Trust Center
Security is our business.
We know it's important!
We understand that you put a lot of trust into your vendors. At PhishingBox, we are serious about security. Our business is built on security. As such, we have implemented security and privacy controls to provide a safe and secure application. Controls have been implemented to minimize the risk to the confidentiality, integrity, and availability of the system. Controls generally fall into one of the following categories: physical, technical, or administrative.
To help with your vendor due diligence process, we are including a summary of security and privacy information here. If you need additional information, please contact us directly.
Security is our business.
As a trusted vendor, we understand your need to maintain a secure environment. Our security summary highlights many of our key security controls. Our information security program is an ongoing process. We have developed controls and these controls are audited or tested on a regular basis.
SOC Audit
U.S. President Ronald Regan said, “Trust but verify”. So, you do not have to take our word for it as we have external audits conducted. Annually, we have a third-party audit firm conduct a SOC audit. A SOC report is an independent review from a CPA firm on the controls at a Service Organization relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy. These reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization.
GDPR
Many of our clients are required to comply with the General Data Protection Regulations (GDPR). Our GDPR preparations have included a comprehensive review of relevant internal processes, procedures and documentation. Additionally, we have and continue to actively develop and implement data protection policies, procedures, controls and security measures for GDPR compliance. You can learn more about our GDPR compliance here.
European Union Instance
PhishingBox maintains processing and hosting facilities within the European Union. Customers can select to use this instance if they do not want their data to be processed on system within the United States. The PhishingBox EU instance maintains the same controls structure as the systems within the United States. More details about the EU instance are available here.
CSA STAR Program
The Cloud Security Alliance (CSA) is a global organization that outlines best practices for secure cloud computing. The CSA has developed standardized security practices and questionnaires to help streamline vendor due diligence for software as a service vendors. PhishingBox has adopted these practices to provide a standardized response to most vendor due diligence questions. Visit the CSA STAR program.
Privacy Policy
In today’s environment, privacy is a concern for all organizations. PhishingBox does not sell or share your information with unrelated third parties. We only use the information necessary to deliver the products and services to our clients and market to prospective clients. Our complete privacy policy is available here. The policy outlines how we handle information related to website visitors, clients of our system, and the contacts within our clients’ accounts. If you have any other privacy related questions, please contact us at privacy@phishingbox.com.
Cookie Policy
No, we are not hungry. Cookies are small pieces of text sent by your web browser by a website you visit. We use cookies to ensure that we are delivering the best possible experience for our visitors and customers. You can find more information on our cookie policy here.
System Status
We understand the importance of uptime for a system. As such, we have implemented the status page which is an independent platform showing the current status of the various PhishingBox solutions. If there are any present disruptions, notices will be included on this page.
Report A Vulnerability
If you believe that you have found a vulnerability in the in a PhishingBox asset, you may report it here. We take all reported issues seriously. If the vulnerability is confirmed we will offer a reward for the submission.