Privacy Policy

1. Introduction

dPhish is a cybersecurity company specializing in phishing detection, anti-phishing protection, phishing awareness, email security, threat intelligence, and related cybersecurity services. We are committed to protecting the privacy and personal data of all individuals who interact with our website, services, and communications — including enterprise customers, website visitors, prospects, partners, and job applicants.

This Privacy Policy describes how dPhish collects, uses, discloses, and safeguards personal information when you visit dphish.com (the "Website"), request a product demonstration, subscribe to communications, engage with our services, or otherwise interact with us. This Policy also explains your rights regarding your personal data and how to exercise them.

As a cybersecurity company, we hold ourselves to the highest standard of data handling and transparency. We process personal data only for the purposes described in this Policy and only to the extent necessary for those purposes.

By accessing or using our Website or services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please discontinue use of the Website and contact us with any questions.

1.1 Scope of This Policy

This Privacy Policy applies to:

• Personal data collected through the dPhish website at dphish.com and any affiliated subdomains;
• Personal data processed in connection with our commercial cybersecurity products and services;
• Information provided by individuals through contact forms, demo request forms, newsletter subscriptions, webinar and event registrations, customer support channels, and career application forms;
• Technical and usage data collected automatically through cookies, analytics tools, and similar technologies; and
• Information received from business partners and third-party sources in connection with our services.

2. Information We Collect

dPhish collects personal information in several ways: directly from individuals who voluntarily provide it, automatically through technical means when visiting the Website, and in limited cases from third-party sources. We collect only the information necessary to fulfill the purposes described in this Policy.

2.1 Information You Voluntarily Provide

We collect personal information that you actively submit to us through the following channels:

Contact and Inquiry Forms

• Full name and business title
• Business email address
• Company or organization name
• Phone number (if provided)
• Country and region
• Content of your inquiry or message

Demo Request Forms

• Full name and job title
• Business email address
• Organization name and size
• Industry sector

Newsletter Subscriptions

• Full name and job title
• Business email address
• Country and region

Webinar and Event Registrations

• Business email address

Customer Support Requests

• Name and contact details
• Organization and account information
• Technical details related to the support issue
• Communication history and correspondence

Career Application Forms

• Full name and contact details (email, phone, address)
• CV/résumé and cover letter
• Employment history, qualifications, and skills
• Right to work information and eligibility
• Preferences regarding role, location, and compensation
• References (where provided)

2.2 Business Contact Information

In the course of commercial activities — including sales outreach, partnership discussions, and contract management — we may collect and process professional contact details of individuals acting in their business capacity, including:

• Name, job title, and department
• Business email address and telephone number
• Business address
• LinkedIn profile or professional social media details (if voluntarily shared)
• Procurement and billing contact details

Such business contact information is processed in the context of legitimate commercial relationships and is not subject to the same constraints as consumer personal data in most jurisdictions.

2.3 Technical and Device Information

When you access the Website, we automatically collect certain technical information about your device and browser, including:

• IP address (which may be truncated or anonymized)
• Browser type, version, and language settings
• Operating system and device type
• Screen resolution and display settings
• Time zone and locale settings
• Referring URL and navigation path

2.4 Log Data and Website Usage Information

Our web servers and analytics infrastructure collect log data each time you visit the Website, including date and time of access, pages viewed, links clicked, files downloaded, search queries, and HTTP response codes. Log data is used primarily for security monitoring, fraud prevention, abuse detection, and operational troubleshooting.

2.5 Cookies and Analytics Information

We use cookies, pixel tags, web beacons, and similar tracking technologies to collect information about how visitors interact with the Website. Please refer to Section 4 (Cookies and Tracking Technologies) for a full description.

2.6 Information from Third-Party Sources

In limited circumstances, we may receive information about you from business data enrichment services, marketing and analytics partners, event co-hosts, and publicly available professional sources. We handle third-party sourced data in accordance with this Policy and applicable data protection requirements.

3. How We Use Your Information

dPhish uses personal information for specific, legitimate purposes that are consistent with the context in which it was collected. We do not use personal data for undisclosed purposes or in ways incompatible with the purposes stated at the time of collection.

3.1 Responding to Inquiries and Demo Requests

We use contact and inquiry information to respond to your messages, answer questions about our products and services, schedule and conduct product demonstrations, and provide you with relevant materials.

3.2 Delivering Products and Services

For customers under contract, we process personal data necessary to provision and maintain our cybersecurity services, including phishing simulation platforms, email security tools, threat intelligence feeds, and awareness training programs.

3.3 Customer Support

We use support request data to diagnose and resolve technical issues, respond to queries, track service-related communications, and improve the quality and reliability of our products. Support interactions may be logged for quality assurance and training purposes.

3.4 Security Monitoring and Fraud Prevention

We use technical data, log data, and IP address information to detect and prevent unauthorized access, cyberattacks, phishing attempts, scraping, fraud, and other malicious activity targeting our infrastructure. This processing is a core operational requirement and constitutes a legitimate interest of dPhish.

