Privacy Policy
Last Updated: June 24, 2026
Vigilo helps users detect possible scams in email, text messages, and phone calls. This Privacy Policy explains what information we collect, how we use it, when we share it, how long we keep it, and the choices and rights available to users.
1. Who We Are
Vigilo is provided by Vigilo AH Services Inc., Ste 6 #285-2160 Highway 7 Vaughan ON L4K 4M3 Canada. In this Privacy Policy, "Vigilo," "we," "us," and "our" mean Vigilo Services Inc.
Privacy Contact: privacy@myvigilo.com
General Support Contact: support@myvigilo.com
Legal / Security Contact: legal@myvigilo.com
2. Who Can Use Vigilo
Vigilo is offered only to people who are 21 years of age or older. Vigilo is not directed to individuals under 21 years of age. People under 21 may not:
- create an account;
- use the service;
- be monitored through the service; or
- be enrolled through a family, caregiver, or business account.
Vigilo is offered in the United States and Canada, but not to residents of Quebec. We may also make Vigilo available in the United Kingdom and Europe on a later launch date. By using Vigilo, you represent that you are not a resident of Quebec and that your use of the service is lawful where you live.
3. What Vigilo Does
Vigilo helps identify possible scams in:
- supported email accounts;
- text messages; and
- incoming phone calls.
Vigilo may:
- scan up to 2,000 characters of supported emails using AI for scam-related language;
- scan text messages using AI for scam-related language;
- compare text-message sender numbers against known scam-number databases;
- compare incoming caller numbers against known scam-number databases; and
- generate alerts through the user's email experience, in-app interface, messages app, push notifications, or device notification area, depending on how the service is accessed.
Vigilo is designed to help users make better decisions, but it is not a guarantee that any message or call is safe or unsafe.
4. How Access and Permissions Work
Vigilo uses permissions and user authorizations to operate.
4.1 Email Access
Email access may occur through:
- browser login to a supported email account; and/or
- user login and permissions through a Vigilo web or mobile client.
4.2 Text and Phone Call Access
Text message and phone call features are authorized through the mobile app experience and the permissions a user grants on their mobile device.
4.3 Separate Consents
Vigilo requires user consent to operate. Consent is provided separately for email, text message and phone calls, and for alerts, marketing and cookie storage. Depending on the feature and platform, users may separately consent to:
- text-message scanning;
- phone-call number checking;
- push notifications or other alert channels;
- marketing communications; and
- cookies and similar technologies.
4.4 Authority to Monitor
You may only connect an account, device, or communications channel if:
- it is your own; or
- you have lawful authority and the required consent to do so.
For family, caregiver, and business uses, Vigilo requires that the adult data subject being monitored has consented to the monitoring and scanning features used with their account, device, or communications.
5. Information We Collect
We try to collect only the information reasonably needed to provide, secure, support, and improve Vigilo.
5.1 Account and Subscription Information
We may collect:
- name;
- email address;
- phone number;
- login and authentication details;
- subscription status;
- plan type;
- billing and transaction details;
- customer support communications; and
- account preferences and settings.
5.2 Email-Related Information
If you connect a supported email account, we may process:
- email content that is processed to provide the feature you enable, subject to Section 9A for Google API Services and Gmail data;
- sender information;
- time and date of the message;
- technical information needed to generate an alert; and
- the scam-risk result or classification.
5.3 Text-Message Information
If you enable text-message scanning, we may process:
- text-message content needed to provide the enabled feature;
- the sender's phone number;
- time and date of the message;
- technical information needed to generate an alert; and
- the scam-risk result or classification.
5.4 Phone-Call Information
If you enable phone-call protection, we may process:
- the incoming caller's phone number;
- time and date of the call;
- technical information needed to generate an alert; and
- the scam-risk result or classification.
5.5 Device, App, and Technical Information
We may collect technical information such as:
- device type;
- operating system;
- app version;
- IP address;
- logs;
- crash reports;
- diagnostics;
- API activity and security events; and
- information needed to authenticate users, deliver alerts, and protect the service.
5.6 Website, Cookie, and Advertising Data
If you use our website or web-based services, we and our vendors may collect information through cookies, pixels, SDKs, and similar tools, including:
- browser and device identifiers;
- IP address;
- pages viewed;
- actions taken on our website or app;
- referral information;
- ad campaign interactions; and
- analytics and attribution data.
