Privacy Policy

Last Updated: April 4th, 2024

PhishingBox, LLC and its co-branded Affiliates (together, ” PhishingBox “, ” we “, ” our “, or ” us “) care about your privacy. Thank you for taking the time to read our privacy policy (” Privacy Policy “). This Privacy Policy covers all Personal Information processed by our websites and our services (collectively, the ” Service “). Our Service enables our Clients to, among other things, send and manage security awareness training campaigns to include simulated phishing emails and assign training courses. If our privacy practices for certain services differ from those explained in this Privacy Policy, we will let you know at the time we ask for or collect your information.


In this Privacy Policy, these terms have the following meanings:
  • Affiliate : An entity that directly or indirectly Controls, is Controlled by, or is under common Control with another entity.
  • Target : A person a Client may target through our Service. In other words, a Target is anyone on a Client’s Campaign List about whom a Client has given us information or is anyone who has otherwise interacted with a Client via the Service.
  • Control : Ownership, voting, or similar interest representing fifty percent (50%) or more of the total interests then outstanding of the entity in question. The term “Controlled” shall be construed accordingly.
  • Campaign List : A list of Targets a Client may upload or manage on our platform and all associated information related to those Targets (for example, email addresses).
  • Client : Any person or entity that is registered with us to use the Service.
  • Personal Information : Any information that’s about an individual. Examples include, but are not limited to, first and last name, date of birth, email address, gender, occupation, or anything else that identifies an individual.
  • Visitor : Any person who visits any of our websites, offices, or otherwise engages with us at our events or in connection with our marketing or recruitment activities.
  • you and your : Depending on the context, either a Client, a Target, or a Visitor.


Through our interactions, we may collect different kinds of Personal Information about you, which we have grouped together as follows:
  1. Information You Provide Us
    • Personal Identification Data : First and last name, email address, billing address, phone number, home country, Internet Protocol (IP) address, interests, or similar identifiers.
    • Transaction Data : Payment and transaction information such as credit/debit card number, billing address, and name.
    • Employment Related Data : Information about your Target, your business, and your title at your business.
    • Communication Data : Discussion with our customer support, other communications you send us, and contact preferences.
    • Account Data : Log-in credentials when you sign up for an account with us.
    • Marketing Data : Names, mailing addresses, and email addresses.
  2. Information Automatically Collected by Technology
    • Device Data : Hardware information, operating system, platform information, browser type, language information, viewfinder size, and browser plugin types.
    • Website Usage Data : Dates and times you access the Service and browsing activities (such as session duration, links clicked, and mouse movements).
    • Service Performance Data : Metrics related to the deliverability of emails and other communications sent through the Service.
  3. Information Collected from Third Parties
    • Personal or anonymized information from third-party companies that provide products and services used together with our Service, public databases, and joint marketing partners.
    • Information from social networking sites like Facebook, including name, username, location, gender, birth date, email address, profile picture, and public data for contacts.
  4. Aggregated Data
    • Aggregated statistical or demographic data. Aggregated Data could be derived from your Personal Information but is not considered Personal Information itself.


Your Personal Information is used for the purpose it was collected, such as responding to your inquiry or completing your transaction for our Service. In some cases, Personal Information is required to perform certain functions. We may process your personal data for the following reasons:
  • To bill and collect money owed to us by you to perform our contract with you for the use of the Service or where we have not entered into a contract with you, in accordance with our legitimate interests to operate and administer our Service.
  • To send you system alert messages in reliance on our legitimate interests in administering the Service and providing certain features.
  • To communicate with you about your account and provide customer support.
  • To enforce compliance with our Terms of Use and applicable law.
  • To provide, support, and improve the Service.
  • To provide suggestions and tailored features that optimize and personalize your experience.
  • To plan and manage our contractual relationships with our vendors and Clients.
  • To facilitate research and perform analysis.
  • To provide customer support.
  • To offer voluntary entry to our surveys, contests, sweepstakes, or other promotions.
  • To detect, prevent, and address technical issues and monitor website usage.
  • To address legal issues and comply with laws, regulations, court orders, or other legal processes.


