Skip to main content

Privacy Policy

Data Protection and Privacy

At GottaPhish, we take data protection and privacy very seriously.
We are committed to complying with the General Data Protection Regulation (GDPR) to ensure the security and confidentiality of the personal data we collect from visitors to our website.

We are a French company and we make every effort to process and store data in France or within the European Union.

Types of Data We Collect

As part of a phishing simulation campaign, solely for the purpose of giving you access to the results, we may collect different types of data, including:

  • Personal data:
    We may collect personal information such as first name, last name, email address, phone number, and job position (optional).
    This information is collected only if you voluntarily provide it, for example when uploading a CSV file or using SSO integration.

  • Technical data:
    Our website automatically collects certain technical information, such as your IP address, User-Agent, and referrer URL.
    This information helps you obtain better visibility of your information system.

All of this data is entirely managed by you, and is deleted when your account is deleted.

How We Use Your Data

The personal data we collect is used only for the purposes for which it was provided, including:

  • Customer communication: responding to your requests, providing requested information, or communicating updates about our services.
  • Internal record keeping: maintaining an internal record of interactions with you.
  • Analysis and improvements: analyzing non-identifiable usage data to improve site performance, content, and user experience.
Data Protection and Sharing

We implement appropriate technical and organizational measures to ensure the security and confidentiality of your personal data.

We do not sell, rent, or transfer your personal information to third parties.

Your Personal Rights

Under GDPR, you have the following rights:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to object
  • Right to data portability

You may exercise your rights at any time by contacting us.

Data Retention

We retain your personal data only for as long as necessary to achieve the purposes described in this policy, or as required by applicable law.

Sub-processors

French subprocessors:

  • OnetSolution
  • OVH
  • MilkyWan

Non-EU subprocessors (depending on activated services):

  • SendGrid
  • ChatGPT (OpenAI)
  • Cloudflare
Contact Us

If you have any questions, concerns, or requests regarding our data practices or this GDPR privacy statement:

E-mail:

img of email

Address: 99 avenue Baudin, 87000 Limoges, France