Privacy Policy

Phishaver, Inc. — phishaver.com
Last updated: April 1, 2026 | Effective date: April 1, 2026
This policy includes disclosures required by the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

California Residents: You have specific rights under the CCPA/CPRA, including the right to know, delete, correct, opt-out of sale/sharing, and limit use of sensitive personal information. Jump to Section 5 — Your California Privacy Rights.

1. Introduction & About Us

Phishaver, Inc. ("we", "us", or "our") operates phishaver.com and related services (the "Service"). Our principal place of business is located at 111 Congress Avenue, Suite 2400, Austin, TX 78701.

We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your personal information, with specific disclosures required by the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA), effective January 1, 2023.

For privacy inquiries, contact us at:
Email: [email protected]
Postal: Privacy Team, Phishaver, Inc., 111 Congress Avenue, Suite 2400, Austin, TX 78701

2. Categories of Personal Information We Collect

In the past 12 months, we have collected the following categories of personal information as defined by the CCPA:

CCPA Category	Examples	Collected?	Sources
A. Identifiers	Real name, alias, email address, IP address, account name, unique personal identifiers	Yes	You directly; automatically
B. Personal Records (Cal. Civ. Code § 1798.80)	Name, address, telephone number, financial information	Yes	You directly
C. Protected Classifications	Age (40+), race, gender, veteran status (if applicable)	Limited / Only if voluntarily provided	You directly (optional)
D. Commercial Information	Products/services purchased, purchase history, preferences	Yes	You directly; transactions
E. Biometric Information	Fingerprints, face/voice recognition data	No	—
F. Internet / Electronic Activity	Browsing history on our site, search history, interaction with our ads/content	Yes	Automatically via cookies/analytics
G. Geolocation Data	Physical location derived from IP address (city/country level)	Yes (approximate)	Automatically
H. Sensory Data	Audio, electronic, visual, thermal, or olfactory information	Only if you contact us by phone (call recordings)	You directly (if applicable)
I. Professional / Employment Info	Job title, employer, professional background	Only if voluntarily provided	You directly
J. Education Information	Education history not covered by FERPA	No	—
K. Inferences	Profile reflecting preferences, characteristics, predispositions, behaviour	Yes (for personalisation)	Derived from categories above
L. Sensitive Personal Information	Account log-in + password (security credentials)	Yes (credentials only)	You directly (account creation)

2.1 Sources of Personal Information

Directly from you — forms, account registration, purchases, support requests, surveys;
Automatically — cookies, web beacons, server logs when you use our Service;
Third parties — analytics providers, advertising partners, social media platforms (where you choose to interact with us via those platforms), data enrichment providers.

3. Business & Commercial Purposes for Collection & Use

We collect and use personal information for the following business and commercial purposes:

Providing, maintaining, and improving our products and services;
Processing transactions and managing accounts;
Sending transactional communications (receipts, account alerts, service notices);
Providing customer support and responding to inquiries;
Personalising your experience and content;
Conducting analytics to understand how our Service is used;
Sending marketing communications (where you have opted in or where permitted);
Fraud prevention, security monitoring, and protecting legal rights;
Complying with applicable laws, regulations, and legal process;
Evaluating or conducting a merger, divestiture, or other business transaction;
Advertising and marketing to you, including cross-context behavioural advertising.

4. Disclosure, Sale & Sharing of Personal Information

4.1 Categories Disclosed for Business Purposes

In the past 12 months, we have disclosed the following categories of personal information to service providers and contractors for business purposes:

Identifiers (A) — to cloud hosting, email providers, analytics providers;
Commercial information (D) — to payment processors, fulfilment partners;
Internet / electronic activity (F) — to analytics and advertising platforms;
Inferences (K) — to content personalisation platforms.

4.2 Sale & Sharing of Personal Information

Under the CCPA, "sale" includes exchanging personal information for money or other valuable consideration. "Sharing" includes disclosing personal information to third parties for cross-context behavioural advertising, even without monetary exchange.

PI Category	Sold?	Shared for Cross-Context Behavioural Advertising?	Third-Party Recipients
Identifiers (A)	No	Yes (cookie IDs, IP)	Analytics, ad networks
Internet / Electronic Activity (F)	No	Yes (browsing behaviour)	Analytics, ad networks
Inferences (K)	No	Yes (interest segments)	Ad platforms
All other categories	No	No	—

4.3 Do Not Sell or Share — Opt-Out

California residents have the right to opt out of the sale or sharing of their personal information at any time. To exercise this right:

Click the link: Do Not Sell or Share My Personal Information
Global Privacy Control (GPC): We honour GPC signals. If your browser transmits a GPC signal, we will treat it as an opt-out request.
Email: [email protected] with subject "CCPA Opt-Out Request".

Once we receive your opt-out request, we will cease the sale or sharing of your personal information within 15 business days.

4.4 Sensitive Personal Information

We collect only account log-in credentials (username + hashed password) as sensitive personal information, used solely to authenticate your account. We do not use or disclose sensitive personal information for purposes beyond those necessary to provide the Service.

5. Your California Privacy Rights

If you are a California resident, you have the following rights under the CCPA/CPRA:

Right to Know

Request disclosure of the categories and specific pieces of personal information we have collected about you, sources, business/commercial purposes, and third parties with whom we share it. You may request this up to twice per 12-month period.

Right to Delete

Request deletion of personal information we have collected, subject to certain exceptions (completing a transaction, security, legal obligations, free speech, research).

Right to Opt-Out of Sale/Sharing

Direct us not to sell or share your personal information with third parties for cross-context behavioural advertising. Use the opt-out link or enable GPC signals.

Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights — no denial of goods/services, no different prices, no different quality.

Right to Correct

Request correction of inaccurate personal information we maintain about you (CPRA right).

Right to Limit SPI Use

Direct us to limit our use and disclosure of sensitive personal information to what is necessary to perform the services you request (CPRA right).

5.1 How to Submit a Consumer Request

California residents may submit requests by:

Email: [email protected] with subject "CCPA Privacy Request";
Postal mail: Phishaver, Inc., Attn: Privacy Team, 111 Congress Avenue, Suite 2400, Austin, TX 78701.

5.2 Verification of Requests

To protect your information, we must verify your identity before fulfilling a request. We will ask you to provide information that matches what we have on file. Authorised agents: You may designate an authorised agent to make a CCPA request on your behalf. We may require written proof of authorisation and may verify your identity directly.

5.3 Response Timeline

We will acknowledge your request within 10 business days and respond within 45 calendar days. If we need more time, we will notify you and may extend by an additional 45 days.

6. Retention of Personal Information

We retain personal information for as long as necessary to fulfil the purposes described in this policy, to comply with our legal obligations, resolve disputes, and enforce our agreements. Our general retention periods are:

Category	Retention Period
Account / identity data	Duration of account + 2 years after closure
Transaction / purchase history	7 years (tax/legal compliance)
Customer support records	3 years from last interaction
Marketing consent / opt-out records	Indefinitely (to honour your preference)
Analytics / usage data	26 months
Security / fraud logs	12 months

7. Security of Personal Information

We implement reasonable and appropriate technical, administrative, and physical security measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction, including encryption in transit (TLS 1.3) and at rest (AES-256), access controls, and employee training. No system is 100% secure; please use strong passwords and notify us promptly of suspected unauthorized access.

8. Children's Privacy

We do not knowingly collect personal information from consumers under 16 years of age. If you believe we have collected personal information from a minor under 16, please contact us at [email protected] and we will delete it promptly. We do not sell or share the personal information of consumers we know to be under 16 without affirmative authorisation.

9. Privacy Rights for Other Jurisdictions

Residents of other U.S. states with comprehensive privacy laws (including Virginia — VCDPA, Colorado — CPA, Connecticut — CTDPA, Utah — UCPA, Texas — TDPSA, and others) may have similar rights. For more information about your state-specific rights, please contact us at [email protected].

10. Cookies & Online Tracking

We and our partners use cookies, web beacons, pixels, and similar tracking technologies to collect internet/electronic activity data. Some of this data is used for cross-context behavioural advertising, which constitutes "sharing" under the CCPA. You may opt out by:

Using our cookie consent banner at the bottom of our pages;
Clicking Do Not Sell or Share My Personal Information;
Enabling the Global Privacy Control (GPC) in your browser.

See our Cookie Policy for full details.

11. Changes to This Privacy Policy

We may update this Privacy Policy as required by changes in law or our practices. When we make material changes, we will update the "Last updated" date and provide appropriate notice. We encourage you to review this policy periodically.

12. Contact Us

For questions, concerns, or to exercise your privacy rights:

Company: Phishaver, Inc.
Email: [email protected]
Address: 111 Congress Avenue, Suite 2400, Austin, TX 78701