Privacy Policy

  • Introduction
  • Information We Collect
  • How we use your information
  • Legal Basis For Processing
  • Data Storage and Retention
  • Data Sharing And Disclosure
  • Data Subject Rights
  • Security Measures
  • International Data Transfers
  • Cookies
  • Children's Privacy
  • Changes To This Policy

Effective Date: 6th April 2025
Company Number: 16167880
Registered Office: 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ
Contact Email: [email protected]

1. INTRODUCTION

This Privacy Policy describes how simUphish LTD (“simUphish”, “we”, “our”, or “us”) collects, uses, stores, shares, and protects personal data in connection with our services. simUphish LTD is a UK-based company registered under UK Companies House and is committed to ensuring the privacy and protection of all users’ personal data under the UK GDPR, DPA 2018, and other applicable privacy regulations.

2. INFORMATION WE COLLECT


We collect the following categories of data:

2.1 From Customers and Administrators:
– Name, email address, phone number, company name, job title
– Billing details, contract history
– Login credentials (hashed), authentication tokens
– Feedback, support tickets, and preferences

2.2 From End Users (employees being trained/simulated):
– Name, email, department
– Simulation performance and behavioral data
– Training progress and quiz scores
– IP address, device type, browser metadata (limited to legitimate risk profiling)

2.3 Automatically Collected:
– Log data from interactions with the platform (e.g., timestamps, session IDs)
– Platform usage analytics, navigation history

3. HOW WE USE YOUR INFORMATION

simUphish processes personal data strictly for the following purposes:
– To deliver phishing simulations and measure behavioral risk
– To personalize training content and report on performance
– To provide dashboards, alerts, and risk analytics
– To send reminders, notifications, and updates
– To detect, prevent, and respond to abuse or breaches
– To improve our services, develop new features, and ensure platform reliability

All processing is performed in accordance with the principle of data minimization.

5. DATA STORAGE AND RETENTION


– Data is stored securely in the UK and EEA on ISO 27001 and SOC 2-compliant infrastructure.
– Retention is determined by contract terms or 12 months after end of subscription, whichever is later.
– Customers may request early deletion or anonymization.

6. DATA SHARING AND DISCLOSURE


We do not sell personal data. We may share data:
– With subprocessors (e.g., hosting, analytics providers) under signed DPAs
– With law enforcement or authorities when legally required
– Within our corporate structure for business continuity

An up-to-date list of subprocessors is available upon request.

7. DATA SUBJECT RIGHTS


Under the UK GDPR, data subjects have the right to:
– Access their data
– Request rectification or deletion
– Object to processing or restrict it
– Request data portability
– Lodge a complaint with the Information Commissioner’s Office (ICO)

Requests can be made by emailing: [email protected]

8. SECURITY MEASURES


simUphish implements industry-leading security, including:
– End-to-end encryption for data in transit and at rest
– Multi-factor authentication and role-based access
– Regular vulnerability scanning and penetration testing
– Employee background checks and security training

9. INTERNATIONAL DATA TRANSFERS


Where data is transferred outside the UK/EEA, we use:
– UK IDTA or EU Standard Contractual Clauses
– Additional technical and organizational safeguards

10. COOKIES

We use strictly necessary, performance, and analytics cookies.
– Users may opt-in to non-essential cookies via banner.
– Cookie settings can be adjusted at any time.

11. CHILDREN’S PRIVACY


simUphish is not designed for or directed at children under 16. We do not knowingly collect personal data from minors.

12. CHANGES TO THIS POLICY


We may update this policy from time to time. Material changes will be communicated via email or in-app notification. The latest version will always be available at www.simuphish.com/privacy-policy. Reserved.