3.5 Threat Detection and Cybersecurity Operations

To the extent our own operational security involves processing personal data — for example, email metadata in a demonstration environment — such processing is conducted under strict data minimization and purpose limitation principles.

3.6 Marketing Communications

With your consent or where otherwise permitted by applicable law, we may contact you with information about our services, cybersecurity insights, industry reports, upcoming webinars, and company news. You may opt out of marketing communications at any time by clicking the unsubscribe link in any email or by contacting us directly.

We do not send unsolicited bulk commercial email (spam). All marketing emails include a clear identification of the sender, a physical address, and a functional opt-out mechanism.

3.7 Service Improvement and Analytics

We analyze usage patterns and Website interaction data to understand which content and features are most valuable, improve user experience, optimize Website performance, and develop new services. Where analytics rely on personal data, we seek to use aggregated or anonymized data wherever practicable.

3.8 Webinars, Events, and Communications

Registration information for webinars and events is used to manage attendance, send logistical information, provide access credentials, and follow up with post-event resources.

3.9 Recruitment and Hiring

Career application data is used exclusively to evaluate suitability for the role applied for, communicate with candidates, conduct appropriate background checks where required, and fulfill legal employment-related obligations.

3.10 Legal and Regulatory Compliance

We process personal data where necessary to comply with applicable legal obligations, including data protection laws, employment regulations, tax requirements, export control laws, court orders, and other binding legal or regulatory requirements.

4. Cookies and Tracking Technologies

dPhish uses cookies and similar technologies (including pixels, web beacons, and local storage) on our Website.

4.1 What Are Cookies?

Cookies are small text files placed on your device when you visit a website. They allow the website to recognize your browser on subsequent visits and remember certain information about your preferences and behavior. Cookies may be "first-party" (set by dPhish directly) or "third-party" (set by external services we use).

4.2 Types of Cookies We Use

Strictly Necessary Cookies — Essential for the Website to function correctly. They enable core features such as session management, security, and load balancing. These cookies do not require consent under applicable law.

Functional Cookies — Allow the Website to remember your preferences and settings to provide a more personalized and consistent experience.

Analytics Cookies — We use analytics cookies to collect aggregated and, where applicable, anonymized information about how visitors use our Website. We currently use Google Analytics for this purpose.

Marketing and Targeting Cookies — With your consent, we may use marketing cookies to track your visits to the Website and serve relevant content and advertising. Marketing cookies are only placed with your prior consent.

4.3 Cookie Retention Periods

Session cookies are temporary and expire when you close your browser. Persistent cookies remain on your device for a defined period, typically ranging from 30 days to 24 months, depending on the function.

4.4 Managing Cookie Preferences

• Cookie Consent Manager: Use the consent banner on our Website to select or deselect cookie categories.
• Browser Settings: Most browsers allow you to block or delete cookies through your privacy or security settings.
• Google Analytics Opt-out: Available at tools.google.com/dlpage/gaoptout.
• Do Not Track (DNT): We honor browser-level Do Not Track signals to the extent technically feasible and legally required.

5. Information Sharing and Disclosure

dPhish does not sell, rent, or trade personal information to third parties for their own commercial purposes. We share personal data only in the limited circumstances described below and always under appropriate contractual and technical safeguards.

5.1 Service Providers and Vendors

We engage carefully selected third-party service providers who process personal data on our behalf under strict contractual terms, including:

• Cloud hosting and infrastructure providers;
• Customer relationship management (CRM) platforms;
• Email marketing and marketing automation services;
• Website analytics providers;
• Customer support and helpdesk platforms;
• Video conferencing and webinar platforms;
• Recruitment and applicant tracking systems;
• Billing and payment processors;
• Legal, accounting, and professional advisory services.

5.2 Cloud Hosting Providers

dPhish's Website and operational infrastructure are hosted with reputable, industry-certified cloud infrastructure providers. These providers process data in secure, certified data centers and are contractually bound to process data only on our instructions.

5.3 Analytics Providers

We use analytics platforms such as Google Analytics to analyze Website traffic and usage. We have configured such tools to minimize data collection and, where possible, to anonymize IP addresses.

5.4 Marketing Platforms

With your consent, we may share contact and engagement data with marketing platforms to facilitate email campaigns, advertising, and lead management.

5.5 Legal Authorities

We may disclose personal data to law enforcement agencies, courts, regulators, or government authorities where required by applicable law, court order, or where disclosure is necessary to protect the rights, property, or safety of dPhish, our customers, or the public.

5.6 Business Transactions

In the event of a merger, acquisition, corporate restructuring, or similar business transaction, personal data held by dPhish may be transferred to the relevant third party, subject to equivalent privacy protections.

5.7 Professional Advisors

We may disclose personal data to our legal counsel, auditors, and other professional advisors where necessary for the provision of their services, under obligations of confidentiality.

5.8 No Sale of Personal Information

6. Data Security

As a cybersecurity company, security is at the core of everything we do. We implement comprehensive organizational and technical measures designed to protect personal data against unauthorized access, disclosure, alteration, loss, or destruction.

6.1 Technical Safeguards

• Encryption of data in transit using industry-standard TLS protocols;
• Encryption of sensitive data at rest;
• Multi-factor authentication (MFA) for access to systems containing personal data;
• Role-based access controls and least-privilege principles;
• Network segmentation and firewall protection;
• Regular vulnerability assessments and penetration testing;
• Security monitoring, intrusion detection, and alerting systems;
• Secure software development practices and code review processes.

6.2 Organizational Safeguards

• Data protection training for all personnel who process personal data;
• Confidentiality obligations for employees and contractors;
• Documented security policies and incident response procedures;
• Vendor security assessments prior to engagement with sub-processors;
• Regular internal audits and security reviews;
• Appointment of a designated privacy and security point of contact.

6.3 Security Incidents

In the event of a personal data breach, dPhish will comply with its notification obligations under applicable data protection law, including notifying the relevant supervisory authority within 72 hours where required under GDPR, and notifying affected individuals where the breach is likely to result in a high risk to their rights and freedoms.

7. Data Retention

dPhish retains personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law, regulation, or contract.

7.1 Retention Principles

• Purpose Limitation: Data is retained only for the duration necessary to achieve the specified purpose of collection.
• Legal and Regulatory Requirements: Certain data must be retained for defined periods under applicable law.
• Contractual Obligations: Data related to customer contracts may be retained for the duration of the contractual relationship and for a reasonable period thereafter.
• Dispute Resolution: We may retain data for longer periods where necessary to establish, exercise, or defend legal claims.

7.2 Indicative Retention Periods

• Contact and inquiry forms: Up to 24 months from last interaction, unless a commercial relationship develops.
• Customer account data: Duration of the contract plus up to 7 years thereafter for legal compliance.
• Marketing contact data: Until consent is withdrawn or opt-out is exercised.
• Website analytics data: Typically 14–26 months in anonymized form.
• Career application data: Up to 12 months for unsuccessful candidates.
• Security logs and audit trails: Up to 12 months for operational purposes; longer where required by law.

8. Your Rights

Depending on your location and the applicable legal framework, you may have rights including access, rectification, erasure, restriction of processing, data portability, and the right to object to processing.

To exercise any of these rights, please contact our privacy team:

• Email: info@dphish.com / sales@dphish.com
• Website Form: Contact form at dphish.com
• Postal Mail: Villa 75, Block 2, 7th District, Sheikh Zayed, Giza, Egypt

We will verify your identity before processing your request and respond within the applicable legal timeframe (30 days under GDPR; 45 days under CCPA/CPRA). We do not charge a fee to process rights requests except where requests are manifestly unfounded, excessive, or repetitive.

9. Third-Party Websites and Services

The dPhish Website may contain hyperlinks to third-party websites, partner portals, social media platforms, industry resources, and external content. These links are provided for convenience and informational purposes only.

dPhish does not control, operate, or endorse any third-party websites and is not responsible for their content, privacy practices, or data collection activities. We encourage you to review the privacy policies of any third-party websites you visit through links on our Website.

Social media "Share" or "Like" buttons on our Website may allow social media platforms to collect your IP address and page interaction data. The use of such social plug-ins is governed by the privacy policies of the respective social media providers.

10. Children's Privacy

dPhish's Website and cybersecurity services are designed for, and directed exclusively to, business professionals and organizations. Our services are not intended for individuals under the age of 16 (or the minimum age required by applicable local law, which may be up to 18 years in certain regions).

We do not knowingly collect, process, or solicit personal information from children. If we become aware that we have inadvertently received personal data from an individual under the applicable age threshold, we will take prompt steps to delete that information from our systems.

11. Changes to This Privacy Policy

dPhish reviews and updates this Privacy Policy periodically to reflect changes in our practices, legal obligations, technology, and regulatory environment. When we make material changes to this Policy, we will notify you by:

• Posting a prominent notice on the dPhish Website at dphish.com;
• Sending an email notification to registered contacts and customers (where we hold a valid email address);
• Updating the "Last Updated" and "Effective Date" fields at the top of this Policy;
• Displaying an in-product notification (for customers using dPhish platforms).

Prior versions of this Privacy Policy are archived and available upon request.

12. Contact Information and Data Protection Contacts

12.1 Company and Privacy Contact

• Trading As: dPhish
• Website: dphish.com
• Business Address (Headquarters): Villa 75, Block 2, 7th District, Sheikh Zayed, Giza, Egypt
• Privacy & General Enquiries: info@dphish.com
• Sales Enquiries: sales@dphish.com

12.2 Supervisory Authority Contact

If you are not satisfied with our response to a privacy inquiry or believe we are processing your data inconsistently with applicable law, you have the right to lodge a complaint with the relevant supervisory authority:

• EEA: The supervisory authority in your country of residence or the lead supervisory authority for dPhish.
• United Kingdom: Information Commissioner's Office (ICO) — ico.org.uk — 0303 123 1113.
• United States (California): California Privacy Protection Agency (CPPA) — cppa.ca.gov.