Phishgrad Terms & Privacy Policy
Effective Date: October 23, 2025
1. Overview
Phishgrad provides behavioral AI tools to help organizations reduce human error, prevent data breaches, and protect brand reputation. We prioritize privacy by design and do not store or retain personal email data.
2. Data We Access
- Email metadata and behavioral cues (e.g., sender domain, urgency indicators)
- No access to message bodies, attachments, or personal identifiers
- All data is anonymized before processing
3. How We Use Data
- To analyze behavioral risk and assign anonymized user grades
- To surface real-time threat previews and microlearning nudges
- To generate organizational dashboards for behavioral trends
4. Data Storage
- We do not store email content or personal data
- All analysis is performed in-memory and discarded after processing
5. User Profiling
- We do not profile individuals using personal identifiers
- Behavioral grades are anonymized and used only for organizational insights
6. Security Measures
- Read-only access to email environments
- Role-based access controls and audit logging
- Encryption in transit and at rest for all metadata
7. Compliance
- Designed to align with GDPR, CCPA, and emerging AI governance frameworks
- Supports enterprise-level Data Processing Agreements (DPAs)
- Transparent grading logic and non-punitive scoring
8. User Rights
- Users may request access to their behavioral grade via their organization
- Organizations may configure visibility and review protocols
9. Contact
For questions about this policy, contact: