Learn how we keep your data secure
Phished keeps your data safe: learn how we do that
Our core values
Phished is a cybersecurity company and therefore confidentiality, integrity and availability of customers data is of paramount importance and the primary focus of our organization. Phished partners with some of the best cloud providers in the world to guarantee the best confidentiality, integrity and availability levels for our applications and customer data.
Information security that scales with you
Prevention
- Security education & awareness training for internal staff members
- Automated vulnerability scanning and private bug bounty program
Compliance
- Phished is ISO27001 certified
- Application hosted on SOC2 certified infrastructure
Cloud Infrastructure Security
- Network, perimeter and DNS protection by Cloudflare
- Application hosted by leading cloud providers in the EU (Google and Microsoft)
Customer Data Protection
- Encryption in-transit (TLS 1.2, TLS 1.3) and at-rest (AES-256)
- Logical tenant separation
Disaster Recovery & Data Backup
- Disaster Recovery scenarios annually tested
- Production databases are highly available with read-only replica’s and “Point In Time” restore enabled
Identity & Access Control
- Role-Based Access Control (RBAC) for our application and infrastructure access
- Multi-factor authentication is optional for our application and enforced for infrastructure access
Things you'll love
Additional resources
Download our security statement
Read our privacy policy
Read our cookie policy
Download our ISO 27001 certificate
General Data Protection Regulation (GDPR)
Here is some key information on how we securely store your data.
1. What we're storing
We store only necessary information, as collected by you.
2. How we're storing it
We encrypt your data both at rest and in transit, and our site and storage processes are designed for security (you can learn more on how we store your data further down this page).
3. Who can access it
We have extensive internal access controls and regulations for the usecure team, who only have access to data under limited conditions. You are able to restrict admin access to sensitive materials.
4. Our core standards
Our core compliance with the act means that:
- We have full awareness of where any of your data is being held & when outside of the EU, ensuring appropriate compliance is in place.
- We ensure that only those who require access to your data are able to & we have the highest level of protection against unauthorised access.
- We ensure you have the right to view, amend, export or delete any information that we hold on your behalf, including anything held by 3rd party services.
- We ensure that consent is given during the sign up process for all that use usecure and allowing you to withdraw at anytime.
Frequently asked questions
If you have other questions we’re happy to help you at [email protected]
How does Phished treat privacy?
Included in the Phished Academy, users can find an entire section dedicated to their personal profiles. They get an overview of the data we have collected and what we do with it. Through this platform they can exercise their privacy rights.
Can recipients unsubscribe themselves from the automated program?
In practice, this is possible if the administrator gives permission. However, we do not recommend this as organisations benefit from training as many of their employees as possible.
Is Phished GDPR compliant?
We were set up in April 2018, just before this regulation came into force. In other words, we have had the GDPR in place since day one. As a cybersecurity company, privacy and online safety are of paramount importance. We are 100% GDPR compliant.
Where does Phished store its data?
Currently, all data is stored on a Google Cloud server within the EEA (within Belgium). There is an option to store data in specific countries. This is the most secure way of working.
How does Phished process data?
We do not process personal data when we make automated decisions (such as determining who receives which simulation and when), so we are fully compliant with the GDPR legislation.