Privacy Policy

We collect the following types of information:

• Account Information: Name, email address, and password when you create an account
• Quiz Data: Your quiz responses, scores, and progress to provide educational feedback
• Payment Information: Billing details processed securely through Stripe (we do not store card numbers)
• Usage Data: How you interact with our platform to improve our services
• Device Information: Browser type, IP address, and device identifiers for security purposes

We use the information we collect to:

• Provide and improve our educational phishing awareness quizzes
• Send quiz results to parents/guardians when requested
• Process payments and manage subscriptions
• Communicate important updates about your account or our services
• Analyze usage patterns to enhance the learning experience
• Protect against fraud and unauthorized access

We do not sell your personal information. We may share data with:

• Service Providers: Trusted partners who help us operate our platform (e.g., Stripe for payments, Supabase for data storage)
• Parents/Guardians: Quiz results may be shared with designated parent email addresses
• Legal Requirements: When required by law or to protect our rights and safety

We implement industry-standard security measures to protect your information, including:

• Encryption of data in transit and at rest
• Secure authentication and access controls
• Regular security assessments and updates
• Limited employee access to personal data on a need-to-know basis

We use cookies and similar technologies to:

• Keep you logged in to your account
• Remember your preferences
• Analyze how our platform is used
• Improve performance and user experience

You can manage cookie preferences through your browser settings or our cookie consent banner.

You have the right to:

• Access: Request a copy of your personal data
• Correct: Update inaccurate or incomplete information
• Delete: Request deletion of your account and data
• Opt-out: Unsubscribe from marketing communications
• Portability: Receive your data in a portable format

To exercise these rights, please contact us at hello@phishtested.com.

We retain your personal information for as long as your account is active or as needed to provide services. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law or for legitimate business purposes.

PhishTested is designed to educate children about online safety with parental involvement. We require parental consent for users under 13 years of age. Parents can review, modify, or delete their child's information by contacting us.