We use different methods and sources to collect information from and about you, including:
  1. Direct Interactions: You may give us information by interacting with our website, communicating via email, or contacting us through social media.
  2. Third Party or Publicly Available Sources: Information about you from third parties, including analytics information to improve our website and Services.
  3. Technical and Communication Data from Third Parties: Information from third-party providers like X (formerly Twitter), Facebook, and Google Analytics.


We may disclose your contact information, communication information, usage information, and information from surveys to the following third parties:
  1. Our Corporate Affiliates: Our Affiliates and subsidiaries will use your information in a manner consistent with this Privacy Policy and applicable data privacy laws.
  2. Advertising Partners: We partner with third-party advertising networks, exchanges, and social media platforms to display advertising on the Service or to manage and serve our advertising on other sites.
  3. Subcontractors: Any subcontractors who assist us to operate or perform the Service are required to comply with applicable data privacy laws.
  4. Regulatory Entities: We will disclose your information if necessary to comply with any applicable law or legal process.
  5. Third Parties for Mergers: We may disclose your information in connection with mergers and reorganization.
We may also share your Personal Information with your consent or at your express request. We may share anonymized or Aggregated Data internally and with third parties for any purpose. We do not, under any circumstances, sell your Campaign Lists.


Our website may use automatic data collection technologies to distinguish you from other website users. This helps us deliver a better and more personalized experience when you browse our website. It also allows us to improve our website by enabling us to:
  • Estimate our audience size and usage patterns.
  • Store your preferences to customize our website according to your interests.
  • Recognize you when you return to our website.
The technologies we use for this automatic data collection include:
  • Cookies (or browser cookies): A small file placed on the hard drive of your computer.
  • Flash Cookies: Features of our website may use Flash cookies instead of browser cookies to collect and store information.
  • Web Beacons, Pixel Tags, Clear Gifs: Our website pages and emails may contain small transparent embedded images or objects known as web beacons.
You can block the collection and use of information related to you by advertising companies:
  • The NAI’s opt-out platform is available here.
  • The DAA’s opt-out platform is available here.
For more information about our use of cookies and other tracking technologies, please refer to our Cookie Policy.


Our Service includes links to other websites whose privacy policies may differ from this Privacy Policy. If you submit Personal Information to any of those sites, such information is subject to third-party privacy statements. We strongly encourage you to carefully read the privacy statement of any website you visit.


We will retain your Personal Information as reasonably necessary for the disclosed purpose. The retention periods for each category of Personal Information vary depending on compliance with relevant laws, your request for deletion, and our retention policies. Our retention periods are determined by the following criteria:
  • The volume, nature, and sensitivity of your information;
  • The potential risk of unauthorized access, use or disclosure, or misappropriation;
  • The purposes for which we process your Personal Information; and
  • The retention obligations under applicable legal requirements.


Our Service is not intended for children under 13 years of age. We will not knowingly solicit or collect Personal Information from children under 13, or the relevant minimum age under applicable local legal requirements, except as permitted under applicable law.


Your rights may vary depending on where you are located. We have created mechanisms to provide you with the following control over your information:
  1. Accessing, Updating, and Deleting your Information: You can contact us as set forth in the Contact Us section below to request access to, correction of, or deletion of Personal Information that you have provided to us.
  2. Cookies and Automatic Data Collection Technologies: You can set your browser to refuse all or some browser cookies or alert you when websites set or access cookies.
  3. EU-UK Residents: If you are in the European Economic Area, United Kingdom, or are otherwise subject to the General Data Protection Regulation, then this section of our Privacy Policy applies to you.

(i) Data Controller

The data controller of such processing is PhishingBox, LLC.

(ii) Additional information about data we collect about you

We do not collect any special categories of Personal Information about you.

(iii) Lawful basis

We will only use your Personal Information when the law allows us to.
  • Where we need to perform the contract we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party).
  • Where we need to comply with a legal obligation.

(iv) Your data subject rights

Data subjects have the right, at any time, to request access to, rectification, or erasure of their Personal Information.

(v) Data retention

We will only retain your Personal Information for as long as reasonably necessary.

(vi) Data protection authority

You have the right to complain to a data protection authority.
  1. International Transfers

(i) Transfer to the United States

We operate in the United States. Our primary servers and offices are located in the United States, so your information may be transferred, stored, or processed in the United States.

