PhishShield Privacy Policy

Effective date: October 1, 2018

This Privacy Policy is meant to help you understand what information we collect, why we collect it, and how you can update, manage, export, and delete your information.

Information PhishShield Collects and Why

Information from web browsers

We collect the same basic information that most websites collect. We use common internet technologies, such as cookies and web server logs. This is stuff we collect from everybody, whether they have an account or not.

This information includes the visitor’s browser type, referring site, the date and time of each visitor request. We also collect potentially personally-identifying information like Internet Protocol (IP) addresses.

We collect this information to better understand how our website visitors use PhishShield, and to monitor and protect the security of the website.

Information from users with accounts

If you create an account, we require basic information at the time of account creation. You will create a password, set up your security image, and we will also ask for you email address. We limit what information we collect to what is necessary to operate PhishShield. Your email and password is used to authenticate your identity, and your security image is used so that you can verify email that is sent to you.

"User Personal Information" is any information about one of our users which could, alone or together with other information, personally identify him or her. User Personal Information includes Personal Data as defined in the General Data Protection Regulation.

Information PhishShield Does Not Collect

If you are a child under the age of 13, you may not have an account on PhishShield. PhishShield does not knowingly collect information from or direct any of our content specifically to children under 13. If we learn or have reason to suspect that you are a user who is under the age of 13, we will terminate your account.

How We Share the Information We Collect

We do not share, sell, rent, or trade User Personal Information with third parties for their commercial purposes, except where you have specifically told us to.

We do share User Personal Information with a limited number of third party vendors who process it on our behalf to provide or improve our service, and who have agreed to privacy restrictions similar to our own Privacy Policy. Our vendors perform services such as payment processing, customer support ticketing, network data transmission, and other similar services.

We do not share your security image with other users or third parties.

How You Can Manage the Information We Collect

You may access or update your user profile information from your user page at http://www.phishshield.com/u. You may also contact PhishShield support at http://www.phishshield.com/contact.

Data retention

PhishShield will retain User Personal Information for as long as your account is active or as needed to provide our services.

Cookies and Tracking

PhishShield uses cookies to ensure the funcionality of our service. We use cookies to keep you logged in and and to identify a device for security reasons. By using our website, you agree that we can place these types of cookies on your device.

We use the following cookies:

_phishshield_session This stores information about your current session and keeps you logged in to PhishShield.
_ps_uuid This is your uuid.
__stripe_mid, __stripe_sid These are used by our payment processor, Stripe.

How PhishShield Secures Your Information

PhishShield services are built with strong security features that continuously protect your information.

  • We use encryption to keep your data private while in transit.
  • We use up-to-date software to deliver our services and use industry recognized and vetted frameworks.
  • We review our information collection, storage, and processing practices, including physical security measures, to prevent unauthorized access to our systems.
  • We restrict access to personal information to PhishShield employees, contractors, and agents who need that information in order to process it. Anyone with this access is subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.

In the event of a data breach that affects your User Personal Information, we will act promptly to mitigate the impact of a breach and notify any affected users without undue delay.

Compelled Disclosure

PhishShield may disclose personally-identifying information or other information we collect about you to law enforcement in response to a valid subpoena, court order, warrant, or similar government order, or when we believe in good faith that disclosure is reasonably necessary to protect our property or rights, or those of third parties or the public at large.

In complying with court orders and similar legal processes, PhishShield strives for transparency. When permitted, we will make a reasonable effort to notify users of any disclosure of their information, unless we are prohibited by law or court order from doing so, or in rare, exigent circumstances.

Changes to this Policy

We change this Privacy Policy from time to time. We will not reduce your rights under this Privacy Policy without your explicit consent. We always indicate the date the last changes were published and we offer access to archived versions for your review. If changes are significant, we’ll provide a more prominent notice (including, for certain services, email notification of Privacy Policy changes).