Skip to content

Privacy Policy

Terms and Conditions ("Terms")

Last Updated: 22 September 2025

Last Updated: 22 September 2025

PROTAKEDOWN PTE. LTD. T/A PhishFort (“PhishFort”) is committed to maintaining robust privacy protections for its users. Our Privacy Policy (“Privacy Policy”) is designed to help you understand how we collect, use, disclose, process, transfer, retain and safeguard the information you provide to us and to assist you in making informed decisions when using our Site or our Service or Dashboard. For purposes of this Privacy Policy: “Site” refers to PhishFort’s website, which can be accessed at https://www.phishfort.com. “Service” refers to PhishFort’s services which include:

  • Our phishing and Intellectual Property (“IP”) infringement monitoring and takedown offering
  • Placing an order for the takedown of a phishing incident or IP infringement through our Site
  • Requesting information or a follow-up communication with PhishFort’s team
  • Registering on and making use of our online Dashboad

Dashboard” refers to PhishFort’s online customer dashboard found at https://dashboard.phishfort.com, where customers are able to view all information related to the takedown and monitoring services offered by PhishFort and upload necessary evidence. 

The terms “we,” “us,” and “our” refer to PhishFort. “You” refers to you, as a user of our Site or our Service or Dashboard. By using and/or accessing our Site, Service or Dashboard, and/or providing us with your Personal Information, you agree to be bound by the terms of our Privacy Policy and Terms of Use, and consent to our collection, storage, use, disclosure, transfer, retention and processing of your Personal Information for the purposes listed under and as described in this Privacy Policy. If you do not consent to the terms of this Privacy Policy, please withdraw your consent in accordance with this Privacy Policy, do not access our Site, Service or Dashboard, and/or do not provide your Personal Information, where applicable.

If you provide us with any Personal Information relating to a third party, by submitting such information to us, you warrant and represent to us that you have obtained the consent of such third party in disclosing his/her personal data to us.

This Privacy Policy supplements but does not supersede nor replace any other consents you may have previously provided to us, nor does it affect any rights we may have at law in connection with the collection, storage, use or disclosure of your Personal Information, including the collection, usage and disclosure of your Personal Information without your consent where permitted or required by applicable law.

I. INFORMATION WE COLLECT

We collect “Non-Personal Information”, “Personal Information” and “Company Information”. You directly provide us with most of the information we collect. We collect information and process information when you amongst others:

  • Register on the Dashboard or place an order for any of our products or Services.
  • Voluntarily complete a customer survey or provide feedback on any of our message boards or via email.
  • Use or view our Site via your browser’s cookies.
  • Complete our online contact form.
  • Complete any enquiry or product form found on our Site.
  • Submit any content and/or information to us.

PhishFort does not receive your data indirectly from third parties or other sources and the process is executed in accordance with PDPA.

Non-Personal Information means data or information which is not Personal Information, and may include information that cannot be used to personally identify you, such as anonymous usage data, general demographic information we may collect, referring/exit pages and URLs, platform types, preferences you submit and preferences that are generated based on the data you submit and number of clicks.

Personal Information means data, whether true or not, about a person who can be identified from that data or from that data and other information to which we have or are likely to have access, and includes the following which may be submitted by you when completing one of the forms on our Site, use our Services, or register on the Dashboard:

  • Your name
  • Your email address
  • Your phone number
  • Your Credit Card information (if applies for the case/payment method)
  • Any other personally identifiable information which you provide in connection with your access and/or use of our Site, Services or Dashboard

Company Information is submitted by you when you apply to use some of our Services or register on the Dashboard, and includes:

  • Company name
  • Company registration number
  • Company address
  • Company website
  • Company contact information

You should ensure that all Personal Information submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with services you have requested, either to the same standard as if you had provided the Personal Information or at all.

1. Information collected via Cookies
In an effort to improve the quality of your experience of the Site, Services and the Dashboard, we track information provided to us by your browser or by our software application when you view or use the Site, Dashboard, or Service, such as the website you came from (known as the “referring URL”), the type of browser you use, the device from which you connected to the Site or Dashboard, the time and date of access, and other information that does not personally identify you. We track this information using cookies, or small text files which include an anonymous unique identifier. Cookies are sent to a user’s browser from our servers and are stored on the user’s computer hard drive. Sending a cookie to a user’s browser enables us to collect information about that user and keep a record of the user’s preferences when utilizing our services, both on an individual and aggregate basis. PhishFort may use both persistent and session cookies; persistent cookies remain on your computer after you close your session and until you delete them, while session cookies expire when you close your browser. You can set your browser not to accept cookies. Visit https://allaboutcookies.org to learn more about how to remove cookies from your browser. However, in a few cases, some of our Site features may not function as a result. Third parties (such as analytics software) may also use cookies, over which we have no control. By using the Site without deleting or rejecting some or all cookies, you agree that we can place those cookies that you have not deleted or rejected on your device.

