Protecting Your Data is Our First Priority

Certifications and regulatory compliance

We demonstrate our commitment to protecting your data through our independently verified ISO 27001 and ISO 27017 certification. We also recognize that GDPR is an essential step in strengthening the individuals rights in the digital age. We have a Data Protection Officer and a GDPR support team in place to ensure our privacy processes and procedures continue to be consistent with protection regulations.


Where is my data stored?

Phish Insight data is hosted in an AWS Datacenter in Dublin, Ireland.

What data does Phish Insight collect?

You have full control over the data you upload into Phish Insight. To launch a phishing simulation or training program, you will have to upload the email address and name of the recipient at a minimum. We will then report whether the email was opened, clicked on or credentials entered. Similarly, for training campaigns, we will report on the user's training completion status. For more detail on this please click here.

What do you do with my data?

Employee data that is uploaded in to Phish Insight is not used for any marketing purposes. The only person that will be contacted by Trend Micro is the individual who signed up for the service.

How do I remove my data?

If you have not used the product for a duration of three years we will irreversibly obfuscate your data. A customer can request to have their data obfuscated at any time.

For more detailed information about your Data Privacy, please see the additional information below:

If you have any questions please contact us at