Frequently Asked Questions

Got questions? We've got answers. Grab a cuppa and let's sort this out together.

Deepfake Detection

Q: How do I check if an image is a deepfake?

It's easier than making toast:

  1. Open the app
  2. Go to the Awareness tab
  3. Tap Check Image for Deepfakes
  4. Choose your image source: Camera, Gallery, or Share Sheet
  5. View the analysis results, including a confidence score and verdict

That suspicious photo of a celebrity endorsing crypto? Now you can check before you share.

Q: Can I check images without opening the app?

Yes — and this is the fastest way to do it! While browsing any social media app (Facebook, Instagram, WhatsApp, etc.), just:

  1. Tap the Share button on the image you want to check
  2. Select the Protect-Me app icon from the share menu
  3. The deepfake check runs instantly — no need to open the app first

This is especially handy when you spot a suspicious image in your feed or someone sends you a photo that doesn't look quite right. One tap to share, instant result.

Q: How many deepfake checks can I do?

Up to 25 checks per week. The limit resets every week — so you get a fresh batch regularly.

Q: What are the image requirements for deepfake checks?

Images must be under 7 MB and in one of these formats: JPEG, PNG, WebP, or GIF.

Most photos received via messaging apps (WhatsApp, Messenger, etc.) or saved from social media are already well within this limit. However, photos taken directly with modern smartphone cameras can be larger — especially on flagship devices shooting at high resolution (e.g., 50 MP or 200 MP modes can produce files of 20–60 MB).

If your image is too large, try one of these:

  • Screenshot the image instead of using the original — screenshots are typically under 1 MB
  • Use your phone's built-in photo editor to resize or crop before uploading
  • Take a screenshot and share the screenshot from your Photos — screenshots are typically under 1 MB, and this is the one simple flow that works for every app, including social media (Instagram, Facebook, TikTok) and video frames.

The app will let you know before uploading if an image exceeds the size limit, so you won't waste time waiting for an upload to fail.

Q: What does the deepfake confidence score mean?

Here's what each result means in plain English:

  • Appears Authentic — Looks real. No funny business detected.
  • Likely Authentic — Probably genuine, with only very minor flags.
  • Uncertain — We can't tell for sure. Treat with caution.
  • Probable Manipulation — Something's off. Signs of editing or face-swapping detected.
  • Likely Deepfake — Strong signs this was generated or manipulated by AI. Trust your gut (and our score).

Q: What types of image manipulation can you detect?

Our AI analyses images for signs of manipulation, including:

  • Face swap — Someone's face placed on another person's body
  • AI-generated images — Photos of people who don't actually exist (common in romance scams and fake endorsements)
  • Edited or doctored images — Parts of a real photo that have been altered or tampered with

This analysis is powered by AI and is designed to help you make informed decisions — no detection tool is 100% accurate. It's especially effective at catching the kinds of crude fakes commonly used in scams, such as fake celebrity endorsements or fraudulent profile photos.

Breach Monitoring

Q: Why is email monitoring important?

Your email address is the master key to your digital life. Think about it — almost every online account you have (banking, social media, utilities, shopping, work systems, government services) is registered to an email address. If someone gets access to your email, they can reset passwords and break into all of those accounts.

That's exactly why breached email addresses are the starting point for most scams. Criminals don't need to hack you directly — they buy stolen email and password combinations from data breaches and try them everywhere. This is why monitoring your email addresses for breaches is the single most important thing you can do to protect yourself online.

Q: What is a data breach?

A data breach happens when hackers steal information from a company. If you had an account with that company, your data may have been stolen. Some well-known examples:

BreachYearWhat Was Stolen
LinkedIn2012Emails, passwords
Adobe2013Emails, passwords, password hints
Dropbox2012Emails, passwords
Collection #1-52019Compiled from many breaches
Facebook2019Phone numbers, emails, names

Q: How often are my emails scanned for breaches?

Every 48 hours, automatically. You don't need to lift a finger — just go about your day and we'll tap you on the shoulder if something comes up.

Q: How many emails can I monitor?

Up to 3 emails total:

  • 1 primary email (your account email)
  • Up to 2 additional emails (work email, that old Hotmail from 2006... you know the one)

Q: How do I make the most of email breach checking?

Here's a simple routine to get a full picture of your breach exposure:

  1. Make a list of every email address you've ever used — active ones, work ones, and especially those old addresses you've almost forgotten about
  2. Check them 2 at a time — add or swap the 2 additional email fields on your dashboard, then pull down to refresh and trigger a breach check
  3. Be patient with the daily quota — there's a limit on manual checks (pull-to-refresh) each day, so if you have many email addresses, this exercise may take a few days. But it's mostly a one-time effort
  4. Screenshot your results — capture the breach results for each email as a personal record for future reference
  5. Build your awareness — after a few rounds of checking, you'll have an excellent understanding of which emails have been compromised and what data was exposed

Once you've checked all your emails, set your most important addresses (the ones linked to banking, work, or primary accounts) as your 3 monitored emails for automatic 48-hour scanning. Then focus on dealing with any breaches you've discovered — changing passwords, enabling two-factor authentication (2FA), and setting up a password manager.

