Privacy
SimuPhish processes only what is required to coach employees and report posture. We do not sell, share, or train third-party models on customer data.
This privacy notice describes the data SimuPhish collects, how we use it, and the controls customers and employees have over it. It applies across every SimuPhish product, SimuGPT, SimuHDR, SimuCast, and SimuShield, and our marketing site.
Customer-side: directory metadata (employee names, roles, manager, language preferences), drill-engagement events (clicked, reported, ignored), and helpline interactions. Marketing-side: only what you submit to a form. We do not run third-party analytics or advertising tags on simuphish.com.
Primary regions are AWS us-east-1 (Virginia) and eu-west-1 (Ireland). Enterprise customers can request EU-only, US-only, UAE-only, or India-only residency. Encryption: AES-256 at rest with KMS-managed keys, TLS 1.3 in transit.
Drill telemetry: as long as the customer agreement requires, default 24 months. Helpline interactions: 90 days. Marketing form submissions: 24 months unless you ask us to delete them sooner. On contract end, we delete customer data within 30 days, verifiably.
Access, correction, deletion, and portability requests are honoured within 30 days. Employees of SimuPhish customers can email contact@simuphish.com or contact their employer's security team. We support GDPR, UK GDPR, CCPA/CPRA, UAE PDPL, and Saudi PDPL DSARs.
Our current sub-processor list is published and updated 30 days before any change. Available on request from contact@simuphish.com.
Email contact@simuphish.com for any privacy or data-protection question. Our DPO is reachable at contact@simuphish.com.
Questions? Email contact@simuphish.com. The SimuPhish trust team replies within one business day.
Ready when you are
Two minutes to a quote. One business day to a real reply. No drip sequences. No per-seat list.
