Privacy Policy

Last updated: March 1, 2026

1. Introduction

PhishIQ ("we," "our," or "us") operates the PhishIQ platform, which provides AI-powered phishing simulation and security awareness training services. This Privacy Policy describes how we collect, use, disclose, and protect information when you use our website, platform, and related services (collectively, the "Services").

By accessing or using our Services, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of our Services.

2. Information We Collect

2.1 Account Information

When you register for PhishIQ, we collect:

  • Name, email address, and job title
  • Organization name and size
  • Billing and payment information (processed by our payment provider)
  • Authentication credentials

2.2 Simulation Data

During phishing simulations, we collect interaction data such as email open events, link clicks, credential submission events (we do not store actual passwords entered during simulations), and training completion records. This data is used solely for security awareness reporting.

2.3 Usage Data

We automatically collect:

  • Browser type, operating system, and device information
  • IP address and approximate location
  • Pages visited and features used within the platform
  • Timestamps and session duration

3. How We Use Your Information

We use collected information to:

  • Deliver, maintain, and improve our phishing simulation and training Services
  • Generate security awareness reports and risk assessments for your organization
  • Send service-related communications (campaign notifications, reports, alerts)
  • Provide customer support and respond to inquiries
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations and enforce our Terms of Service

4. Data Sharing and Disclosure

We do not sell your personal information. We may share data with:

  • Your Organization: Administrators within your organization can access simulation results and training progress for users in their tenant.
  • Service Providers: Third-party vendors who assist in operating our platform (hosting, analytics, payment processing), bound by confidentiality agreements.
  • Legal Requirements: When required by law, court order, or governmental regulation.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with prior notice.

5. Data Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS 1.2+) and at rest (AES-256), role-based access controls, regular security audits, and infrastructure hosted on SOC 2 Type II compliant providers. While no method of transmission or storage is 100% secure, we strive to protect your information using commercially acceptable means.

6. Data Retention

We retain account and simulation data for the duration of your subscription plus 90 days. Anonymized and aggregated analytics data may be retained longer for product improvement. You may request deletion of your data at any time by contacting support@phishiq.io.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access, correct, or delete your personal data
  • Object to or restrict certain processing activities
  • Data portability (receive your data in a structured, machine-readable format)
  • Withdraw consent at any time where processing is based on consent
  • Lodge a complaint with your local data protection authority

To exercise any of these rights, contact us at support@phishiq.io.

8. Cookies and Tracking

We use essential cookies to maintain sessions and preferences. We use analytics cookies (with your consent where required) to understand usage patterns. You can manage cookie preferences through your browser settings. Our platform does not respond to Do Not Track signals.

9. International Data Transfers

Your data may be processed in countries outside your residence. We ensure appropriate safeguards (such as Standard Contractual Clauses) are in place for any international transfers in compliance with applicable data protection laws.

10. Children's Privacy

Our Services are not directed to individuals under 18. We do not knowingly collect personal information from children. If we become aware of such collection, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice on our platform at least 30 days before the changes take effect.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Email: support@phishiq.io