Q: Can I change my primary email address?

No — your primary email is the email address you used to create your account, and it cannot be swapped for a different address. This is your login email and your main monitored address.

However, your 2 additional monitoring slots can be changed freely at any time. This is how you cycle through all your email addresses during the initial breach-checking exercise described above.

Q: Can I manually trigger an email scan?

Scanning runs automatically on its 48-hour schedule, which keeps things fair for everyone and our servers happy. You can also pull to refresh on your dashboard to trigger a check.

Q: Why do old breaches still matter?

Old breaches are actually MORE dangerous because:

  1. Password reuse — Most people used the same password everywhere back then
  2. Credential stuffing — Hackers try old passwords on new accounts automatically
  3. Recovery attacks — Old email addresses are often set as recovery emails for current accounts
  4. Accumulated data — Criminals combine data from multiple breaches to build profiles

Your LinkedIn password from 2012 might still unlock your email, your bank, or your streaming accounts — if you never changed it.

Q: My email is in breaches but I've never been hacked — should I worry?

Being in a breach doesn't mean your accounts were accessed. It means:

  1. A company you used was hacked
  2. Your data was exposed
  3. Criminals COULD try to use it

Think of it as: your house key was copied, but no one has tried the door yet. You should still change the locks (passwords).

Q: What do the risk score levels mean?

Think of a risk score like a traffic light for your digital safety. When we assess threats, we give a score from 0 to 100:

ScoreLevelWhat It Means
0-20SafeGreen light — no significant concerns found
21-40Low RiskMostly fine, minor concerns
41-60Medium RiskYellow light — proceed with caution
61-80High RiskOrange light — multiple red flags, likely dangerous
81-100CriticalRed light — almost certainly a scam or malware

The higher the number, the more dangerous something is.

Q: What do breach results like "credentials on dark web" mean?

FindingWhat It MeansWhat To Do
"Found in 3 breaches"Your email was in 3 hacked databasesChange passwords for those services
"Credentials on dark web"Hackers may have your passwordChange ALL passwords immediately
"Credential stuffing risk"Attackers are actively trying your credentialsEnable 2-factor authentication everywhere

Q: I got a low risk score but something still feels wrong

Trust your instincts! Our score is based on available data. If you weren't expecting the contact, they're asking for unusual information, or something just feels "off" — it's always better to verify independently. Call the company directly using a number from their official website.

Q: Why don't you check if my specific password was breached?

Because our security philosophy is simple: assume every password you've ever created is already out there.

Here's the thing — checking one password and getting an "all clear" gives you false comfort. Even if that particular password hasn't shown up in a known breach yet, it doesn't mean it's safe. And if you've used it on more than one site (we've all done it), it only takes one breach anywhere to put all those accounts at risk.

Instead of playing whack-a-mole with individual passwords, we recommend the approach that security professionals use themselves:

  • Use a password manager (such as Bitwarden, 1Password, or Apple Passwords) to generate and store a unique, random password for every account
  • Never reuse a password — not even a clever variation of one. Each account gets its own
  • Enable two-factor authentication (2FA) on every account that offers it — this is your strongest safety net
  • Stop trying to memorise passwords — that's your password manager's job now

The goal isn't to find out which password was stolen. The goal is to make it so that even if every password you ever created was stolen, none of them work anymore. That's real protection.

Scam Alert Comics

Q: How does Global Scam Alert work?

We monitor real-time scam activity across multiple regions and age groups worldwide. Twice a month, you receive a comic-style scam alert tailored to your profile — your region, age group, and preferred language.

Each comic features a friendly character who walks you through the latest scams targeting people like you, in your part of the world. We use comics because they make scam awareness memorable and shareable — you're far more likely to remember a visual story than a dry security bulletin, and you can easily share it with family and friends.

Behind the scenes, we research emerging scam trends for every region we cover, then generate and review each comic before delivery. The result: you stay informed about the scams most likely to affect you, delivered in a format that's easy to understand and act on.

Q: How often do I receive scam alert comics?

Twice a month — on the 2nd and 16th. Think of it as a little security check-in, like a friendly postcard that says "hey, watch out for this." You'll get a push notification when a new comic drops, and you can read it by opening the app.

Q: Can I change my comic profile?

