Privacy Policy.

At ShouldEye Trust Systems LLC (“ShouldEye”, “we”, “our”), we’re on a mission to make the internet safer and more transparent. That starts with being honest about how we handle your data.

This Privacy Policy explains what we collect, how we use it, who we share it with, and what rights you have as a user of ShouldEye.com and our related tools, games, and services (“Services”).

We collect personal, financial, and usage data to power ShouldEye’s trust tools and give you personalized protection. We may collect the following categories of information:

• Account Info: Email address, hashed password, and optional profile details. You may use a pseudonym (fake display name) instead of your real name.

• Financial & Email Data: If you connect your email or bank account via third-party services like Gmail, Outlook, or Plaid, ShouldEye scans for receipts, merchant names, transactions, and subscription activity to generate trust reports.

• Activity Data: Search history, trust reports generated, reviews (“experiences”) posted, gameplay, flags submitted, and other platform interactions.

• Device & Technical Data: IP address, device type, browser type, operating system, approximate location, cookies, and behavioral data.

• AI Interaction Data: Queries, prompts, search inputs, and responses generated within the platform. This data is used to provide AI-driven insights and may be used to improve system performance.

• Payment Info: If you purchase a paid plan or use premium tools, payment data is collected securely via third-party processors. ShouldEye does not store raw credit card numbers.

• Cookies & Tracking Technologies: We use cookies and similar technologies to maintain sessions, analyze usage, and personalize your experience. See the Cookies & Tracking section below for details.

We use collected information to:

• Provide, operate, and improve the ShouldEye platform and Services.

• Generate AI-driven insights, trust scores, risk alerts, and recommendations.

• Monitor for scams, dark patterns, and suspicious merchant behavior.

• Personalize your experience and recommendations (e.g., alerts, game XP, brand tracking, content suggestions).

• Process payments and manage subscriptions.

• Monitor platform performance, security, and fraud prevention.

• Conduct analytics, research, and system improvement.

• Deliver relevant content, offers, or recommendations, including affiliate or partner-based suggestions where applicable.

• Communicate with you via email (product updates, receipts, support).

• Comply with legal obligations and enforce our Terms of Use.

We do not sell your personal data. We may share necessary data with:

• Service providers and infrastructure partners who help us operate, maintain, and improve the platform.

• AI vendors who help analyze brands and behavior. Data shared with AI providers is subject to data processing agreements.

• Payment processors to handle billing (ShouldEye doesn’t store card details).

• Analytics providers (e.g., Google Analytics) to understand usage patterns and improve the Services.

• Affiliate networks and business partners for product recommendations, monetization, or rewards. Where data is shared for these purposes, it is limited to aggregated or non-identifying insights unless you have provided consent.

• Law enforcement, regulators, or legal authorities where required by law, court order, or to protect the rights, property, or safety of ShouldEye, our users, or the public.

Under certain privacy laws (e.g., CCPA/CPRA), sharing data with third parties for analytics or advertising purposes may be considered a "sale" or "share" even if no monetary exchange occurs. Where applicable, you have the right to opt out of such sharing. We do not engage in cross-site behavioral advertising.

ShouldEye uses artificial intelligence (AI), machine learning models, and automated systems to analyze behavior, evaluate companies, and generate trust scores, risk assessments, and recommendations. These systems may influence what warnings, scores, or content you see.

User inputs (such as queries, prompts, and search terms) may be processed by AI systems to:

• Generate responses, trust scores, and risk assessments;

• Improve system performance, accuracy, and relevance;

• Detect and prevent abuse, fraud, or manipulation.

While ShouldEye aims for high accuracy, we do not guarantee that AI-generated outputs are accurate, complete, current, or suitable for any specific purpose. All users should treat platform outputs as informational only and review findings critically. AI outputs do not constitute financial, legal, or professional advice.

We may use anonymized and aggregated user interactions (such as flags, gameplay patterns, query patterns, or review summaries) to train, refine, or evaluate the performance of our AI trust models, where permitted by applicable law.

No personally identifiable information is used for model training or refinement. Where AI model providers are used, data shared with them is subject to data processing agreements that prohibit use of your data for their own independent training purposes.

You retain full ownership of the content you submit (e.g., reviews/experiences, reports, flags). By submitting content, you grant ShouldEye a non-exclusive, royalty-free license to display, reproduce, and use your content in connection with our services, including on public company profiles.

User-submitted content (including reviews/experiences and flags) may be subject to moderation by ShouldEye staff or automated systems to prevent spam, abuse, or harmful behavior. Users may report content they believe violates our standards. We reserve the right to remove or hide content at our sole discretion.

If you use ShouldEye’s virtual card services, we collect transaction metadata (e.g., merchant name, amount, time, and category) to help you monitor spending, block scams, and manage trust-based spending behavior. We do not store full card numbers. All card services are handled through PCI-compliant third-party partners. You may pause, cancel, or manage cards anytime from your dashboard.

ShouldEye includes games and interactive trust-learning experiences (such as "Trust or Not") that award XP, streaks, badges, and leaderboard rankings. We may track your gameplay history, accuracy, and performance to personalize experiences or offer rewards. You can disable game-related notifications or emails in your settings.

If you install the ShouldEye browser extension, it may access visited URLs or page content to provide real-time trust scores, site warnings, or overlays. It does not collect or store unrelated browsing data. The extension can be disabled or removed at any time through your browser.

