Privacy Policy

Privacy Policy
PhishNext.com

Effective Date: 1 February 2026

PhishNext is a powerful web-based phishing simulation service designed to enhance organizational cybersecurity by simulating phishing attacks to test employee awareness and readiness. As a subsidiary of Craw Security, we are committed to protecting your privacy and personal data.

This Privacy Policy outlines how we collect, use, disclose, and safeguard your information when you use our services.

By using PhishNext, you agree to the terms outlined in this Privacy Policy. If you do not agree with these terms, please do not use our services.

1. Information We Collect

We collect the following types of information when you use PhishNext:

a. Personal Information

When you sign up for PhishNext or interact with our platform, we may collect personal information, including but not limited to:

  • Employee Data: Information about the employees involved in phishing simulations, such as their name, email address, and role within your organization. This information is necessary to conduct phishing simulations and provide reports.
  • Account Information: Your name, email address, company name, and payment details used to create an account or subscribe to our services.

b. Usage Data

We may collect non-personal information related to your usage of PhishNext, including:

  • Interaction Data: Information about your interactions with our platform, such as how often you access our services, the features you use, and your browsing behavior within the platform.
  • Device Information: Details about the device and browser you use to access our platform, including IP address, operating system, and browser type.

c. Payment Information

For users on a pay-per-person subscription model, we may collect payment details to process transactions. Payment details are processed by third-party payment processors and are not stored by PhishNext.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing Services: To conduct phishing simulations and generate reports based on the data you provide. This includes sending phishing emails and tracking the responses to assess employee awareness.
  • Account Management: To create and manage your account, process payments, and communicate with you about your subscription or service updates.
  • Improving Services: To enhance the functionality, security, and performance of PhishNext, as well as to understand how users engage with our platform to improve user experience.
  • Customer Support: To respond to your inquiries, resolve issues, and provide customer support.
  • Legal Compliance: To comply with applicable laws and regulations, such as tax obligations or legal disputes.

3. Data Security

PhishNext uses industry-standard security measures to protect your data. We employ encryption techniques, secure data storage, and restricted access controls to safeguard the personal and organizational information collected through our platform.

However, no security measure can guarantee 100% security, and we cannot ensure the absolute security of your information.

4. Data Retention

We retain personal and organizational data for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by law. If you wish to delete your account or any associated data, please contact us, and we will comply with your request in accordance with applicable law.

5. Sharing Your Information

We do not sell or rent your personal data to third parties. However, we may share your information in the following circumstances:

  • Service Providers: We may share your information with third-party service providers who assist with our platform operations, such as payment processors, hosting services, or analytics providers. These providers are required to protect your information in accordance with this Privacy Policy.
  • Legal Requirements: We may disclose your data if required by law, such as to comply with a subpoena, legal process, or government request.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

6. Your Rights

As a user of PhishNext, you have the following rights regarding your personal data:

  • Access: You may request access to the personal data we hold about you.
  • Correction: You may request that we correct any inaccurate or incomplete personal data.
  • Deletion: You may request that we delete your personal data, subject to applicable legal requirements.
  • Data Portability: You may request a copy of your personal data in a machine-readable format.
  • Opt-Out: You can opt out of marketing communications by following the unsubscribe instructions in our emails or by contacting us directly.

To exercise these rights, please contact us at [email protected].

7. Cookies and Tracking Technologies

PhishNext may use cookies and similar tracking technologies to enhance your experience on our platform. These technologies help us analyze usage patterns, remember your preferences, and improve the functionality of our services. You can manage your cookie preferences through your browser settings.

For more information, please contact us at [email protected].

8. Children’s Privacy

PhishNext is not intended for use by individuals under the age of 18. We do not knowingly collect or solicit personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will take steps to delete such information as soon as possible.

9. Changes to This Privacy Policy

PhishNext reserves the right to update this Privacy Policy at any time. Any changes will be posted on this page with an updated effective date. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

10. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us at:

PhishNext
A subsidiary of Craw Security

[email protected]

www.phishnext.com

By using PhishNext, you consent to the collection, use, and sharing of your information as described in this Privacy Policy.

Last updated: 1 February 2026