2. Information you provide us by registering on the Dashboard
In addition to the information provided automatically by your browser when you visit the Site, to register to the Dashboard you will need to create a personal profile. You can create a profile by registering on the Dashboard and entering your email address, and creating a password. By registering, you are authorizing us to collect, store, disclose and use your email address and name in accordance with this Privacy Policy.

3. Children’s Privacy
The Site, Services, and Dashboard are not directed to individuals under the age of 18. If you are under 18, please do not use or access our Services or provide any personal information to us. The Site, Services and the Dashboard does not knowingly collect or solicit information from minors, or allow any minors to access and/or sign up for the Site, the Services or the Dashboard. In the event that we learn that we have gathered personal information from any minor without the consent of a parent or guardian, we will delete that information as soon as possible. If you believe we have collected such information, please contact our Data Protection Officer via email at: security@phishfort.com

Without prejudice to the foregoing, if a minor is to use the Site, Services and the Dashboard, and/or their related services and provides Personal Information, the minor must do so with the consent of his/her guardian. You represent and warrant that you have the right capacity and legal capacity required to use and access use the Site, Services and the Dashboard, and/or their related services. If you are a minor, you represent and warrant that you are using the Site, Services and the Dashboard, and/or their related services with the consent of your guardian. In that regard, we are entitled to rely on such consent or refusal given by your guardian. 

II. PURPOSES FOR COLLECTION, USE AND DISCLOSURE OF PERSONAL INFORMATION

Generally, PhishFort collects, uses, and discloses your Personal Information for the following purposes:

  • Processing and maintaining your account with us
  • Providing you with the services and functions on the Site, the Services or the Dashboard
  • Providing technical and customer support, including but not limited to  requesting for feedback, responding to your feedback, queries, requests, and complaints
  • Informing you of any promotional offers
  • Processing, recording, monitoring, delivering and otherwise fulfilling your order(s)
  • Verifying and processing your personal details and payment
  • Personalising your web user experience on the Site, the Services or the Dashboard
  • Backing up our systems to provide for disaster recovery
  • Enforcing our Terms of Use
  • Further developing the Site, the Services or the Dashboard
  • To improve or enhance the methods or processes, or to develop new methods or processes, for the operation of PhishFort
  • To collate statistical information for internal use or external bodies
  • Matching any Personal Information held which relates to you for any of the purposes listed herein
  • Complying with any applicable rules, laws and regulations, codes of practice or guideline or assisting in law enforcement and investigations by relevant authorities
  • To address fraud, security or technical concerns
  • To protect against harm to the rights, property, or safety of our users or the public as required or permitted by law
  • Fulfilling any other purpose for which you provide us Personal Information
  • Fulfilling any other purpose that we may notify you of from time to time.

III. HOW WE USE AND SHARE INFORMATION

Personal Information:

Except as otherwise stated in this Privacy Policy, we do not sell, trade, rent or otherwise share for marketing purposes your Personal Information with third parties without your consent. We do share Personal Information with vendors who are performing services for PhishFort, such as the servers for our email communications who are provided access to the user’s email address for purposes of sending emails from us. Those vendors use your Personal Information only at our direction and in accordance with our Privacy Policy. In general, the Personal Information you provide to us is used to help us communicate with you and for us to provide the Services. For example, we use Personal Information to contact users in response to questions, solicit feedback from users, provide technical support. We will also use your Personal Information in order to provide our takedown and monitoring Services which may on occasion include sharing your name and email address with a host provider or registrar in order to conduct a takedown. We may share Personal Information with outside parties if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to meet any applicable legal process or enforceable governmental request; to enforce applicable Terms of Use, including investigation of potential violations; or it’s required in order to provide our takedown services.

Non-Personal Information:

In general, we use Non-Personal Information to help us improve the Site and customize the user experience. We also aggregate Non-Personal Information in order to track trends and analyze use patterns on the Site. This Privacy Policy does not limit in any way our use or disclosure of Non-Personal Information and we reserve the right to use and disclose such Non-Personal Information to our partners, advertisers and other third parties at our discretion. In the event we undergo a business transaction such as a merger, acquisition by another company, or sale of all or a portion of our assets, your Personal Information may be among the assets disclosed and/or transferred. You acknowledge and consent that such disclosure/transfers may occur and are permitted by this Privacy Policy, and that any acquirer of our assets may continue to process your Personal Information as set forth in this Privacy Policy subject always to applicable law. If our information practices change at any time in the future, we will post the policy changes to the Site so that you may opt out of the new information practices. We suggest that you check the Site periodically if you are concerned about how your information is used.

IV. HOW WE PROTECT AND RETAIN INFORMATION

PhishFort stores your data on the Google Cloud Platform (“GCP”) and/or Amazon Web Services (“AWS”). We encourage you to review their data protection practices here:

We operate within the industry-standard Shared Responsibility Model: our cloud providers (Google Cloud Platform and/or AWS) are responsible for securing the underlying infrastructure, while PhishFort is responsible for securing your data within our environment.

