Privacy Policy

At Phishy (operating under the domain phishy.io), we are committed to protecting your privacy and ensuring that your personal data is handled in a safe and responsible manner. This Privacy Policy explains how we collect, use, disclose, and safeguard information when we provide our phishing simulation and training services. By engaging with our services, you agree to the collection and use of information in accordance with this Privacy Policy.

Introduction

Phishy specializes in providing phishing simulation and security awareness training services. Our aim is to help organizations educate their employees about phishing threats by simulating realistic phishing attacks and then providing targeted educational content. We are dedicated to protecting the data that is entrusted to us and ensuring that our simulation practices respect privacy and data protection regulations.

Information We Collect

We collect and process personal and business information only as necessary for the provision and improvement of our services. This may include:

  • Contact Information: Business email addresses and related contact details provided by our clients.
  • Employee Information: Only the business email addresses of employees, as supplied by our customers.
  • Usage Data: Information about email interactions, simulation performance, and engagement with training materials.
  • Campaign Data: Details related to the simulation campaigns, including the source domains used and the campaign outcomes.

We do not collect or process any personal data beyond what is required to deliver our services and perform our analyses for training and simulation purposes.

How We Use Your Data

Your data is used exclusively to:

  • Run phishing simulation campaigns and awareness training.
  • Assess and report on the effectiveness of simulated phishing emails.
  • Provide educational content tailored to the campaign results.
  • Improve our services and simulation methodologies.
  • Ensure the security and integrity of our email campaigns.

All data processing is performed under strict internal controls and is compliant with applicable data protection laws.

Our Email Simulation Practices

  • Targeted Email Use: We only send simulation emails to business email addresses that have been provided by our clients. These emails are sent solely to the employees of our clients as part of our phishing awareness training programs.
  • Purpose of Emails: The emails are part of simulated phishing campaigns designed to evaluate and enhance employee awareness of phishing risks. They are not commercial or marketing communications.

Use of Multiple Domains for Simulation

  • Campaign-Specific Domains: Depending on the design and difficulty of a simulation campaign, we may send emails from a variety of domains. Simulation emails may also originate from domains selected to mirror real-world phishing scenarios.
  • Purpose of Domain Variation: This practice is solely to simulate a broad range of phishing tactics and to provide a more realistic training experience. The use of multiple domains does not indicate any affiliation with the owners of those domains outside of our simulation environment.
  • No Endorsement or Representation: Emails sent from these various domains are strictly for simulation purposes. Phishy does not represent or imply endorsement by the entities associated with these domains. They are used solely as tools in our training programs.

Data Retention and Security

  • Data Retention: We retain personal and campaign-related data only for as long as is necessary to fulfill the purposes outlined in this Privacy Policy or as required by applicable law.
  • Security Measures: We implement robust technical and organizational measures to safeguard the data we process. Access to personal data is limited to authorized personnel who require such access to perform their job functions related to our simulation and training services.

Your Rights

Depending on your jurisdiction, you may have rights regarding your personal data, including:

  • The right to access, correct, or delete your personal data.
  • The right to object to or restrict certain processing activities.
  • The right to data portability.
  • The right to rectification
  • The right to complain to a supervisory authority
  • The right to withdraw consent

If you wish to exercise any of these rights, please contact us using the details provided below. We will respond to your request in accordance with applicable law.

International Data Transfers

Our services may involve transferring data to servers located in different countries. In such cases, we take steps to ensure that your data is protected in accordance with this Privacy Policy and applicable data protection laws.

Cookies

We use Cookies to obtain information about the preferences of our Visitors and the services they select. We also use Cookies for security purposes to protect our Authorized Customers. For example, if an Authorized Customer is logged on and the site is unused for more than 10 minutes, we will automatically log the Authorized Customer off. Visitors who do not wish to have cookies placed on their computers should set their browsers to refuse cookies before using https://phishy.io , with the drawback that certain features of website may not function properly without the aid of cookies.

Google, as a third party vendor, uses cookies to serve ads on our Service.

Our service providers use cookies and those cookies may be stored on your computer when you visit our website.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time to reflect changes in our practices or legal requirements. When changes are made, we will update the Effective Date at the top of this document and notify our users as appropriate.

Compliance With Laws

Disclosure of Personally Identifiable Information to comply with the law. We will disclose Personally Identifiable Information in order to comply with a court order or subpoena or a request from a law enforcement agency to release information. We will also disclose Personally Identifiable Information when reasonably necessary to protect the safety of our Visitors and Authorized Customers.

Contact Us

If you have any questions about this Privacy Policy, please contact us at [email protected]

Last Updated: Feb 11, 2025

Elevate your team’s defense against cyber threats with Phishy’s interactive training and simulations, designed to fortify every click in the face of sophisticated phishing attacks.

Products

Resources

Contact

[email protected]

©2024 All Rights Reserved. Created with Phishy