Privacy & security
Learn how we keep your data secure
Phished keeps your data safe: learn how we do that
Prevention
Security education & awareness training for internal staff members
Automated vulnerability scanning and private bug bounty program
Compliance
Phished is ISO27001 certified
Cloud Infrastructure Security
Network, perimeter and DNS protection by Cloudflare
Customer Data Protection
Encryption in-transit (TLS 1.2, TLS 1.3) and at-rest (AES-256)
Logical tenant separation
Disaster Recovery & Data Backup
Identity & Access Control
Things you'll love
Download our security statement
Security statement
Read our privacy policy
Privacy policy
Read our cookie policy
Cookie policy
Download our ISO 27001 certificate
ISO Certificate
Here is some key information on how we securely store your data.
1. What we're storing
We store only necessary information, as collected by you.
2. How we're storing it
We encrypt your data both at rest and in transit, and our site and storage processes are designed for security (you can learn more on
how we store your data further down this page).
3. Who can access it
We have extensive internal access controls and regulations for the usecure team, who only have access to data under limited conditions.
You are able to restrict admin access to sensitive materials.
4. Our core standards
Our core compliance with the act means that:
We have full awareness of where any of your data is being held & when outside of the EU, ensuring appropriate compliance is in
place.
We ensure that only those who require access to your data are able to & we have the highest level of protection against unauthorised
access.
We ensure you have the right to view, amend, export or delete any information that we hold on your behalf, including anything held
by 3rd party services.
We ensure that consent is given during the sign up process for all that use usecure and allowing you to withdraw at anytime.
What compliance certifications does Phished have?
Phished has implemented and maintains one of the world’s best-known Information Security ManagementSystems ISO/IEC 27001. We are fully certified as compliant with this standard. Our certificate registration number is 30050399, valid from 27/09/2024 to 26/09/2027, with a Statement of Applicability dated 13/08/2024 (version 2.0).
In addition to ISO 27001, Phished holds an ISAE 3000 (SOC 2 Type II) report, a Cyber Essentials certificate, and operates
in compliance with ISO/IEC 27701, NIS2, and DORA requirements.
Phished is also fully GDPR compliant, ensuring that all data processing activities meet the strict requirements of the
General Data Protection Regulation. Furthermore, we apply industry best practices in areas such as data encryption,
access control, and secure development processes, ensuring the protection of customer data at all times.
Read more on our compliance webpage.
How does Phished treat user privacy?
Phished has implemented and maintains one of the world’s best-known Information Security ManagementSystems ISO/IEC 27001. We are fully certified as compliant with this standard. Our certificate registration number is 30050399, valid from 27/09/2024 to 26/09/2027, with a Statement of Applicability dated 13/08/2024 (version 2.0).
In addition to ISO 27001, Phished holds an ISAE 3000 (SOC 2 Type II) report, a Cyber Essentials certificate, and operates
in compliance with ISO/IEC 27701, NIS2, and DORA requirements.
Phished is also fully GDPR compliant, ensuring that all data processing activities meet the strict requirements of the
General Data Protection Regulation. Furthermore, we apply industry best practices in areas such as data encryption,
access control, and secure development processes, ensuring the protection of customer data at all times.
Read more on our compliance webpage.
How does Phished treat user privacy?
Phished has implemented and maintains one of the world’s best-known Information Security ManagementSystems ISO/IEC 27001. We are fully certified as compliant with this standard. Our certificate registration number is 30050399, valid from 27/09/2024 to 26/09/2027, with a Statement of Applicability dated 13/08/2024 (version 2.0).
In addition to ISO 27001, Phished holds an ISAE 3000 (SOC 2 Type II) report, a Cyber Essentials certificate, and operates
in compliance with ISO/IEC 27701, NIS2, and DORA requirements.
Phished is also fully GDPR compliant, ensuring that all data processing activities meet the strict requirements of the
General Data Protection Regulation. Furthermore, we apply industry best practices in areas such as data encryption,
access control, and secure development processes, ensuring the protection of customer data at all times.
Read more on our compliance webpage.
Does Phished perform audits or third party security reviews?
Phished has implemented and maintains one of the world’s best-known Information Security ManagementSystems ISO/IEC 27001. We are fully certified as compliant with this standard. Our certificate registration number is 30050399, valid from 27/09/2024 to 26/09/2027, with a Statement of Applicability dated 13/08/2024 (version 2.0).
In addition to ISO 27001, Phished holds an ISAE 3000 (SOC 2 Type II) report, a Cyber Essentials certificate, and operates
in compliance with ISO/IEC 27701, NIS2, and DORA requirements.
Phished is also fully GDPR compliant, ensuring that all data processing activities meet the strict requirements of the
General Data Protection Regulation. Furthermore, we apply industry best practices in areas such as data encryption,
access control, and secure development processes, ensuring the protection of customer data at all times.
Read more on our compliance webpage.
Where is user data stored?
Phished has implemented and maintains one of the world’s best-known Information Security ManagementSystems ISO/IEC 27001. We are fully certified as compliant with this standard. Our certificate registration number is 30050399, valid from 27/09/2024 to 26/09/2027, with a Statement of Applicability dated 13/08/2024 (version 2.0).
In addition to ISO 27001, Phished holds an ISAE 3000 (SOC 2 Type II) report, a Cyber Essentials certificate, and operates
in compliance with ISO/IEC 27701, NIS2, and DORA requirements.
Phished is also fully GDPR compliant, ensuring that all data processing activities meet the strict requirements of the
General Data Protection Regulation. Furthermore, we apply industry best practices in areas such as data encryption,
access control, and secure development processes, ensuring the protection of customer data at all times.
Read more on our compliance webpage.
How is the user data processed?
Phished has implemented and maintains one of the world’s best-known Information Security ManagementSystems ISO/IEC 27001. We are fully certified as compliant with this standard. Our certificate registration number is 30050399, valid from 27/09/2024 to 26/09/2027, with a Statement of Applicability dated 13/08/2024 (version 2.0).
In addition to ISO 27001, Phished holds an ISAE 3000 (SOC 2 Type II) report, a Cyber Essentials certificate, and operates
in compliance with ISO/IEC 27701, NIS2, and DORA requirements.
Phished is also fully GDPR compliant, ensuring that all data processing activities meet the strict requirements of the
General Data Protection Regulation. Furthermore, we apply industry best practices in areas such as data encryption,
access control, and secure development processes, ensuring the protection of customer data at all times.
Read more on our compliance webpage.
