Terms of Service

1. Acceptance of Terms

By accessing or using the PhishShield platform ("Service"), you agree to be bound by these Terms of Service ("Terms"). If you are using the Service on behalf of an organization, you represent that you have the authority to bind that organization to these Terms. If you do not agree, do not use the Service.

2. Description of Service

PhishShield is an enterprise security awareness and phishing simulation platform that provides:

• Phishing simulation campaign management and delivery
• Security awareness training modules and assessments
• Employee risk scoring and analytics
• Multi-tenant organization management and MSSP partner portals
• Compliance reporting (SOX, HIPAA, PCI-DSS, ISO 27001, NIST, GDPR)
• Gamification and engagement features

3. Account Registration

To use the Service, you must:

• Provide accurate and complete registration information
• Maintain the security of your account credentials
• Promptly notify us of any unauthorized access to your account
• Be at least 16 years of age

You are responsible for all activity that occurs under your account.

4. Authorized Use

PhishShield is designed exclusively for legitimate security awareness testing within your own organization. You agree to:

• Only target your own employees — Simulations must only be sent to individuals within your organization who are subject to your security policies
• Obtain proper authorization — You must have appropriate organizational authority to conduct phishing simulations
• Comply with applicable laws — You are responsible for ensuring simulations comply with all local, state, national, and international laws
• Not use for malicious purposes — The Service must not be used for actual phishing, fraud, identity theft, or any unlawful activity

5. Prohibited Conduct

You shall not:

• Use the Service to target individuals outside your organization
• Send simulations that violate anti-spam laws (CAN-SPAM, GDPR, PECR)
• Attempt to gain unauthorized access to other organizations' data
• Use captured credentials from simulations for any purpose other than security awareness metrics
• Reverse-engineer, decompile, or disassemble the Service
• Resell or redistribute the Service without authorization
• Use the Service to send actual malicious content, malware, or exploits
• Interfere with or disrupt the integrity or performance of the Service

6. Credential Handling

During phishing simulations, the platform may capture credentials submitted by employees on simulated landing pages. These credentials are:

• Immediately hashed upon capture — never stored in plaintext
• Used only to record that a credential submission event occurred
• Automatically purged according to your organization's data retention settings
• Never used by PhishShield for any purpose beyond simulation metrics

7. Email Delivery & Whitelisting

For simulations to work correctly, your organization may need to configure email whitelisting. PhishShield provides guidance for Microsoft 365 and Google Workspace configurations. You are responsible for managing your email infrastructure settings. PhishShield is not responsible for emails blocked by your organization's email filters.

8. Intellectual Property

The Service, including its design, code, templates, training content, and documentation, is owned by PhishShield and protected by intellectual property laws. You retain ownership of:

• Custom templates you create within the platform
• Your organization's data and reports
• Custom training content you upload

9. Service Availability

We strive to maintain high availability but do not guarantee uninterrupted access. The Service may be temporarily unavailable for maintenance, updates, or circumstances beyond our control. We will provide reasonable advance notice for planned maintenance when possible.

10. Data Protection

Our handling of personal data is governed by our Privacy Policy. By using the Service, you acknowledge and agree to our data practices as described therein. For organizations subject to GDPR, we offer data processing agreements upon request.

11. Limitation of Liability

To the maximum extent permitted by law, PhishShield shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising from your use of the Service. This includes, but is not limited to, damages resulting from phishing simulations, employee reactions to simulations, or any disruption to your email systems. Our total liability shall not exceed the amount paid by you for the Service in the twelve (12) months preceding the claim.

12. Indemnification

You agree to indemnify and hold PhishShield harmless from any claims, damages, losses, or expenses arising from your use of the Service, your violation of these Terms, or your violation of any third-party rights, including claims by your employees related to phishing simulations.

13. Termination

Either party may terminate the subscription:

• With 30 days' written notice at the end of any billing period
• Immediately if the other party materially breaches these Terms and fails to cure within 14 days of notice

Upon termination, your right to use the Service ceases. We will retain your data for 90 days to allow for export, after which it will be permanently deleted.

14. Modifications to Terms

We may modify these Terms at any time. Material changes will be communicated via email or platform notification at least 30 days before taking effect. Continued use of the Service after the effective date constitutes acceptance. If you disagree with changes, you may terminate your subscription.

15. Governing Law

These Terms shall be governed by and construed in accordance with the laws of India. Any disputes arising from these Terms shall be subject to the exclusive jurisdiction of the courts in India.

16. Contact

For questions about these Terms of Service, contact us at: