Privacy Policy

At HookPhish, we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal data in accordance with the EU General Data Protection Regulation (GDPR). Please read this policy carefully to understand our practices regarding your personal information.

1. Definition of Personal Data

Under the GDPR, personal data refers to:

"Any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, by reference to identifiers such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person."

2. Information We Collect

On Our Website: You may browse our website without submitting personal data. However, when interacting with our chatbot or registering for services, you may be asked to provide information such as your name, email address, and organization. By doing so, you consent to our processing of this data in line with this policy.

Using the HookPhish SaaS Platform: As the data controller, you are responsible for the data you submit. HookPhish acts as the data processor and retains such data for no more than 7 days unless extended recovery support is required.

Administrative Access: If temporary admin access is granted to our support team, it will only be used for the specific task and will not be retained afterward.

From Third Parties: We may receive relevant personal data from third-party providers to deliver our services. All data is processed in accordance with GDPR and only retained as long as necessary.

3. Purpose of Data Collection

We collect personal data to:

• Communicate with you about your account and services
• Set up and manage your access to the HookPhish platform
• Send updates or announcements, where you have given consent

We only collect data necessary for these purposes and take steps to handle it securely and lawfully.

4. Data Sharing

Your personal data may be shared with trusted third-party service providers, who are contractually obligated to handle it securely and only for intended purposes. These include:

• HubSpot (CRM): Manages customer communications. GDPR and EU-US Data Privacy Framework compliant.
• Amazon Web Services (AWS): Hosts platform infrastructure. ISO 27001 and SOC2 certified.
• SendGrid: Facilitates email communications.
• Intercom: Powers our live chat and support.

We will not share your sensitive personal data without explicit consent unless required by law.

5. Data Retention

We retain your personal data only as long as necessary to fulfil the purposes for which it was collected or to comply with legal obligations. For example:

• Account registration data is kept for the duration of your subscription and deleted upon cancellation.
• Operational or interaction data may be stored for up to 12 months for audit and troubleshooting.

6. Your Rights Under GDPR

You have the right to:

• Access – Know what data we hold and how it's used.
• Rectification – Request corrections to inaccurate data.
• Erasure – Ask for your data to be deleted.
• Restriction – Limit how your data is processed.
• Objection – Object to processing under certain conditions.
• Withdraw Consent – Revoke consent at any time.

To exercise your rights, please contact our Data Protection Officer at [email protected]. We will respond within the timeframes set by GDPR.

7. Automated Decision-Making and Profiling

HookPhish does not engage in automated decision-making or profiling that produces legal or similarly significant effects. If any profiling is used, it will be transparent and explain the logic and potential impact.

8. Data Security

We implement industry-standard security measures, including encryption, secure access controls, and monitoring, to prevent unauthorized access, disclosure, alteration, or destruction of your personal data.

9. International Data Transfers

If personal data is transferred outside the European Economic Area (EEA), we will ensure that adequate safeguards are in place, including Standard Contractual Clauses or transfers to organizations that adhere to the EU-US Data Privacy Framework.

10. Communications

We may contact you regarding your account or our services. You can unsubscribe at any time via the link in our emails or by contacting us directly.

11. Updates to This Policy

This Privacy Policy may be updated to reflect changes in legal or operational requirements. Material updates will be communicated via email or on our website.

12. Contact Information

If you have questions about this policy or your personal data, please contact:

Email: [email protected]
Address: 17 Hanover Square, London, W1S 1BN, United Kingdom