GDPR Compliance

At PhishingBox, we are committed to ensuring the security and protection of the personal information that we process. Our GDPR preparations have included a comprehensive review of relevant internal processes, procedures, and documentation. Additionally, we have and continue to actively develop and implement data protection policies, procedures, controls, and security measures for GDPR compliance. Some of the key components are outlined below. 

Data Processor


We process data based on the instructions of the controller (i.e. the customer).  As a controller, our clients are responsible to establish a data processing agreement. We provide such agreements for clients as requested.

Data Processing Addendum


PhishingBox has established a Data Processing Addendum (DPA) to assist our partners and customers with GDPR compliance.  Email for a copy of our DPA.  

Privacy Policy

How We USE Information

Privacy is a major concern for orgnaizations. Our Privacy Policy complies with GDPR guidelines and outlines how we handle information privided by our customers, their contacts, and visitors to our website.  

Data Transfers

Crossing borders

We are located in the U.S. GDPR compliant data transfers are conducted via the standard contractual clauses in our DPA.  

Security Program

Security is our business

We maintain a robust information security program. Key highlights of the security program our outlined in our Security Summary.  

GDPR Information

Want to learn more

GDPR is comprehensive regulation. Visit the European Commission to learn more about data protection in the EU.