We know it's important.

We understand you put a lot of trust in your vendors. At PhishingBox, we are serious about security. Our business is built on security. As such, we have implemented security and privacy measures to provide a safe and secure application.

To help with your vendor due diligence process, we are including a summary of security and privacy information here. If you need additional information, please contact us directly.


Security is our business.

As a trusted vendor, we understand your need to maintain a secure environment. Our information security program is an ongoing process. We have developed controls and are audited or tested on a regular basis.

Our Security Summary

SOC Audit

U.S. President Ronald Regan said, “Trust but verify." So, you do not have to take our word for it. An external, third-party audit firm conducts our SOC audit. The SOC report is an independent review from a CPA firm on the controls at a Service Organization relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy. These reports are intended to meet the needs of a broad range of users needing detailed information and assurance about the controls at a service organization.



Many of our clients are required to comply with the General Data Protection Regulations (GDPR). Our GDPR preparations have included a comprehensive review of relevant internal processes, procedures, and documentation. Additionally, we have, and continue to actively develop and implement, data protection policies, procedures, controls, and security measures for GDPR compliance.

Our GDPR Compliance

European Union Instance

PhishingBox maintains processing and hosting facilities within the European Union. Customers can select to use this instance if they do not want their data to be processed on a system within the United States. The PhishingBox EU instance maintains the same controls structure as the systems within the United States.

EU Instance Details

CSA STAR Program

The Cloud Security Alliance (CSA) is a global organization that outlines best practices for secure cloud computing. The CSA has developed standardized security practices and questionnaires to help streamline vendor due diligence for software as a service vendors. PhishingBox has adopted these practices to provide a standardized response to most vendor due diligence questions.

The CSA Star Program

Privacy Policy

In today’s environment, privacy is a concern for all organizations. PhishingBox does not sell or share your information with unrelated third parties. We only use the information necessary to deliver the products and services to our clients and market to prospective clients. Our privacy policy outlines how we handle information related to website visitors, clients of our system, and the contacts within our clients’ accounts. If you have any other privacy related questions, please contact us at privacy@phishingbox.com.

Our Privacy Policy

Cookie Policy

No, we are not hungry. Cookies are small pieces of text sent by your web browser by a website you visit. We use cookies to ensure we are delivering the best possible experience for our visitors and customers.

Cookie Policy

System Status

We understand the importance of uptime for a system. As such, we have implemented an informational status page which is an independent platform showing the current status of the various PhishingBox solutions. If there are any present disruptions, notices will be included on this page.

System Status Page
Bug Reports

Report A Vulnerability

If you believe you have found a vulnerability in a PhishingBox asset, you may report it here. We take all reported issues seriously. If the vulnerability is confirmed, we will offer a reward for the submission.

Report a Vulnerability