← Back to PhishScan

Privacy Policy

Effective date: June 30, 2026  ·  Last updated: June 30, 2026

GDPR · CCPA · NIST SP 800-53 Compliant

What We Collect

PhishScan is designed with data minimization as a core principle (GDPR Art. 5, CCPA). We collect only what is necessary to provide the service:

What We Do Not Collect

Third-Party Services

To generate AI-written narrative summaries, the domain name you submit is sent to Anthropic's Claude API. Anthropic's data handling is governed by their Privacy Policy. No other third-party services receive your data.

Data Retention

Your Rights (GDPR / CCPA)

Because we do not store personally identifiable information, there is no user profile to access, export, or delete. If you have concerns about data processed during a scan session, contact us and we will investigate within 72 hours (GDPR Art. 33).

Security Measures

Compliance Framework

Contact

Security issues or privacy concerns: privacy@phishscan.app