Phishgrad Terms & Privacy Policy

Effective Date: June 13, 2026

Privacy Policy

Effective Date: June 13, 2026

Phishgrad, Inc. ("Phishgrad," "we," "our," or "us") respects your privacy and is committed to protecting the information entrusted to us. This Privacy Policy explains how we collect, use, disclose, store, and protect information when you visit our websites, use our products and services, including Haltpoint and related offerings (collectively, the "Services"), communicate with us, or otherwise interact with Phishgrad.

This Privacy Policy is designed to meet the expectations of enterprise customers, security teams, regulators, and privacy frameworks, including applicable U.S. privacy laws, GDPR, and other relevant data protection requirements.


1. Scope

This Privacy Policy applies to:

This Privacy Policy does not apply to third-party websites, services, or applications that are not owned or controlled by Phishgrad.


2. Information We Collect

The information we collect depends on how you interact with us and the Services.

Information You Provide Directly

We may collect:


Website and Device Information

When you visit our website, we may automatically collect:


3. Information Processed Through Haltpoint

When customers use Haltpoint, Phishgrad may process information authorized by the customer to provide Runtime Trust services, Agent Trust Score (ATS) calculations, ownership management, trust evaluations, audit logging, security monitoring, and related functionality.

Such information may include:

Identity Information

Ownership Information

Agent Information

Runtime Activity Information

Enterprise Metadata

Depending on customer configuration, we may process:


4. AI Agent and Runtime Trust Data

Phishgrad provides Runtime Trust services designed to evaluate whether AI agents should be trusted to perform actions in enterprise environments.

To provide these Services, Phishgrad may collect, process, analyze, and store information relating to:

These categories of information are used to generate:

Phishgrad may use automated systems, machine learning models, statistical analysis, behavioral baselining, anomaly detection, and trust evaluation methodologies to support these capabilities. Proprietary scoring methodologies, algorithms, weighting models, thresholds, and trust calculations constitute confidential intellectual property and trade secrets of Phishgrad.


5. Content Minimization

Phishgrad is designed to minimize the collection and storage of customer content whenever possible.

Where technically feasible and appropriate for the Services:

Customers remain responsible for determining what information is connected to the Services.


6. How We Use Information

We use information to:


7. Legal Bases for Processing

Where required by law, we process information based on one or more of the following legal grounds:


8. Sharing and Disclosure

We do not sell personal information.

We may share information with:

Service Providers

Vendors who assist with:

These providers are contractually required to protect information.


Customer-Directed Integrations

Information may be shared with systems and services connected by customers, including identity providers, cloud platforms, enterprise software platforms, workflow systems, and AI platforms.


Corporate Transactions

Information may be disclosed in connection with:


Legal Requirements

We may disclose information when required to:


9. Cookies and Similar Technologies

We use cookies and related technologies to:

Users may manage cookie preferences through browser settings.


10. Data Retention

We retain information only as long as necessary to:

Retention periods vary depending on the type of information and customer requirements.

Audit, security, and trust-related records may be retained longer where necessary for compliance, security, or operational purposes.


11. Security

Phishgrad maintains administrative, technical, and physical safeguards designed to protect information.

Security measures may include:

No method of transmission or storage is completely secure, and we cannot guarantee absolute security.


12. International Data Transfers

Phishgrad may process information in countries where we or our service providers operate.

Where required, we implement appropriate safeguards for international transfers, including contractual protections and other legally recognized mechanisms.


13. Customer Data Processing

When Phishgrad processes information on behalf of a customer, the customer acts as the data controller (or equivalent legal role), and Phishgrad acts as a service provider, processor, or similar role under applicable law.

Customers control:


14. Your Privacy Rights

Depending on your location, you may have rights regarding your personal information, including:

Requests may be submitted using the contact information below.


15. California Privacy Rights

Residents of California may have rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), including rights to:

Phishgrad does not sell personal information.

Phishgrad does not share personal information for cross-context behavioral advertising.


16. European Privacy Rights

Individuals located in the European Economic Area, United Kingdom, and Switzerland may have rights under applicable data protection laws, including:


17. Children's Privacy

The Services are intended for business and enterprise use.

Phishgrad does not knowingly collect personal information from children under the age of 13, or any higher minimum age required by applicable law.


18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

When changes are made, we will update the Effective Date above and take additional steps where required by law.


19. Contact Us

Phishgrad, Inc.

Email: technology@phishgrad.com

Website: https://phishgrad.com

If you have questions regarding this Privacy Policy, our privacy practices, or your rights, please contact us using the information above.