Our current cookie and ad-tech service-provider categories may include:
- analytics providers;
- advertising and retargeting providers; and
- pixel, attribution, and measurement providers.
6. Sensitive Content and Data Minimization
Email and text-message content that Vigilo may process can sometimes include sensitive or highly personal information, such as financial, health, family, or account information. Because of that, users should understand that enabling scanning may involve the processing of limited or complete message content, depending on the feature, that could contain sensitive content. Google API Services and Gmail data are also subject to the additional restrictions described in Section 9A.
Vigilo is designed to minimize risk by:
- scanning only up to 2,000 characters of supported emails and the entirety of supported texts;
- not storing full email bodies as part of the service;
- not recording or storing call audio; and
- minimizing retention of personal information by storing only personal information that is reasonably needed for detection, alerts, and limited user-facing display.
We do not use the substance of your communications for advertising, and we do not use Google API Services or Gmail data for advertising or ad-tech purposes.
7. What We Do Not Collect or Retain
Vigilo is designed to avoid retaining the substance of communications beyond what is needed for processing, alerts, and limited user-facing display.
We do not:
- store full email messages;
- store full text messages;
- record phone calls;
- store call audio; or
- sell message substance.
We may temporarily process limited or complete communication content, depending on the feature, and related metadata to detect possible scams and deliver alerts. If a message is flagged, we may store a short excerpt of up to 100 characters for display to the user.
8. How We Use Information
We use personal information to:
- provide the Vigilo service;
- authenticate users and manage accounts;
- scan supported email content and text messages for scam-related language;
- check phone numbers against scam-number databases;
- generate alerts and notifications;
- process billing and subscriptions;
- provide customer support;
- maintain logs, security, and fraud prevention;
- improve the accuracy, safety, and performance of the service;
- analyze usage trends and service reliability;
- comply with legal obligations; and
- enforce our terms and protect users, our business, and others.
9. AI and Scam-Detection Providers
Vigilo uses AI providers and related processing providers, if any, for scam-language analysis.
- Our AI providers do not train on user data submitted through Vigilo for this service.
- Vigilo may use anonymized, non-PII data after initial processing to improve, train, test, and refine its own scam-detection tools, models, rules, workflows, analytics, and service quality, but not Google API Services or Gmail data.
9A. Google API Services and Gmail Data
If you connect a Gmail account or otherwise authorize access through Google API Services, Vigilo will access, use, store, and share Google API Services data only as needed to provide or improve user-facing features that are visible in and prominent to you, and only in accordance with applicable Google API Services requirements, including the Google API Services User Data Policy. Vigilo does not use Google API Services or Gmail data to develop, improve, or train generalized or non-personalized artificial intelligence or machine-learning models. Vigilo does not use Google API Services or Gmail data for advertising, marketing profiling, ad targeting, ad measurement, or other advertising or ad-tech purposes. Vigilo does not sell, share, or transfer Google API Services or Gmail data to third parties except as necessary to provide or secure the relevant user-facing feature, to comply with applicable law, or as part of a merger, acquisition, or sale of assets subject to applicable legal restrictions. Where Vigilo uses service providers in connection with Google API Services or Gmail data, those providers are permitted to receive and use that data only for the limited purposes of providing or securing the applicable user-facing feature on Vigilo's behalf and not for their own purposes. Human access to Google API Services or Gmail data is restricted to what is necessary for security purposes, to comply with applicable law, or with your affirmative agreement for support or troubleshooting. You can revoke Vigilo's access to your Google account at any time through your Google account permissions or by disconnecting the relevant integration through Vigilo where available. After disconnection or account deletion, Vigilo will stop new access to Google API Services data and will delete or de-identify stored Google API Services or Gmail data in accordance with this Privacy Policy, subject to ordinary backup cycling, legal retention requirements, and data needed for security, fraud prevention, or dispute resolution.
For scam-number checks, Vigilo uses scam-number database providers and related communications service providers. For that purpose, only phone numbers are queried or shared for scam-number matching.
AI-based and database-based scam detection is not perfect. Vigilo may:
- flag a legitimate communication as suspicious;
- fail to detect a scam;
- rely on scam-number data that is incomplete or outdated; or
- generate alerts that require user judgment.
10. Legal Bases for Processing
Where a legal basis is required, Vigilo relies primarily on:
- consent, including permissions and settings you choose for email, text, call, notification, cookie, and marketing features; and
- contract necessity, meaning processing needed to provide the subscription service you requested.
We may also process information where needed to:
- secure the service;
- prevent fraud or abuse;
- comply with legal obligations; and
- establish, exercise, or defend legal claims.
11. How We Share Information
We may share personal information with the following categories of recipients when reasonably necessary, subject to the additional limitations in Section 9A for Google API Services and Gmail data:
- cloud and hosting providers;
- AI providers and related processing providers;
- scam-number database providers and communications providers;
- payment processors, subscription management providers, app stores, platform payment providers, and digital wallet providers;
- analytics, advertising, retargeting, attribution, and measurement providers, but not for Google API Services or Gmail data;
- app store and platform providers;
- professional advisers, auditors, and insurers;
- law enforcement, regulators, courts, and other authorities when required by law; and
- parties involved in a merger, financing, acquisition, reorganization, or sale of assets.
We do not sell the substance of your emails, texts, or calls, and we do not sell or share Google API Services or Gmail data except as permitted and limited under Section 9A.
12. Third-Party Platforms and Services
Some Vigilo features rely on third-party platforms and services, such as email providers, mobile operating systems, app stores, payment processors, analytics providers, support providers, and communications vendors.
When you use those integrations:
- Vigilo is responsible for how we handle data within our service; and
- the relevant third party is responsible for its own systems, policies, and practices.
Your interaction with those services may also be subject to the terms, privacy disclosures, and platform rules of the provider involved. This does not reduce our responsibility for how we process data within Vigilo.
13. Cookies, Analytics, and Advertising Technology
We use cookies and similar tools to operate our website and digital services, understand usage, measure performance, and support marketing. This Section 13 does not apply to Google API Services or Gmail data, which are subject to Section 9A.
13.1 Categories of Cookies and Similar Technologies
We may use:
- strictly necessary technologies for login, session management, security, and fraud prevention;
- analytics technologies;
- advertising and retargeting technologies; and
- tools that help us understand conversion, attribution, and product performance.
13.2 California and Other U.S. Ad-Tech Disclosures
Although Vigilo does not sell message substance, some uses of cookies, pixels, or similar advertising technologies on our website or app may be considered a "sale" or "sharing" of personal information under California law or similar state laws when data is used for cross-context behavioral advertising. This does not include Google API Services or Gmail data.
We use a cookie banner and preference controls so users can manage non-essential cookies and similar technologies. Users should be able to:
- accept or reject non-essential cookies; and
- later update their cookie preferences.
Cookie Preferences: Cookie banner or myvigilo.com/cookies
13.3 Marketing Communications
We may send:
- service-related communications about your account, billing, alerts, security, or material changes; and
- marketing communications where permitted by law and where required consent has been obtained.
You can unsubscribe from marketing emails using the unsubscribe link in the message or through your account settings where available.
14. Retention and Deletion
We keep information for different periods depending on what it is and why it is needed.
14.1 Service Data
- User service data is retained while the account is active, subject to Section 9A for Google API Services and Gmail data.
- Personal data contained in limited or complete service content, depending on the feature, is processed only as needed for initial scam detection and related service functions, and we do not retain the full substance of communications except as otherwise described in this Privacy Policy, including short flagged excerpts displayed to the user.
- After anonymization, Vigilo may retain and use anonymized, non-PII data for service improvement, training, analytics, fraud prevention, and quality assurance, but not Google API Services or Gmail data.
14.2 Account and Business Records
We may retain account, billing, support, security, compliance, and business records for as long as reasonably needed for:
- providing the service;
- legal, tax, accounting, and audit purposes;
- dispute resolution;
- enforcing our agreements; and
- internal legal archive and business continuity needs.
14.3 Account Deletion
Users may request or perform account deletion through:
- the web application;
- the iOS app; and
- the Android app.
Account deletion is not processed by email as the standard deletion method. If you connected a Google account, you may also revoke Vigilo's access through your Google account permissions, as described in Section 9A.
When an account is deleted:
- active account data is deleted or deactivated in the ordinary course;
- retained data may remain in backups until those backups are overwritten through ordinary backup cycling; and
- records we reasonably need for legal, security, accounting, fraud prevention, or archival purposes may be retained for longer.
15. Security
We use reasonable safeguards designed to protect personal information, including additional access restrictions for Google API Services and Gmail data as described in Section 9A:
- industry-standard protocols;
- secure login controls;
- monitored and secure APIs;
- safeguards provided by secure third-party cloud providers; and
- internal security and operational controls designed to reduce unauthorized access.
No security solution is perfect, and no system can be guaranteed to be completely secure. We reduce risk in part by minimizing storage of communication substance wherever reasonably possible and by limiting human access to Google API Services and Gmail data as described in Section 9A.
16. Cross-Border Processing
Vigilo processes data in the United States.
If you are in Canada, your information may be collected in Canada and transferred to, stored in, or processed in the United States or other places where our providers operate. Those locations may have different legal rules or may permit access by courts, regulators, or law-enforcement authorities under applicable law.
By using Vigilo and enabling the relevant features, you understand that your information may be processed outside your home province or country, including in the United States.
17. Privacy Rights
Depending on where you live, you may have rights to:
- request access to personal information we hold about you;
- request correction of inaccurate information;
- request deletion of certain information;
- request a copy of certain information in a portable format;
- withdraw consent where processing is based on consent;
- opt out of certain advertising-related data uses where applicable; and
- make a complaint as permitted by applicable law.
To exercise a privacy right, contact us at: privacy@myvigilo.com
We may need to verify your identity before responding.
18. California Privacy Notice
This section applies to California residents to the extent California law applies.
18.1 Categories of Personal Information We Collect
Over the last 12 months, depending on how you use Vigilo, we may have collected the following categories of personal information:
Category
Examples
Identifiers
Name, email address, phone number, IP address, device or account identifiers
Customer records
Billing information, subscription details, support history
Internet or network activity
App and website interactions, logs, analytics, pages viewed
Geolocation data
Approximate location inferred from IP address or device settings where applicable
Audio / electronic information
Limited message snippets, metadata, alert history, technical signals
Commercial information
Subscription plan, payment status, transaction history
Sensitive personal information
Limited message snippets that may incidentally contain sensitive information
18.2 Sources of Personal Information
We collect personal information from:
- you directly;
- your connected devices and accounts;
- your use of our apps, website, and services;
- payment and platform providers;
- analytics and advertising partners; and
- service providers that help us operate Vigilo.
18.3 Business and Commercial Purposes
We collect and use personal information for the purposes described in this Privacy Policy, including to:
- provide and improve the service;
- process subscriptions and payments;
- protect users and the service from fraud and abuse;
- deliver alerts and notifications;
- maintain security and logs;
- perform analytics;
- market the service; and
- comply with law.
18.4 Disclosure to Third Parties
We may disclose the categories of information above to the categories of recipients described in Section 11.
18.5 Sale / Sharing
We do not sell message substance. However, some advertising and analytics technologies may involve disclosure of identifiers or online activity data in ways that could be considered selling or sharing under California law. This does not include Google API Services or Gmail data.
California residents may opt out of that activity by using our cookie banner, privacy controls, or any applicable Do Not Sell or Share My Personal Information mechanism.
Privacy Choices Link: Setting available on the cookie banner on our website, and also at myvigilo.com/cookies#do-not-sell. Vigilo also honours the GPC (Global Privacy Control) browser setting, and will not track web browsers that have that setting enabled.
18.6 Sensitive Personal Information
We do not use or disclose sensitive personal information for purposes that require a separate California right to limit use, except as reasonably necessary to provide requested services, maintain security, prevent fraud, or as otherwise permitted by law. Google API Services and Gmail data are also subject to the additional limitations in Section 9A.
18.7 California Rights
California residents may have the right to:
- know what personal information we collect, use, disclose, sell, or share;
- access specific pieces of personal information;
- request correction of inaccurate personal information;
- request deletion of personal information, subject to exceptions;
- receive information in a portable format; and
- opt out of sale or sharing for cross-context behavioral advertising.
California residents may also use an authorized agent where permitted by law. We may require verification of the resident and the agent's authority. We will not discriminate against you for exercising your privacy rights under applicable law.
19. Security Incident Notice
If we experience a security incident involving personal information, we may notify affected users and authorities when and as required by applicable law.
20. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will provide notice as required by law.
The updated version will show a revised Last Updated date.
21. Contact Us
For privacy questions or requests, contact:
For privacy questions or requests, contact: Vigilo Services Inc. Ste 6 #285-2160 Highway 7 Vaughan ON L4K 4M3 Privacy Email: privacy@myvigilo.com Support Email: support@myvigilo.com Legal / Security Email: legal@myvigilo.com