Privacy Policy

Effective Date: January 15, 2026

This Privacy Policy explains how GonePhishing collects, uses, and protects information when you use the GonePhishing website, platform, and services.

1. Information We Collect

• Name and email address
• Account login credentials
• Organization name (if applicable)
• Training participation and completion data
• Simulation interaction metrics (e.g., clicks, reports)
• Phone number and opt-in status for SMS training (if applicable)

2. Information We Do Not Collect

• Passwords entered into simulated phishing pages
• Unrelated sensitive personal information
• Payment card information (handled by third-party processors)
• Personal data from children under 13 without authorization

3. How Information Is Used

Information is used solely to provide cybersecurity awareness training, deliver simulations, generate training reports, improve the Service, and communicate service-related information.

4. Training Simulations & Credentials

Training simulations may include simulated credential entry pages. Credentials entered into these pages are not stored, reused, or authenticated against real systems. Account login credentials are handled separately for authentication only.

5. Data Sharing

GonePhishing does not sell personal data. Information may be shared only with:

• Authorized organizational administrators (aggregate or authorized results)
• Trusted service providers supporting platform operations
• Legal authorities when required by law

6. Data Retention

Information is retained only as long as necessary to provide the Service, meet reporting requirements, or comply with legal obligations.

7. Minors’ Privacy

The Service is not intended for children under 13. Minors aged 13–17 may participate only with authorized consent. Data from minors is handled with heightened care and minimal collection.

8. Security Measures

We implement reasonable administrative, technical, and organizational safeguards to protect information. No system is completely secure, but security is taken seriously.

9. Your Choices

• Update account information
• Opt out of SMS messages by replying STOP
• Discontinue use of the Service at any time

10. Changes to This Policy

This Privacy Policy may be updated periodically. Continued use of the Service constitutes acceptance of the updated policy.

11. Contact

Questions regarding privacy may be directed to info@gonephishing.com.