SpamScope Privacy Policy

Last updated: 28 April 2026

SpamScope ("the Extension") is a Chrome extension that hides spam comments on YouTube and Instagram. This policy explains exactly what data the Extension processes, where it goes, and how long it lives. We collect the minimum needed to do one job: classify whether a comment is spam.

1. What the Extension reads

When you load a YouTube video page or an Instagram post / reel, the Extension's content script reads, from the page DOM only:

• The text of each visible comment and reply.
• The publicly displayed username/handle attached to that comment, when present.
• The platform the comment came from (youtube or instagram).

The Extension does not read your email, browsing history, cookies, authentication tokens, private messages, or any page outside of YouTube and Instagram. It does not interact with logged-in account APIs.

2. What is sent off your device

The text, username, and platform tag described above are sent over HTTPS to the SpamScope classification API at https://spam-detection-production-8552.up.railway.app/api/extension/classify. The server replies with a label (spam, maybe-spam, or clean) and a confidence score, which the Extension uses to hide or keep the comment.

No other identifiers are transmitted: not your IP-as-an-identity, not your Google account, not browser fingerprints, not cookies. The HTTP request itself naturally carries your IP address (any web request does), but it is never logged against the comment contents nor used to build a profile.

3. Sub-processors

The classification API forwards comment text to Hugging Face Inference (huggingface.co) to run the spam-detection model. Hugging Face acts as a stateless inference provider; comment text is sent for scoring and is not used by us to train models or stored beyond the duration of the request.

4. What is stored

• On your device only, via Chrome's storage.sync and storage.local APIs: your enable/disable preferences, your per-platform toggles, your "Mark as spam" list (hashed comment text only, no usernames), and a counter of how many comments have been hidden.
• On the SpamScope server: comment text is processed in memory to produce a verdict and is not persisted to any database. Aggregated, non-identifying request counts may be retained for up to 30 days for operational monitoring.

5. What we do NOT do

• We do not sell your data.
• We do not share your data with advertisers or analytics networks.
• We do not use your data to train any machine-learning model.
• We do not transfer data outside the purpose stated above.
• We do not run trackers, pixels, or third-party scripts inside the Extension.

6. Permissions, in plain terms

• storage — saves your settings and your manual spam list to your browser, locally and via Chrome sync.
• Host access to youtube.com and instagram.com — needed for the content script to read comments on those sites.
• Host access to spam-detection-production-8552.up.railway.app — needed for the Extension to ask the SpamScope API to classify a comment.

7. Children

SpamScope is not directed at children under 13. It does not knowingly collect data from them.

8. Changes

If we materially change what data the Extension processes, we will update this page and bump the "Last updated" date above. Continued use of the Extension after a change constitutes acceptance of the updated policy.

9. Contact

Questions, deletion requests, or security reports: yerbolat.mukan@globerce.capital.