PhishShield

Phishing Simulation

20+ realistic attack templates across every vector

Cyber Essentials

NCSC-backed certification against common cyber threats

Threat Analytics

Real-time human risk intelligence dashboard

Compliance Reports

Board-ready audit documentation and audit trails

View all platform features →

Enterprise

Full security suite with dedicated support and SLAs

Financial Services

FCA, PCI-DSS and BEC fraud defence for finance teams

Education

DfE-aligned cyber security for schools and MATs

Healthcare

DSPT-aligned phishing defence for NHS and private care

View all solutions →

Documentation

Setup guides, API reference, and integrations

Cyber News

Live threat intelligence from Krebs, NCSC, Bleeping Computer and more

Case Studies

Real customer outcomes and measurable ROI data

Threat Intelligence

Latest phishing campaign TTPs and analysis

Explore all resources →
Pricing

Campaign login

Admin dashboard

Training portal

Employee learning

Get started
Security

How we protect your data

Security is at the core of everything we build. Here's a transparent overview of the technical and organisational measures we have in place.

SOC 2 Type II
ISO 27001
GDPR Compliant
UK Cyber Essentials

Encryption

  • ›All data in transit encrypted with TLS 1.3
  • ›All data at rest encrypted with AES-256
  • ›Database backups encrypted before storage
  • ›API tokens hashed with bcrypt (cost factor 12)

Infrastructure

  • ›Hosted on Supabase (PostgreSQL) with EU data residency
  • ›Application deployed on Vercel edge network
  • ›Automatic database backups every 24 hours
  • ›Zero-downtime deployments with rollback capability

Access control

  • ›Role-based access: Owner, Admin, Member
  • ›Domain verification required before campaign creation
  • ›Session tokens invalidated on sign-out
  • ›Admin panel restricted to verified site administrators

Application security

  • ›SQL injection prevention via parameterised queries (Prisma ORM)
  • ›CSRF protection on all state-changing endpoints
  • ›Rate limiting on authentication and password reset endpoints
  • ›Input validation with Zod on all API routes

Monitoring

  • ›Error monitoring and alerting
  • ›Authentication anomaly detection
  • ›Dependency vulnerability scanning
  • ›Regular security reviews

Responsible disclosure

  • ›We welcome responsible disclosure of security vulnerabilities
  • ›Email [email protected] with details
  • ›We aim to respond within 48 hours
  • ›We do not pursue legal action against good-faith researchers

Found a vulnerability?

Please report it responsibly. We take all security reports seriously and will respond within 48 hours.

[email protected] →
PhishShield

Enterprise phishing simulation and security awareness training for modern organisations. Built by security people, for security teams.

SOC 2 Type IIISO 27001GDPR

Product

  • Features
  • Template Library
  • Pricing
  • Status

Company

  • About
  • Testimonials
  • Cyber News
  • Careers
  • Contact Sales
  • Enterprise

Legal

  • Privacy Policy
  • Terms of Service
  • GDPR
  • Security

© 2026 PhishShield, Inc. All rights reserved.

For authorised security awareness testing only.