We retain personal data only as long as necessary to:

• Provide and operate the Services;

• Comply with legal, regulatory, and tax obligations;

• Resolve disputes and enforce agreements;

• Maintain security and prevent fraud.

Retention periods may vary depending on the nature of the data and the purpose for which it was collected. If you delete your account, we delete your personal data within 30 days unless legally required to retain it (e.g., financial records for tax purposes may be retained for up to 7 years). Aggregated or anonymized data that can no longer identify you may be retained indefinitely for analytics, research, or system improvement.

ShouldEye Trust Systems LLC is based in the United States, but we serve users worldwide. Your information may be processed and stored in the United States or other countries where our service providers operate, which may have different data protection laws than your jurisdiction.

Where required by applicable law (including GDPR), we implement appropriate safeguards to ensure your data receives an adequate level of protection during international transfers, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission;

• Adequacy decisions where applicable;

• Supplementary technical and organizational measures where required.

You may request information about the safeguards we use for international transfers by contacting privacy@shouldeye.com.

If ShouldEye receives legal requests (such as subpoenas or court orders) for user information, we review them carefully and only comply if legally obligated. If allowed, we will notify the affected user before disclosing any personal information.

All users have the following controls:

• You may use a pseudonym (fake display name).

• You can disconnect Gmail, Outlook, or bank access at any time.

• You can edit or delete your account in your profile settings.

• You may request full data deletion by emailing privacy@shouldeye.com.

Your Rights Under GDPR (EEA, UK, and Swiss Users):

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR) and equivalent local legislation:

• Right of Access — request confirmation of whether your personal data is being processed and obtain a copy;

• Right to Rectification — request correction of inaccurate or incomplete personal data;

• Right to Erasure — request deletion of your personal data, subject to applicable legal exceptions;

• Right to Restriction — request restriction of processing in certain circumstances;

• Right to Object — object to processing based on legitimate interests or for direct marketing;

• Right to Data Portability — receive your personal data in a structured, commonly used, and machine-readable format;

• Right to Withdraw Consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

Your Rights Under CCPA/CPRA (California Users):

California residents have the right to know what personal information is collected, request deletion, opt out of the sale or sharing of personal information, and not be discriminated against for exercising these rights. We do not sell personal data. To exercise your rights, contact privacy@shouldeye.com.

ShouldEye honors your rights under GDPR, CCPA/CPRA, and other applicable data protection laws. For full details, see our Data Rights Policy.

ShouldEye uses cookies and similar tracking technologies (including pixels, local storage, and session storage) to:

• Maintain user sessions and platform functionality (essential cookies);

• Analyze usage patterns and platform performance (analytics cookies);

• Personalize content, recommendations, and your dashboard experience (preference cookies).

We do not use cookies for cross-site behavioral advertising. We do not sell data collected through cookies.

You may control cookies through your browser settings or through our cookie consent mechanism where available. Please note that disabling certain cookies may affect the functionality of the Services. For full details on the specific cookies we use, their purposes, and how to manage them, please refer to our Cookie Policy.

We implement reasonable technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit (TLS) and at rest (AES-256 or equivalent);

• Hashed passwords using industry-standard algorithms;

• Role-based access controls and multi-factor authentication for internal systems;

• Regular security audits and monitoring.

However, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee absolute security of your data. We encourage you to use strong, unique passwords and to enable available security features on your account.

ShouldEye is not intended for individuals under the age of 18. We do not knowingly collect personal data from minors.

If we become aware that we have collected personal data from a person under 18 without appropriate parental or guardian consent, we will take steps to delete that data promptly. If you believe a minor has provided us with personal information, please contact us at privacy@shouldeye.com so we can investigate and remove it.

As part of ShouldEye’s gamified and community features, users may be eligible to receive gift cards, rewards, or other incentives by participating in certain actions (e.g., submitting verified experiences, winning leaderboard events, referrals, or promotional challenges).

• Eligibility: Rewards are determined at ShouldEye’s sole discretion and may require verification of activity. Not all actions are rewarded.

• Communication: We may contact users by email to facilitate reward delivery.

• Abuse Policy: Any manipulation, abuse, or spam intended to exploit rewards may result in disqualification and/or account suspension.

• Changes: ShouldEye may change or discontinue its reward programs at any time.

The ShouldEye platform may contain links to third-party websites, services, or applications that are not operated or controlled by ShouldEye Trust Systems LLC. These links are provided for your convenience and informational purposes.

We are not responsible for the privacy practices, content, or data handling of any third-party services. We encourage you to review the privacy policies of any third-party website or service before providing your personal information. Your interactions with third-party services are governed solely by their respective terms and privacy policies.

We may update this Privacy Policy as our services evolve. If major changes are made, we’ll notify you.

When we make material changes:

• We will notify you via email or in-product notification at least 7 days before the changes take effect;

• The updated policy will be posted on this page with a revised "Last Updated" date;

• Material changes will not retroactively reduce your rights without your consent.

Continued use of the Services after the effective date of an updated Privacy Policy constitutes your acceptance of the revised terms. The latest version is always available at shouldeye.com/privacy.

For questions, complaints, or data requests, contact:

ShouldEye Trust Systems LLC
General: hello@shouldeye.com
Data Rights & Privacy: privacy@shouldeye.com
Mailing Address: 1207 Delaware Ave STE 4904
Wilmington, DE 19806

We aim to respond to all privacy-related inquiries within 3 business days and to fulfill data rights requests within the timeframes required by applicable law.