HookPhish Privacy Policy

Personal Data

Under the EU’s General Data Protection Regulation (GDPR), personal data is defined as:

“any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.”

Information Collection

On Our Website

You are free to explore the website without providing any Personal Information about yourself. When you visit the Website, engage with our Website’s chatbot, or register for the Subscription Service, we request that you provide personal information in the form of email, name, and place of work. We will ask for consent and confirm that you are comfortable with us processing your information and contacting you.

When Using the HookPhish SaaS Platform

We provide access to the HookPhish platform through the internet and grant full admin rights to the client. As such, you have control over your data, and we act as the data processor. From the console, you can add and delete users. We do not retain your data for more than 7 days, and we only do so in case you need to retrieve your information due to an error.

If you require us to assist you with administering the console, you can grant our team temporary admin privilege. During this time, we do not store your data. Once the task is complete, we remove the rights and return access to you.

From Third-Party Providers

We may receive your personal data from third-party service providers for HookPhish. Your personal data will be processed in line with GDPR requirements and will not be retained for longer than necessary.

How We Use Your Information

This privacy notice explains how HookPhish collects and uses your personal data to provide further information about our user-focused security services.

Purpose of Data Collection

In order to provide you with user-focused security services, we need to collect personal data to allow us to contact you, set up accounts, and keep you informed about relevant information. We are committed to ensuring that the information we collect and use is appropriate for this purpose and does not invade your privacy.

If you have given consent, HookPhish may also occasionally contact you with news about HookPhish services that might interest you.

Data Sharing

Depending on the requested service, we may share your personal data with third-party service providers for HookPhish. Third parties receiving your data are required to keep your details secure and use them only to provide the requested services. Sensitive personal data will be shared with your consent or if legally required.

When you sign up for a HookPhish service on our website, your information will be stored in HubSpot CRM. HubSpot, a US-based company, ensures GDPR compliance through their EU Privacy Shield.

For users of the HookPhish SaaS service, we store your data on Amazon Web Services (AWS) and use Sendgrid for email communication. AWS is ISO 27001 and SOC2 compliant. Interaction with our chatbot relies on Intercom, following industry-standard security measures and data protection protocols.

Data Processing and Retention

HookPhish will process (collect, store, and use) your information in compliance with the EU’s GDPR. We will strive to keep your information accurate, up to date, and not retain it longer than necessary. Legal requirements and business-sector practices might dictate longer data retention.

Communication and Contact

We aim not to be intrusive and will avoid asking irrelevant or unnecessary questions. The information you provide is safeguarded to minimize unauthorized access or disclosure.

As a customer, we will contact you regarding your account when necessary to provide optimal service. If you’ve subscribed to a service on our website, we will contact you to ensure you receive the best service.

Access to Your Data

Upon your request, HookPhish can confirm the information we hold about you and its processing. You have the right to know:

  • Identity and contact details of the data controller
  • Contact details of the data protection officer/GDPR owner
  • Purpose and legal basis for processing
  • Categories of personal data collected, stored, and processed
  • Recipients of the data
  • Data retention duration
  • Your rights to rectify, erase, restrict, or object to processing
  • Right to withdraw consent and lodge a complaint
  • Whether providing data is a legal or contractual requirement

Automated Decision Making

HookPhish commits to GDPR-compliant processing, including automated decision-making. Any profiling is conducted with transparency and offers insight into the logic and expected outcomes of such processing.


At HookPhish, we value your privacy and are dedicated to protecting your personal data. This privacy policy outlines how we collect, use, and safeguard your information in compliance with GDPR guidelines.

If you have any concerns, questions, or requests regarding your personal data, please don’t hesitate to contact our data protection officer at [email protected].

Effective Date: August 18, 2023