Yes — and we encourage it!

The real value of choosing your age group and region is that you receive scam alerts most relevant to your demographic and location. A senior in Japan faces different scams than a young professional in Australia, and your comic reflects that.

But please feel free to change your profile to explore what's happening in other demographics and regions. This actually enhances your awareness — understanding the scams targeting your parents, your children, or people in other countries makes you better at spotting threats overall.

One small restriction: Profile changes are locked during the 48-hour update period before the 2nd and 16th of each month. This is the window when we update real-time scam situations for all regions and age groups covered by the app. Once the delivery date passes, you're free to change your profile again.

Q: What profile settings affect my comics?

Three things determine which comic lands in your app:

SettingWhat it meansExample
RegionWhere you are in the worldAustralia, Japan, Taiwan
CharacterWho stars in your comicSenior female, Young male
LanguageWhat language the comic is inEnglish, Japanese, Traditional Chinese

Q: Can I get comics in English even if I'm in a non-English region?

Absolutely! When setting up your profile, just choose:

  • Local Language — Comics in your region's native language
  • English — Comics in English, no matter where you are

This is handy if you're an expat, traveling, or simply prefer reading in English.

Q: What if I'm traveling to another region?

You can update your region in your profile settings. A few things to keep in mind, though:

  • Profile changes are locked 2 days before delivery dates (see above)
  • If it's a short trip, you might want to keep your home region — the scams back home don't take a holiday just because you did
  • Comics are tailored to scams common in each specific region, so switching gives you local intel

Q: The app says "No comic available"

This usually means one of these:

  • Your profile is incomplete — make sure you've set your region, character, and language
  • No approved comic exists yet for your specific profile combination

Head to Settings > Scam Alert Profile to make sure everything's filled in.

Q: Can I share the alert comic with my friends and family?

Yes! Simply scroll up a little on the comic and you'll see a Share button. Tap it to share the comic with your loved ones via messaging apps, email, or social media.

Q: I'm not receiving push notifications

Let's run through the checklist:

  1. Notifications are enabled in your device settings
  2. The app has notification permissions (your phone may have asked when you first installed)
  3. "Scam Alerts" is turned on in the app's Settings
  4. You have an active subscription or trial

If all four check out and you're still not getting notifications, reach out to support and we'll investigate.

Privacy & Security

Q: Is my email address stored securely?

Yes. All email addresses are hashed and encrypted before being stored. Your actual email address is never kept in plain text.

Additionally, your breach results, deepfake analysis results, and scam alert history are only stored on your mobile device — not on our servers. This means even in a worst-case scenario, there is very little of value to an attacker.

Q: Do you share my data with third parties?

We only share data with the trusted partners needed to run the service — and only the minimum each one needs. The one worth naming is Have I Been Pwned (HIBP), the public breach database we use to check your monitored emails — you can also check your own email there directly at haveibeenpwned.com. We never sell your personal data. Ever. Not even if someone offers us a really nice boat.

Q: What data do you collect?

Just the essentials:

  • Email addresses (encrypted)
  • Name (optional) — displayed on your profile only. You can use any name you like, including a nickname or pseudonym — it isn't used for any functional purpose and doesn't affect your service.
  • Device token for push notifications
  • Profile preferences (region, character, language) — these exist purely to tailor your comic experience. You can change them anytime to explore scams affecting other age groups or regions. Since you choose your own profile freely, these preferences carry no real privacy value to us — they don't identify you or reveal anything personal.

That's it. See our Privacy Policy for the full details.

Q: What are my data rights?

You're in control. Head to Settings > Account > Delete Account to delete everything. When you delete your account, everything goes — your encrypted email, your breach history, your preferences. Gone completely within 30 days.

Security & Rate Limits

Q: Why am I temporarily blocked from logging in?

Don't worry — this is us protecting you, not punishing you.

If too many failed login attempts come from your connection, we temporarily block that IP address for up to 60 minutes. This stops the bad guys from:

  • Brute force attacks — guessing your password over and over
  • Credential stuffing — trying leaked passwords from other sites
  • Automated bot attacks — robots with bad intentions
ActionLimitBlock Duration
Login/Auth attempts5 per minuteUp to 60 minutes

What should I do if I'm blocked?

  1. Take a break (maybe make that cuppa we mentioned earlier)
  2. Double-check you're using the correct email and password
  3. Try Forgot Password to reset if needed
  4. If you're sure something's wrong, contact support

A note about shared networks: This is per IP address. If you're on a shared network (office, library, coffee shop), other people's failed attempts could trigger the block for everyone. It's not personal — it's just how IP addresses work.

Account & Subscription

Q: How do I cancel my subscription?

