Privacy & security

Learn how we keep your data secure

Phished keeps your data safe: learn how we do that

Our core values

Phished is a cybersecurity company and therefore confidentiality, integrity and availability of customers data is of paramount importance and the primary focus of our organization. Phished partners with some of the best cloud providers in the world to guarantee the best confidentiality, integrity and availability levels for our applications and customer data.

Cybersecurity 01 1
Pillars of our cybersecurity strategy

Information security that scales with you

Security Shield


  • Security education & awareness training for internal staff members
  • Automated vulnerability scanning and private bug bounty program
ISO SOC logos 27001


  • Phished is ISO27001 certified
  • Application hosted on SOC2 certified infrastructure
Icon navy Scalable

Cloud Infrastructure Security

  • Network, perimeter and DNS protection by Cloudflare
  • Application hosted by leading cloud providers in the EU (Google and Microsoft)
Feature block Personalisatie navy

Customer Data Protection

  • Encryption in-transit (TLS 1.2, TLS 1.3) and at-rest (AES-256)
  • Logical tenant separation
Feature block Automatisatie navy

Disaster Recovery & Data Backup

  • Disaster Recovery scenarios annually tested
  • Production databases are highly available with read-only replica’s and “Point In Time” restore enabled
Icon navy Self service platform

Identity & Access Control

  • Role-Based Access Control (RBAC) for our application and infrastructure access
  • Multi-factor authentication is optional for our application and enforced for infrastructure access

Things you'll love

Want to know more?

Additional resources

Download our security statement

Read our privacy policy

Read our cookie policy

Download our ISO 27001 certificate

General Data Protection Regulation (GDPR)

Here is some key information on how we securely store your data.

1. What we're storing

We store only necessary information, as collected by you.

2. How we're storing it

We encrypt your data both at rest and in transit, and our site and storage processes are designed for security (you can learn more on how we store your data further down this page).

3. Who can access it

We have extensive internal access controls and regulations for the usecure team, who only have access to data under limited conditions. You are able to restrict admin access to sensitive materials.

4. Our core standards

Our core compliance with the act means that:

  • We have full awareness of where any of your data is being held & when outside of the EU, ensuring appropriate compliance is in place.
  • We ensure that only those who require access to your data are able to & we have the highest level of protection against unauthorised access.
  • We ensure you have the right to view, amend, export or delete any information that we hold on your behalf, including anything held by 3rd party services.
  • We ensure that consent is given during the sign up process for all that use usecure and allowing you to withdraw at anytime.

Frequently asked questions

If you have other questions we’re happy to help you at [email protected]

How does Phished treat privacy?

Included in the Phished Academy, users can find an entire section dedicated to their personal profiles. They get an overview of the data we have collected and what we do with it. Through this platform they can exercise their privacy rights.

Can recipients unsubscribe themselves from the automated program?

In practice, this is possible if the administrator gives permission. However, we do not recommend this as organisations benefit from training as many of their employees as possible.

Is Phished GDPR compliant?

We were set up in April 2018, just before this regulation came into force. In other words, we have had the GDPR in place since day one. As a cybersecurity company, privacy and online safety are of paramount importance. We are 100% GDPR compliant.

Where does Phished store its data?

Currently, all data is stored on a Google Cloud server within the EEA (within Belgium). There is an option to store data in specific countries. This is the most secure way of working.

How does Phished process data?

We do not process personal data when we make automated decisions (such as determining who receives which simulation and when), so we are fully compliant with the GDPR legislation.