Privacy Policy

Last updated: January 16, 2026

Hi there! We are PhishSkill (“we”, “our”, or “us”), and we run the https://www.phishskill.com platform. We help organizations build top-notch security awareness through simulated phishing and training.

We know that privacy is super important. This policy is our way of explaining, in plain English, how we safely collect, use, and store information when you and your team use our platform.

1. Who is PhishSkill for?

PhishSkill is a business-to-business (B2B) tool. We built it specifically for companies to manage their own teams' security training.

  • When an organization signs up, they manage their own accounts using their official work emails.
  • If you're an employee, your company’s admin or manager creates and manages your account.
  • We never go out of our way to create or invite users—everything comes directly from your organization.

2. The Information We Collect

a. Account and Profile Basics

To make PhishSkill work for your team, we need a few basic details:

  • First name
  • Work email address
  • Department and position
  • Phone number (if your admin adds it)
  • Last name (optional)

We use this to run helpful phishing simulations, assign the right training, and help your organization track its progress.

b. How You Use the Platform

We also keep track of activity on the platform so your team can see how they're doing. This includes:

  • When users log in
  • Which training modules have been completed
  • How people interact with our simulated phishing emails (like opening an email, clicking a link, or reporting it)
  • Overall scores and metrics for your organization's reports

CREDENTIAL SAFETY GUARANTEE

We never store, log, or transmit any sensitive passwords or credentials entered during a phishing simulation. We only track that an action happened (like clicking 'submit' on a fake login page) so your organization can measure training progress. Any actual data entered is instantly thrown away.

c. Technical Under-the-Hood Data

Just to keep the lights on and the platform secure, we gather a few technical details quietly in the background:

  • The IP address you're accessing us from
  • Information about your browser and device
  • Basic system logs to help us squash bugs and monitor security

3. How We Use This Information

We use the information we collect strictly to make the platform work for you. That includes:

  • Running the PhishSkill platform smoothly
  • Sending out simulated phishing emails and training materials
  • Building helpful reports for your company’s admins
  • Keeping our systems secure and reliable

We never sell your personal data, and we don't use it for advertising. Ever.

4. Where We Store Data

We host PhishSkill using robust cloud infrastructure from DigitalOcean. Your organization's data is kept separate from everyone else's, and access is tightly controlled based on user roles (so only the right people can see the right things).

5. Who We Share Data With

We don't share your personal data with outside third parties, except for the essential services we use to keep the platform running (like our cloud host) or if we are legally required to do so by law enforcement.

6. Keeping Things Secure

We care deeply about security. We use strong safeguards, including strict access controls and tenant isolation, to protect your data. Of course, no system is perfectly invincible, but we do everything in our power to keep your information safe and sound.

7. Contact Us

Have some questions about privacy or how we handle your data? We'd love to hear from you. Feel free to reach out to us at:
Email: [email protected]

This Privacy Policy is here to give you peace of mind, and we'll keep it updated as the PhishSkill platform continues to grow.