Both GCP and AWS are certified under internationally recognized standards, including ISO/IEC 27018 (protection of personal data in the cloud) and SOC 2. Beyond leveraging these providers, PhishFort itself has successfully completed a SOC 2 Type II audit. This independent validation demonstrates our commitment to implementing and maintaining robust security practices for protecting customer data.

We further protect your information through a combination of organizational and technological safeguards, including:

  • Restricting access to Personal Information to authorized personnel only, supported by logging, monitoring, and audit trails to detect unauthorized access attempts.
  • Encrypting all Personal Information in transit (e.g., via TLS/SSL) and at rest, using industry-standard cryptographic protocols.
  • Protecting your account with password authentication and two-factor authentication (2FA). We urge you to maintain a strong, confidential password and to log out when you finish using your Dashboard.
  • Employing comprehensive security controls such as firewalls, secure server software, and intrusion detection systems.

Although we implement and maintain robust safeguards, no security system is impenetrable. It is therefore important to acknowledge that, despite our efforts, we cannot guarantee absolute protection against unauthorized access, alteration, disclosure, or destruction of information. By using our Site, Services, or Dashboard, you understand and accept these inherent risks.

Retention of Information
 We may retain your Personal Information for as long as it is reasonably necessary to fulfill the purposes for which it was collected, or as required or permitted by applicable laws, regulations, or audit obligations. Once retention is no longer necessary, we will cease to retain your Personal Information or remove the means by which it can be associated with you.

We do not store cookies for longer than 24 hours, after which time all collected information is deleted. Unless prohibited by applicable law, any evidence uploaded to the Dashboard for purposes of conducting a takedown is securely stored on GCP for an indefinite period.

V. YOUR RIGHTS REGARDING YOUR PERSONAL INFORMATION

PhishFort would like to make sure you are fully aware of all of your data protection rights. Subject always to applicable law, every user is entitled to amongst others the following:

The right to access. You have the right to request PhishFort for copies of your Personal Information. We may charge you a small fee for this service.

The right to rectification. We generally rely on information provided by you or your authorised representative. In order to ensure that your Personal Information is current, complete and accurate, please update us if there are any changes. You have the right to request that PhishFort update any information you believe is inaccurate, incomplete or outdated. 

If you make a request, we will respond to your request as soon as possible. If we are unable to respond to your request within 30 days after receiving your request, we will inform you in writing within 30 days of the time by which we will be able to respond to your request. 

If you would like to exercise any of these rights, please contact our Data Protection Officer via email at: security@phishfort.com.

VI. LINKS TO OTHER WEBSITES

We may provide links to or compatibility with other websites or applications. However, we are not responsible for the privacy practices employed by those websites or the information or content they contain. This Privacy Policy does not apply to your use of a third party website accessed by selecting a link on our Site or via our Service. To the extent that you access or use the Service through or on another website or application, then the privacy policy of that other website or application will apply to your access or use of that site or application. We encourage our users to read the privacy statements of other websites before proceeding to use them.

VII. TRANSFER OF PERSONAL DATA OUT OF COUNTRY

Your Personal Information may be transferred from the country in which you are present while you are using the Site, the Services or the Dashboard (“Home Country”) to another country where our affiliates, business partners, authorised agents, third party service providers or data storage facilities are located. You understand and consent to the transfer of your Personal Information outside of your Home Country. To the extent that we need to transfer your Personal Information outside your Home Country, we will endeavour to do so in accordance with applicable law.

VIII. WITHDRAWING CONSENT

The consent that you provide for the collection, use and disclosure of your Personal Information will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop using and/or disclosing your Personal Data for any or all of the purposes listed above by submitting your request to our Data Protection Officer via email at: security@phishfort.com.

Please note that if your Personal Information has been provided to us by a third party, you should contact such party directly to make any queries, feedback, and access and correction requests to PhishFort on your behalf. 

Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and obligations. 

Depending on the nature and scope of your request, we may not be able to continue providing our services to you. In such circumstances we shall notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform our Data Protection Officer via email at: security@phishfort.com.

Your Personal Data may be retained for a reasonable period after your relationship with us has been altered in any way or has ended, for reasonable purposes, such as to resolve any concerns between you and us.

IX. CHANGES TO OUR PRIVACY POLICY

PhishFort reserves the right to change this policy and our Terms of Use at any time. We will notify you of significant changes to our Privacy Policy by sending a notice to the primary email address specified in your account or by placing a prominent notice on our site. Significant changes will go into effect 30 days following such notification. Non-material changes or clarifications will take effect immediately. You should periodically check the Site and this Privacy Policy for updates. You hereby waive any right you might have to receive specific notice of such changes. Your continued use of the Site, the Services or the Dashboard constitutes your acknowledgement and acceptance of such changes, modifications and alterations.

X. CONTACT US

If you have any questions regarding this Privacy Policy or the practices of this Site, or if you have any questions or feedback concerning our personal data protection policies and procedures or any other related matter, please contact our Data Protection Officer via email at: security@phishfort.com.

PROTAKEDOWN PTE. LTD. T/A PhishFort, 160 Robinson Road, #14-04 Singapore Business Federation Centre (068914)