PhishShield

Phishing Simulation

20+ realistic attack templates across every vector

Cyber Essentials

NCSC-backed certification against common cyber threats

Threat Analytics

Real-time human risk intelligence dashboard

Compliance Reports

Board-ready audit documentation and audit trails

View all platform features →

Enterprise

Full security suite with dedicated support and SLAs

Financial Services

FCA, PCI-DSS and BEC fraud defence for finance teams

Education

DfE-aligned cyber security for schools and MATs

Healthcare

DSPT-aligned phishing defence for NHS and private care

View all solutions →

Documentation

Setup guides, API reference, and integrations

Cyber News

Live threat intelligence from Krebs, NCSC, Bleeping Computer and more

Case Studies

Real customer outcomes and measurable ROI data

Threat Intelligence

Latest phishing campaign TTPs and analysis

Explore all resources →
Pricing

Campaign login

Admin dashboard

Training portal

Employee learning

Get started
GDPR Compliance

Your data, your rights

PhishShield is designed from the ground up to be GDPR-compliant. We are committed to processing personal data lawfully, fairly, and transparently.

You are the

Data Controller

Your organisation determines why and how employee data is processed. You are responsible for having a lawful basis (e.g. legitimate interests or contract) for running simulations. PhishShield provides the tooling; you provide the authorisation.

We are the

Data Processor

We process data strictly on your documented instructions. Our Data Processing Agreement (DPA) is automatically incorporated into your contract when you subscribe to a paid plan. Request a signed copy at [email protected].

How we uphold the GDPR principles

Lawfulness, fairness & transparency

We process data only where we have a lawful basis and are transparent about how we use it.

Purpose limitation

Data collected for security awareness training is used only for that purpose and nothing else.

Data minimisation

We collect only what we need. Campaign results record interactions, not personal communications.

Accuracy

We provide tools to update and correct your employee data at any time.

Storage limitation

Data is retained only as long as necessary — campaign results for 24 months, account data for 90 days post-cancellation.

Security

All data is encrypted in transit and at rest. Access is role-based and audited.

Your rights under GDPR

  • Right of access — request a copy of your personal data
  • Right to rectification — correct inaccurate data
  • Right to erasure — request deletion of your data
  • Right to restriction — limit how we process your data
  • Right to data portability — export your data in a machine-readable format
  • Right to object — object to processing based on legitimate interests
  • Rights related to automated decision-making — we do not use automated profiling for decisions with legal effects

To exercise any right, email [email protected]. We will respond within 30 days. You also have the right to complain to the ICO.

Sub-processors

Supabase / AWSDatabase and file storage (EU region)EU / USA (SCCs in place)
StripePayment processingUSA (SCCs in place)
Resend / SMTPTransactional email deliveryEU
PhishShield

Enterprise phishing simulation and security awareness training for modern organisations. Built by security people, for security teams.

SOC 2 Type IIISO 27001GDPR

Product

  • Features
  • Template Library
  • Pricing
  • Status

Company

  • About
  • Testimonials
  • Cyber News
  • Careers
  • Contact Sales
  • Enterprise

Legal

  • Privacy Policy
  • Terms of Service
  • GDPR
  • Security

© 2026 PhishShield, Inc. All rights reserved.

For authorised security awareness testing only.