  • Threat Intelligence: Anonymized threat data may be shared with security research partners to improve industry-wide protection
  • Legal Requirements: When required by law or to protect our rights

7. Data Security

We implement industry-standard security measures including encryption in transit (TLS), secure data storage, and access controls. See our Security page for more details.

8. Your Privacy Rights

Depending on your location, you may have the following rights:

  • Access your data: Download your analysis history and account information
  • Delete your data: Request complete account and data deletion
  • Correct inaccurate data: Update your account information at any time
  • Opt-out of marketing emails: Unsubscribe from marketing communications anytime
  • Object to or restrict processing: Limit how we use your data
  • Data portability: Receive your data in a portable format

To exercise these rights, email privacy@forwardtosafety.com. We will respond to your request within 30 days.

9. Children's Privacy

Our service is not intended for children under 13. We do not knowingly collect personal information from children under 13.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

11. Contact Us

If you have questions about this Privacy Policy, please contact us at:
Email: privacy@forwardtosafety.com