(ii) Clients in Switzerland, United Kingdom, and EEA

PhishingBox processes any Personal Information in compliance with the SCCs.

California Residents

This Privacy Notice for California Residents applies solely to all Visitors, users, and others who reside in the State of California (“consumer” or “you”).

(i) Information we collect

The information we collect and have collected about California residents in the last 12 months is described above.
A. IdentifiersA real name, alias, postal address, unique personal identifier, online identifier, IP address, email address, account name, or other contact information.YES
B. Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).A name, address, telephone number, credit card number, or debit card number.YES
C. Protected classification characteristics under California or federal law.Race, ethnicity, religious or philosophical beliefs, age, or sex (including gender).NO
D. Commercial informationRecords of products, services, or purchasing histories or tendencies.YES
E. Biometric informationGenetic, physiological, behavioral, and biological characteristics.NO
F. Internet or other similar network activityBrowsing history, search history, and information on consumer interaction with a website.YES
G. Geolocation dataPhysical location or movements, such as from user IP addresses.YES
H. Sensory dataAudio, electronic, visual, thermal, olfactory, or similar information.YES
I. Professional or employment-related informationCurrent job history or job title.YES
J. Non-public education informationEducation records directly related to a student maintained by an educational institution or party acting on its behalf.NO
K. Inferences drawn from other Personal InformationProfile reflecting a person’s preferences, characteristics, and attitudes.NO
L. Sensitive Personal InformationSocial security numbers, driver’s license, state Identification card, passport number, and financial account login information.NO

(ii) Use of Personal Information

In the last 12 months, we have used your Personal Information for the business and commercial purposes described above.

(iii) Disclosure of Personal Information

The business and commercial purposes that we have disclosed your Personal Information in the last 12 months are described above.

(iv) Your right to know

You have the right to request that we disclose certain information to you about our collection, use, disclosure, and sale/sharing of your Personal Information over the past 12 months.

(v) Your right to obtain a copy of your Personal Information

You have the right to obtain a copy of the specific pieces of Personal Information we collected about you.

(vi) Your right to delete your Personal Information

You have the right to request that we delete any of your Personal Information that we collected from you.

(vii) Your right to correct your Personal Information

If you think some of the Personal Information we have about you is incorrect, you have the right to request that we correct it.

(viii) Your right to opt-out of sale/sharing of your information

We do not sell our email lists or other Personal Information for money. However, we may share information with third parties in a way that is considered a “sale” under the CCPA.

(ix) How to exercise your CCPA rights

To exercise your rights, contact us via our webform or call us at 877-634-6847.

(x) How we verify requests and respond to requests

Before fulfilling your request, we take steps to verify your identity or authority.

(xi) Who may submit requests?

Only you, or someone legally authorized to act on your behalf, may make a request related to your Personal Information.

(xii) How often you can submit requests?

You may make a CCPA consumer request twice within a 12-month period.

(xiii) Response timing and format

We make every attempt to respond to a verifiable consumer request within forty-five (45) days of its receipt.

(xiv) Non-discrimination

We will not discriminate against you for exercising any of your CCPA rights.

(xv) Other California privacy rights

California’s “Shine the Light” law permits users to request certain information regarding our disclosure of Personal Information to third parties.

Nevada Residents

Nevada residents have the right to opt-out of the sale of certain “covered information”. We currently do not sell covered information.

Other Resident Consumer Rights

To exercise any other state-specific or country-specific consumer rights, please submit your consumer request to us at


The security of your Personal Information is very important to us. We use physical, electronic, and administrative safeguards designed to protect your Personal Information from loss, misuse, and unauthorized access.


Changes to this Privacy Policy will be posted on this site. PhishingBox reserves the right to update or modify this Privacy Policy at any time and without prior notice.


If you have any questions about this Privacy Policy or our use of your Personal Information, please contact us:
  • By mail: PhishingBox, LLC, Attn: Privacy Officer, 400 East Vine Street, Suite 301, Lexington, KY 40507
  • By email:
  • By phone: 877-634-6847

0148746.0757355 4863-4663-1333v3