Subscriptions are managed through your app store — we don't make you jump through hoops.

iOS:

  1. Open Settings > [Your Name] > Subscriptions
  2. Find Protect-Me
  3. Tap Cancel Subscription

Android:

  1. Open Google Play Store
  2. Tap Menu > Subscriptions
  3. Find Protect-Me
  4. Tap Cancel Subscription

No hard feelings. But we'll miss you.

Q: I had a subscription before, but the app says I'm not subscribed — what happened?

We're sorry for the disruption — let's get this sorted. This usually means the subscription on your Apple ID isn't linked to the account you're currently signed into inside the app. The most common causes:

  • You're signed into a different Apple ID now than when you originally subscribed. This often happens after switching between personal and work Apple IDs, or after restoring a device from an iCloud backup associated with a different Apple ID. The subscription is still anchored to the Apple ID that made the original purchase.
  • Shared Apple ID across devices. More than one person signs into the same Apple ID (for example, a family member's Apple ID used on a second device). One person's purchase doesn't automatically attach to another person's in-app account.
  • You deleted and recreated your in-app account. The original subscription is still anchored to your Apple ID, but the new in-app account can't claim it automatically.

You won't be charged twice while we sort this out, and your subscription isn't lost — it just needs to be transferred to the right account.

What to do: Email us at [email protected] with the subject line "Subscription transfer request" and include:

  • The Apple ID email used to make the original purchase
  • The approximate purchase date, if you remember it
  • The Apple transaction ID, if you can find it (Apple's purchase email has it, or open the App Store → tap your profile picture → Purchase History)
  • The email address of the account you're currently signed into in the app

We respond within 24–48 hours, and transfers are usually completed within one business day after we reply. While you wait, you keep any active trial or paid time you currently have.

Q: I tap Subscribe but Apple says "You're currently subscribed" — what now?

That message comes from Apple, not from us, and it means Apple sees an existing subscription tied to the Apple ID on your device. Two quick things to check:

  1. Open your iPhone Settings → tap your name → Subscriptions. Look for Protect-Me in the active list. If it's there and active, the subscription was made on a different in-app account — sign into the app using the email tied to that purchase, and you'll regain access.
  2. Make sure you're signed into the Apple ID you originally subscribed with. If you've switched Apple IDs since the purchase (personal vs work, restored from a different iCloud backup, etc.), Apple still anchors the subscription to the original Apple ID. Sign into that Apple ID, then open the app with the matching in-app account.

If neither check explains it, or you can see a Protect-Me subscription in Apple's list but can't get into the right account, follow the steps in "I had a subscription before, but the app says I'm not subscribed" above and email us. We'll get you back in.

Q: Can I delete my account?

Yes. Head to Settings > Account > Delete Account. Your data will be permanently removed within 30 days. We take "goodbye" seriously — when you say delete, we mean it.

Q: Why doesn't Protect-Me offer Apple or Google Sign-In?

By design. Here's why we chose email and password:

Your email is your shield. Protect-Me monitors your email addresses for data breaches. When you sign up with your real email, we can start protecting it immediately. Apple and Google sign-in can substitute your actual email with a private relay address or alias — which means we'd be monitoring a throwaway address instead of the one that's actually at risk.

No middlemen in your security. With email and password, your account belongs entirely to you. There's no dependency on Apple or Google's authentication systems — if they change their policies, have an outage, or you switch platforms, your Protect-Me account is unaffected.

One consistent experience. Every user goes through the same secure flow: sign up, verify your email, sign in. No surprises, no edge cases, no "which method did I use last time?"

Keep your password safe. Since your email and password are the only way into your account, treat them well:

  • Use a strong, unique password you don't use anywhere else
  • Consider storing it in a password manager
  • If you ever forget it, tap Forgot Password on the login screen — we'll send you a reset link

Contact & Support

Q: How do I contact support?

Email us at [email protected]. We're a small, dedicated team and we strive to resolve all technical related issues. Meanwhile, there is a self-service troubleshooting tool in the Settings menu which will be able to resolve most of the issues.

Q: I found a bug or have feedback

We'd love to hear from you! Please drop us a line at: [email protected]

Whether it's a bug report, a feature idea, or just a kind word — we appreciate the feedback.

Q: What if the app is completely down?

Service outages are our top priority. We have automated monitoring that alerts us when something goes wrong — often before users even notice.

Q: Who handles billing and refund questions?

Billing and refunds are handled directly by Apple or Google, since subscriptions go through the App Store or Play Store:

  • iOS: Settings > [Your Name] > Subscriptions, or contact Apple Support
  • Android: Google Play Store > Menu > Subscriptions, or contact Google Play Support

For questions about what you're paying for or why a feature isn't working, that's us — email [email protected].

Last updated: April 18, 2026