PhishSight is a phishing investigation and triage platform that helps security teams investigate reported emails in minutes instead of hours. It works alongside your existing email security (Microsoft 365, Proofpoint, Mimecast) to give analysts faster verdicts.

We already have Proofpoint / Mimecast / Microsoft 365 — why do we need PhishSight?

PhishSight doesn't replace your email gateway. It picks up where your gateway leaves off — when employees report suspicious emails, PhishSight gives analysts a fast, consistent way to investigate and reach a verdict.

Yes! The Community plan is free forever for individual analysts. Starter and Professional plans add AI verdicts, team collaboration, dark web monitoring, and API access.

What ROI can we expect from PhishSight?

Most teams see ROI within the first month. By cutting triage time by 80%, a 5-analyst team typically saves $3,000-$6,000/month in analyst time alone.

Privacy Policy | PhishSight

1. Introduction

Phishsight ("Company," "we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our phishing email investigation and forensics platform (the "Service").

As a cybersecurity company, we understand the critical importance of data protection. We handle all data with the highest standards of security and confidentiality.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

Name and email address
Company/organization name (if applicable)
Password (encrypted)
Phone number (for Enterprise customers)
Billing information (processed by our payment provider)

2.2 Email Data for Analysis

When you upload emails for analysis, we process:

Email headers (sender, recipient, routing information)
Email body content and attachments
URLs and links contained in emails
Authentication data (SPF, DKIM, DMARC records)
Metadata associated with the email

2.3 Usage Data

We automatically collect:

Log data (IP address, browser type, pages visited)
Device information (device type, operating system)
Feature usage patterns and analytics
API usage statistics (for API customers)

3. How We Use Your Information

We use the collected information for the following purposes:

Service Delivery: To provide email analysis, threat detection, and investigation reports
AI/ML Improvement: To enhance our threat detection algorithms (using anonymized, aggregated data only)
Account Management: To manage your account, subscriptions, and billing
Communication: To send service updates, security alerts, and support responses
Security: To detect, prevent, and respond to fraud, abuse, or security incidents
Legal Compliance: To comply with applicable laws and legal processes
Product Development: To develop new features and improve existing ones

4. Information Sharing and Disclosure

We do not sell your personal information. We may share information only in the following circumstances:

4.1 Service Providers

We engage trusted third-party service providers who assist us in operating our business, including:

Cloud hosting providers (for infrastructure)
Payment processors (for billing)
Threat intelligence providers (for URL/domain analysis)
Email service providers (for transactional emails)

All service providers are contractually obligated to protect your data and use it only for specified purposes.

4.2 Legal Requirements

We may disclose information when required by law, subpoena, court order, or government request, or to protect our rights, safety, or property.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

5. Data Security

We implement comprehensive security measures to protect your data:

Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
Access Controls: Strict role-based access controls and multi-factor authentication
Infrastructure Security: Enterprise-grade cloud infrastructure with regular security audits
Monitoring: 24/7 security monitoring and intrusion detection
Incident Response: Documented incident response procedures
Employee Training: Regular security awareness training for all staff

6. Data Retention

We retain your data for the following periods:

Account Data: Retained while your account is active and for 30 days after deletion request
Analysis Data: Retained according to your subscription plan settings (configurable by Enterprise users)
Usage Logs: Retained for up to 12 months for security and analytics purposes
Billing Records: Retained as required by tax and accounting regulations

You can request deletion of your data at any time through your account settings or by contacting us.

7. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights:

Access: Request a copy of your personal data
Correction: Request correction of inaccurate or incomplete data
Deletion: Request deletion of your personal data
Portability: Request a portable copy of your data
Objection: Object to certain processing of your data
Restriction: Request restriction of processing
Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, please contact us at [email protected].

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for international transfers, including:

Standard Contractual Clauses approved by regulatory authorities
Data Processing Agreements with all service providers
Compliance with applicable data protection frameworks

9. Cookies and Tracking Technologies

We use cookies and similar technologies to:

Essential Cookies: Required for the Service to function properly
Authentication Cookies: To maintain your logged-in session
Analytics Cookies: To understand how users interact with our Service
Preference Cookies: To remember your settings and preferences

You can control cookie preferences through your browser settings. Note that disabling certain cookies may affect Service functionality.

10. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

Posting the updated policy on our website
Sending an email notification to registered users
Displaying a notice in the Service

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Phishsight Privacy Team
Email: [email protected]
General Inquiries: [email protected]

We aim to respond to all privacy-related inquiries within 30 days.

Privacy Policy