Privacy Policy
PhishFortress Data Protection & Privacy Statement
Last Updated: February 2024
PhishFortress ("we", "our", or "us") operates the phishing simulation and detection platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
We are committed to protecting your privacy and ensuring transparent data practices. This policy applies to all data collected through PhishFortress, including account information, campaign data, user engagement metrics, and threat intelligence.
PhishFortress operates in compliance with:
- GDPR (General Data Protection Regulation) for EU residents
- CCPA/CPRA for California residents
- SOC 2 Type II certification requirements
- HIPAA standards for healthcare data where applicable
- Local and international data protection laws
Your Organization is the Data Controller. You determine the purposes and means of processing personal data in phishing simulations.
PhishFortress is the Data Processor. We process data on your behalf according to your instructions and this Privacy Policy. We execute a Data Processing Agreement (DPA) with all enterprise customers.
This Privacy Policy is designed specifically for PhishFortress security awareness platform. Your privacy is important to us.