Security & Compliance

At CanIPhish, we take data privacy and security seriously, and we are committed to safeguarding the sensitive information entrusted to us by our customers. As part of our cloud computing and infrastructure hosting services, we utilize Amazon Web Services (AWS) as a subprocessor to store and manage customer data securely.

As a subprocessor, AWS plays a crucial role in maintaining the reliability, scalability, and security of our platform. We store sensitive customer information, including Email Addresses, First Names, Last Names, Job Titles, and Company Names, within AWS infrastructure. This data is protected using industry-standard encryption and access controls to ensure its confidentiality and integrity.

In addition to customer data, CanIPhish also stores confidential information within AWS, such as campaign statistics, employee risk scores, and other tenant metadata. We understand the significance of this information and have implemented robust security measures to prevent unauthorized access, data breaches, and misuse.

We are committed to being transparent about our data processing activities and have implemented appropriate contractual safeguards with AWS to protect customer data. Our data processing practices adhere to applicable privacy laws and regulations, and we strive to exceed industry standards for data security and privacy protection.

CanIPhish values the privacy and security of our customers' data and strives to ensure that it is handled with the utmost care. As part of our commitment to providing reliable collaboration services, we utilize Microsoft 365 (M365) as a subprocessor to deliver various communication and storage solutions.

M365 offers a range of robust tools, including Exchange Online for email communication, Microsoft Teams for video conferencing, and OneDrive for cloud storage. These services enable us to enhance collaboration and productivity while maintaining the security and integrity of our customers' information.

As a subprocessor, CanIPhish may communicate and store sensitive customer information over email within the M365 infrastructure. We recognize the significance of this data and have implemented stringent security measures to protect it throughout its lifecycle.

As part of our compliance efforts, we have implemented contractual safeguards with Microsoft to ensure that customer data processed through M365 adheres to applicable privacy laws and regulations. We also stay up-to-date with the latest security enhancements and best practices recommended by Microsoft for protecting customer data.

CanIPhish prioritizes the security and privacy of our customers' sensitive information, especially when it comes to payment processing and subscription management services. As part of our commitment to providing a seamless and secure payment experience, we rely on Stripe as a subprocessor to handle the collection, storage, and processing of customer payment information.

Stripe is a trusted and reputable payment processing platform that specializes in secure and reliable transactions. It enables us to securely collect and manage sensitive information, including email addresses, first names, last names, billing addresses, as well as payment details such as Credit Card Information and Bank Account Information.

We have chosen Stripe as a subprocessor due to their industry-leading security measures and dedication to protecting customer data. Stripe maintains a robust infrastructure and implements stringent security protocols to ensure the confidentiality and integrity of the information it handles.

When utilizing Stripe's services, CanIPhish adheres to best practices and industry standards to protect customer data throughout its lifecycle. We have implemented secure transmission protocols and encryption mechanisms to safeguard data in transit, and we store customer information securely within Stripe's infrastructure using industry-standard security measures.

We understand the importance of compliance with relevant data protection regulations and have established appropriate contractual safeguards with Stripe. These safeguards ensure that customer data is processed in accordance with applicable privacy laws and regulations.

At CanIPhish, we strive to provide exceptional customer support and ensure the security and privacy of our customers' sensitive information. To deliver efficient knowledge base and live chat services, we utilize Zendesk as a subprocessor.

Zendesk offers a robust platform that enables us to provide a comprehensive knowledge base and real-time assistance through live chat. As a subprocessor, Zendesk may store and process sensitive customer information communicated through live chat.

We understand the importance of safeguarding customer data and have implemented stringent security measures to protect it throughout its lifecycle. CanIPhish follows industry best practices and takes appropriate technical and organizational measures to ensure the confidentiality and integrity of customer information.

When utilizing Zendesk's live chat services, we prioritize the security and privacy of customer communications. We employ encryption protocols and secure transmission channels to protect the information exchanged during live chat sessions. Furthermore, we restrict access to customer data only to authorized personnel who require it to provide support and resolve queries.

CanIPhish maintains strict data protection standards and complies with applicable privacy laws and regulations. We have implemented appropriate contractual safeguards with Zendesk to ensure that customer data processed through their platform remains protected.

At CanIPhish, we are committed to safeguarding the security and privacy of our customers. To enhance our cybersecurity offerings, we use Have I Been Pwned as a subprocessor for our dark web monitoring services. This allows us to provide an advanced level of protection and awareness to our customers.

Have I Been Pwned are an Australian-based business that is widely recognized and trusted. It serves as a valuable resource for individuals and organizations to check if their email addresses and associated accounts have been compromised in data breaches or security incidents.

As part of our dark web monitoring service, we share employee email addresses with Have I Been Pwned. This is essential to effectively monitor and identify potential security threats. By sharing this information, we can compare it to data available on the dark web and in data breaches, enabling us to notify you if any employee email addresses are compromised.

It's important to note that the sharing of employee email addresses with Have I Been Pwned is encrypted in-transit, and conducted with the utmost concern for data privacy. We adhere to strict data protection standards and practices to ensure the confidentiality and integrity of the information shared.

We value the privacy of our customers and understand that not everyone may wish to participate in this service. Therefore, our dark web monitoring service is entirely opt-in. Customers have the choice to decide whether they want to take advantage of this additional layer of security.

CanIPhish is committed to delivering effective email marketing automation services while upholding the highest standards of data privacy and security. To achieve this, we utilize Klaviyo as a subprocessor to support our email marketing campaigns.

Klaviyo is a trusted platform that enables us to efficiently manage and automate our email marketing efforts. As a subprocessor, Klaviyo may communicate and store sensitive customer information, including email addresses, first names, and last names.

We understand the importance of safeguarding customer data and have implemented robust security measures to protect it throughout its lifecycle. CanIPhish adheres to industry best practices and employs appropriate technical and organizational measures to ensure the confidentiality and integrity of customer information.

When utilizing Klaviyo's services, we prioritize the security and privacy of customer data. We have implemented industry-standard encryption and access controls to protect the information shared and stored within Klaviyo's platform.

We continually review and update our security practices to align with evolving industry standards and mitigate potential risks. CanIPhish remains committed to the responsible handling of customer information and strives to maintain the trust you place in us.