Security & Trust

Security is our foundation. We protect your organization with enterprise-grade controls, encryption, and continuous monitoring.

Enterprise-Grade Infrastructure

Built for resilience, performance, and data sovereignty.

  • Hosted on secure, compliant cloud infrastructure (India Region).
  • High-availability architecture designed for 99.9% uptime.
  • Automated redundancy and disaster recovery protocols.
  • Cloud-native design with isolated tenant environments.

Data Security & Privacy

Industry-standard encryption protects your data at every stage.

  • AES-256 encryption applied to all data at rest.
  • TLS 1.2+ encryption secures all data in transit.
  • Strict logical isolation ensures data separation between organizations.
  • Data residency fully compliant with local regulations.

Identity & Access Management

Granular controls ensure only authorized personnel access data.

  • Role-Based Access Control (RBAC) enforces least privilege.
  • Secure session management with automated time-outs.
  • Password security using industry-standard hashing algorithms (bcrypt).
  • Strict permission boundaries for administrative actions.

Secure Communications

Trusted delivery infrastructure for all simulation emails.

  • High-deliverability transport via enterprise-grade email providers.
  • Support for SPF, DKIM, and DMARC to prevent spoofing.
  • Isolated sending domains to protect organizational reputation.
  • Real-time monitoring for bounce and complaint rates.

Compliance & Monitoring

Continuous oversight and alignment with global standards.

  • Comprehensive audit trails for all sensitive system actions.
  • Real-time alerting systems for anomalous behavior.
  • Designed to align with ISO 27001 and SOC 2 security principles.
  • Regular internal security reviews and vulnerability assessments.

Responsible Disclosure

We are committed to working with the security community to verify and resolve potential vulnerabilities.

If you believe you have found a security issue, please report it to us responsibly.

Report an issue

Security questions, answered

Common questions from security and IT teams evaluating PhishSkill.

Where is PhishSkill data hosted?

PhishSkill runs on secure, compliant cloud infrastructure in the India region, using a high-availability architecture designed for 99.9% uptime with automated redundancy and disaster-recovery protocols.

Is my data encrypted?

Yes. All data is encrypted with AES-256 at rest and protected by TLS 1.2+ in transit, so it is secured both while stored and while moving across the network.

How is my organization's data kept separate from other customers?

Each customer runs in an isolated tenant environment with strict logical isolation, ensuring your organization's data is never mixed with another organization's.

How does PhishSkill control who can access data?

Access is governed by Role-Based Access Control (RBAC) enforcing least privilege, with secure session management and automated time-outs, password hashing using bcrypt, and strict permission boundaries around administrative actions.

How do you protect email deliverability and prevent spoofing?

PhishSkill supports SPF, DKIM, and DMARC to prevent spoofing, uses isolated sending domains to protect your organization's reputation, and monitors bounce and complaint rates in real time.

Which security standards does PhishSkill align with?

The platform is designed to align with ISO 27001 and SOC 2 security principles, backed by comprehensive audit trails for sensitive actions, real-time alerting for anomalous behaviour, and regular internal security reviews and vulnerability assessments.

How do I report a security vulnerability?

We welcome responsible disclosure. If you believe you have found a security issue, please report it to [email protected] and our team will work with you to verify and resolve it.

Built on Trust

Our security team is ready to answer any questions about our practices, data residency, or compliance alignment.

Contact Security Team