Privacy & security

Learn how we keep your data secure

Our GDPR standards, security policies, testing and more.


Security AICPA SOC2

SOC certification

Application servers and data are stored at google data centers, which are, among others, SOC 1, SOC 2 and SOC 3 certified.

Security ISO 27001

ISO 27001-compliant facilities

Application servers and data are stored at google datacenters, which are, among others, ISO 27001, ISO 27017.

Security SHA256

SHA256 encryption

All personal data is stored in SHA256 encrypted databases with rotating keys and is inaccessible to non-authorised personnel.

Security Shield

3rd party penetration test

Security testing is done on a continuous basis with the help of certified ethical hackers.

General Data Protection Regulation (GDPR)

Here is some key information on how we securely store your data.

1. What we're storing

We store only necessary information, as collected by you.

2. How we're storing it

We encrypt your data both at rest and in transit, and our site and storage processes are designed for security (you can learn more on how we store your data further down this page).

3. Who can access it

We have extensive internal access controls and regulations for the usecure team, who only have access to data under limited conditions. You are able to restrict admin access to sensitive materials.

4. Our core standards

Our core compliance with the act means that:

  • We have full awareness of where any of your data is being held & when outside of the EU, ensuring appropriate compliance is in place.
  • We ensure that only those who require access to your data are able to & we have the highest level of protection against unauthorised access.
  • We ensure you have the right to view, amend, export or delete any information that we hold on your behalf, including anything held by 3rd party services.
  • We ensure that consent is given during the sign up process for all that use usecure and allowing you to withdraw at anytime.

Frequently asked questions

If you have other questions we’re happy to help 
you at

How does Phished treat privacy?

Included in the Phished Academy, users can find an entire section dedicated to their personal profiles. They get an overview of the data we have collected and what we do with it. Through this platform they can exercise their privacy rights.

Can recipients unsubscribe themselves from the automated program?

In practice, this is possible if the administrator gives permission. However, we do not recommend this as organisations benefit from training as many of their employees as possible.

Is Phished GDPR compliant?

We were set up in April 2018, just before this regulation came into force. In other words, we have had the GDPR in place since day one. As a cybersecurity company, privacy and online safety are of paramount importance. We are 100% GDPR compliant.

Where does Phished store its data?

Currently, all data is stored on a Google Cloud server within the EEA (within Belgium). There is an option to store data in specific countries. This is the most secure way of working.

How does Phished process data?

We do not process personal data when we make automated decisions (such as determining who receives which simulation and when), so we are fully compliant with the GDPR legislation.