Terms of Service

Last modified: Thursday 25th September 2025

1. Preamble

These Terms of Service (“Terms”) govern your access to and use of PhishTool’s products and services. They apply to all users of PhishTool, including those using the Community (free) version, the Professional (individual paid) version, and the Enterprise (team paid) version.

By accessing or using our services, you agree to be bound by these Terms, our Privacy Policy, and, where applicable:

• The Service Agreement and Data Processing Agreement (DPA) (Enterprise customers only);
• The Proof of Value Agreement (trial/evaluation users only).

In the event of conflict, the Service Agreement or DPA shall prevail over these Terms.

References in these Terms to “PhishTool”, “we”, “us” or “our” mean PhishTool Limited, registered in England and Wales (Company Number: 12126730), with registered office at International House, 36–38 Cornhill, London, EC3V 3NG, United Kingdom.

References to “you” or “your” mean any customer using our services. References to “services” mean the applications, websites, services and products provided by PhishTool. References to “file(s)” mean digital files, including emails, attachments, or related artefacts submitted to our services.

2. Acceptable Use

You agree not to misuse our services. Specifically, you must not:

• Violate applicable laws or regulations;
• Infringe the rights of PhishTool, our users, or any third party;
• Submit files you do not own or lack lawful rights to submit;
• Submit files containing unlawful, harmful, or commercially sensitive information without authorisation;
• Attempt to overload, disrupt, or interfere with our services;
• Attempt unauthorised access to accounts, systems, or data;
• Submit malicious files other than in the intended context of security analysis.

3. File Submission and Processing Instructions

By submitting a file, you confirm that you are the owner or have all necessary rights and permissions to submit it.

By submitting a file, you instruct PhishTool to process it for the following purposes:

• Providing analysis of the file to you and authorised users;
• Archiving analysis results and making them available to authorised users;
• Generating metrics, insights, and reports;
• Identifying phishing artefacts, indicators, and patterns;
• Improving and developing our products and services;
• Protecting the security and integrity of our systems.

Ownership: You retain ownership of the original content you submit. PhishTool processes the file only in accordance with your instructions and does not acquire ownership of your material.

Deletion: You may delete files you have submitted at any time. Deleted files are removed from active systems without undue delay. Derived or anonymised data may be retained for service improvement on the lawful basis of legitimate interests, but this data does not identify you or your organisation.

4. Data Protection & GDPR Compliance

1. Roles
   • In all cases, you are the data controller for files and personal data you submit. PhishTool acts as the data processor, processing data only to provide the services and in accordance with your instructions.
2. Hosting and Location
   • PhishTool services are hosted entirely within the Amazon Web Services (AWS) Dublin region (eu-west-1). No personal data is transferred outside the EU/EEA without appropriate safeguards.
3. Data Processing Agreement (DPA)
   • Enterprise customers receive a GDPR-compliant DPA covering all Article 28 requirements.
4. Data Subject Rights
   • You, as the controller, remain responsible for responding to requests from data subjects. PhishTool will support you by implementing appropriate measures to assist with requests in accordance with GDPR.
5. Retention and Deletion
   • We retain data only for as long as necessary to provide services or meet legal obligations. Files may be deleted by you at any time. Account deletion requests result in the removal of associated personal data from active systems, with backup removal completed within [insert timeframe, e.g. 30–60 days].
6. Security Measures
   • PhishTool implements appropriate technical and organisational measures to secure data, including encryption in transit and at rest, access controls, and monitoring.
7. Breach Notification
   • In the event of a personal data breach affecting customer data, PhishTool will notify you without undue delay, in accordance with GDPR requirements.

5. Cookie Policy

PhishTool uses cookies and similar technologies to provide and secure our services.

1. What Cookies Are
   • Cookies are small text files stored on your device when you visit a website.
2. How We Use Cookies
   • To maintain secure sessions and account logins;
   • To remember your preferences (e.g., language, interface settings);
   • To provide analytics on service usage;
   • To prevent abuse and enhance security.
3. Types of Cookies Used
   • Strictly necessary cookies – required for secure login and core functionality;
   • Preference cookies – store user settings;
   • Analytics cookies – help us understand service usage (aggregated, non-identifying).
4. Managing Cookies
   • Most browsers allow you to remove or block cookies. Please note that our services may not function properly if cookies are disabled.

By using our services, you consent to the use of cookies as described above.

6. Intellectual Property

All rights, title and interest in and to PhishTool’s services remain the exclusive property of PhishTool. Nothing in these Terms transfers intellectual property rights to you.

7. Changes to Services

We may update, improve, or withdraw services at any time. Significant changes will be communicated to you.

8. Disclaimers

Our services are provided “as is” and “as available.” To the maximum extent permitted by law, PhishTool disclaims all warranties, express or implied, including merchantability, fitness for a particular purpose, and non-infringement.

9. Limitation of Liability

PhishTool shall not be liable for indirect, incidental, special, or consequential damages, including loss of profits, data, or goodwill, arising out of or in connection with the use of our services.

• For Community (free) users, PhishTool’s total aggregate liability under these Terms shall not exceed £500.
• For Professional and Enterprise (paid) users, PhishTool’s total aggregate liability under these Terms shall not exceed the total fees paid by you to PhishTool in the twelve (12) months preceding the claim.

Nothing in these Terms excludes or limits liability for death or personal injury caused by negligence, fraud or fraudulent misrepresentation, or any other liability which cannot be excluded under applicable law.

10. Changes to these Terms

We may amend these Terms from time to time. The current version will always be available at https://phishtool.com/terms-of-service .

11. Governing Law

These Terms are governed by and construed in accordance with the laws of England and Wales. The courts of England and Wales shall have exclusive jurisdiction over any dispute.