Security & trust

Intentionally conservative by design.

Name: Phishy
Brand: Phishy

This page describes the current early-access operating posture, not the enterprise marketing version of what the product may become later.

Trust stance

Substantiated only

Support promise

Email-first

Qualification

Explicit

Residency requests

Scoped

Risk evaluation

If a requirement is not supported today, we say so directly.

The purpose of this page is to reduce ambiguity for serious buyers, not decorate the site with unsupported trust shorthand.

Phishy is currently sold as an early-access service, not a finished enterprise platform.
Customer billing is handled through Stripe and transactional email is routed through configured third-party providers.
The app records campaign, training, and administrative activity so teams can review what happened and export results.
Release and operational readiness are tracked with explicit checklists, smoke tests, and backup or restore procedures.

The product is positioned for EU and NIS2-minded buyers who need evidence of training activity and human-risk workflows.
Privacy, refund, support, and commercial terms are written to match the current operating model rather than an aspirational future state.
If you have strict residency, DPA, or procurement requirements, we handle those through a qualification step before go-live.
We do not claim certifications, attestations, or uptime guarantees unless they are published and supportable.

Request the current support contract, commercial readiness checklist, or incident-handling approach before purchase.
Use the 14-day trial to validate onboarding, campaign launch, reporting, and training flows in your own environment.
Treat enterprise-specific requirements such as private hosting, custom procurement, or bespoke controls as a scoped engagement.
Email security@phishy.dk when you need a direct answer instead of marketing shorthand.

Email security@phishy.dk for current security answers, a DPA request, or the early-access support contract.