Simple, per-mailbox pricing

No. Phishaver connects to your email platform via read-only OAuth API access (Microsoft Graph API Mail.Read scope for M365; gmail.readonly for Google Workspace). There are no MX record changes, no mail forwarding rules, and no changes to your email delivery path. This means there is zero risk of mail delivery disruption during setup.

No. Phishaver is additive to M365 Defender, not a replacement. It specifically covers the targeted attack gap that M365 Defender's rule-based and reputation-based filters leave open: spear phishing from fresh domains, BEC from lookalike addresses, and LLM-crafted social engineering with no known signature. Both products operate independently and complement each other.

Email body content is analyzed in-memory during the detection pipeline. Only threat event metadata is retained (sender, subject snippet, threat type, confidence score, detection evidence) for the configured retention window (14 days for Starter, 90 days for Growth, configurable for Enterprise). Raw email content is not stored beyond the analysis window.

Setup completes in under 5 minutes for most organizations. You authorize Phishaver via your Microsoft 365 or Google Workspace admin console using standard OAuth. No professional services engagement required. First threat analysis results appear within minutes of connecting. For Enterprise customers requiring SSO and SIEM configuration, allow up to 30 minutes.

Phishaver is built with SOC 2 Type II controls in mind — compliance documentation is available to Enterprise prospects on request. This includes controls notes, not a certification claim. NIST SP 800-53 IA-4 and CIS Controls 9 alignment notes are also available on request for Enterprise customers. ISO 27001 information security controls alignment notes are available on request. None of these represent Phishaver holding formal certification — they document how our controls are designed to support compliance with these frameworks.