Last updated: 1 April 2026 · Effective: 1 April 2026
By creating an account or using the PhishShield platform, you agree to be bound by these Terms of Service. If you are using the platform on behalf of an organisation, you represent that you have authority to bind that organisation to these terms. If you do not agree, do not use the service.
PhishShield is designed exclusively for authorised security awareness testing within your own organisation. You may only run phishing simulations against individuals who are employees, contractors, or members of your organisation and who are covered by an appropriate internal policy or employment agreement. You must not use PhishShield to send simulations to individuals outside your organisation or without authorisation.
You must not use PhishShield to: (a) target individuals outside your organisation without explicit written consent; (b) conduct actual phishing attacks or fraud; (c) impersonate organisations you do not represent; (d) circumvent domain verification controls; (e) share account credentials with unauthorised parties; (f) reverse engineer or attempt to extract source code; or (g) use the platform in any way that violates applicable law.
You are responsible for maintaining the confidentiality of your login credentials and for all activity that occurs under your account. Notify us immediately at [email protected] if you suspect unauthorised access. We reserve the right to suspend accounts where misuse is suspected.
Paid plans are billed monthly or annually in advance. All prices are in GBP and exclusive of VAT unless stated otherwise. You authorise us to charge your payment method on each billing cycle. If payment fails, we will attempt to retry for up to 7 days before suspending your account. Refunds are provided at our discretion for billing errors only.
You may cancel your subscription at any time from the Billing page in your dashboard. Cancellation takes effect at the end of the current billing period — you retain full access until then. We do not provide pro-rata refunds for unused time.
PhishShield and all content, templates, and software on the platform are owned by or licensed to PhishShield, Inc. and protected by copyright and other intellectual property laws. You are granted a limited, non-exclusive, non-transferable licence to use the platform solely for the purposes described in these terms. You retain ownership of data you upload, such as target lists and custom templates.
By using PhishShield, you enter into a Data Processing Agreement with us as required under GDPR. We act as a data processor on your behalf when processing your employees' data. You remain the data controller and are responsible for your own legal basis for processing. Our full DPA is available on request.
To the maximum extent permitted by law, PhishShield's total liability to you for any claims arising from these terms or your use of the service shall not exceed the total fees paid by you in the 12 months preceding the claim. We are not liable for indirect, incidental, consequential, or punitive damages.
These terms are governed by the laws of England and Wales. Any disputes shall be subject to the exclusive jurisdiction of the courts of England and Wales. If any provision of these terms is found unenforceable, the remaining provisions shall continue in full force.
Questions? Contact us at [email protected]