Legal

Privacy Policy

Star LLC dba PhishGuard  ยท  Effective date: 1 May 2026  ยท  Last updated: 1 May 2026

Plain-English Summary: PhishGuard analyses email metadata (sender, subject, links) inside your inbox to detect phishing. We never store the full body of your emails. We collect the minimum data necessary to run the service and never sell your data to anyone.

1. Who We Are

Star LLC, doing business as PhishGuard and operating phishguardd.com ("we", "us", "our"), provides an email phishing detection service. This Privacy Policy explains what data we collect, how we use it, and your rights in relation to it. By using PhishGuard you agree to this policy.

Data Controller: Star LLC dba PhishGuard
Email: privacy@phishguardd.com

2. What Data We Collect

We collect the minimum data necessary to provide the PhishGuard service:

  • Account data โ€” your name, work email address, and organisation domain, collected when you sign up for a trial or subscription.
  • Scan metadata โ€” for each email scanned: the sender address and domain, subject line hash (SHA-256, one-way), URLs found in the email, risk score, verdict, and threat flags. This data is stored to power your threat reports and admin dashboard.
  • Licence data โ€” your organisation domain, subscription plan, and billing status.
  • Payment data โ€” billing is handled by PayPal. We do not store payment card details on our servers.
  • Usage data โ€” basic server logs including IP address and timestamp, retained for security and debugging purposes.

We do not collect or store the full body text of emails. Body content is analysed locally within your email client (Outlook or Gmail) and is never transmitted to our servers.

3. What We Don't Collect

We are explicit about what we do not collect:

  • Full email body content
  • Email attachments or their content
  • Personal data of email senders (only their domain and address metadata)
  • Browsing history or activity outside of PhishGuard
  • Data from emails you don't open while PhishGuard is active

4. How We Use Your Data

4.1 Providing the Service

Sender addresses, subject lines, and URLs are used to perform phishing detection analysis. Scan results are stored to power your threat reports and admin dashboard (Enterprise plan).

4.2 Licence Management

Your organisation domain is used to validate your active licence and ensure the add-in works correctly for all users in your organisation.

4.3 Service Communications

Your account email is used to send trial expiry notices, billing confirmations, and important service updates. You cannot opt out of transactional service emails while your account is active.

4.4 Service Improvement

Aggregated, anonymised scan statistics may be used to improve PhishGuard's detection algorithms. This data cannot be used to identify individual users or organisations.

4.5 Legal Compliance

We may use or disclose data where required by applicable law, court order, or regulatory authority.

We process your data on the basis of contract performance, legitimate interests in operating and improving the service, and legal compliance obligations.

5. Data Storage & Security

5.1 Where Data is Stored

Scan results and licence data are stored on servers hosted by Guardedhost.com in a secured environment. We implement access controls and encryption to protect your data.

5.2 Security Measures

We implement industry-standard security measures including HTTPS encryption for all data in transit, database access controls and credentials management, regular security reviews, and firewalling of server infrastructure.

5.3 Data Breach Notification

In the event of a data breach affecting your organisation's data, we will notify you within 72 hours of becoming aware of the breach, as required by applicable law.

6. Third-Party Services

PhishGuard uses a small number of trusted third-party services. Here is exactly what each receives:

  • PayPal โ€” processes subscription payments. Receives billing information. Subject to PayPal's Privacy Policy.
  • VirusTotal (Enterprise plan only) โ€” URLs extracted from emails may be submitted for threat analysis. Subject to VirusTotal's Terms.
  • Google Safe Browsing (Enterprise plan only) โ€” URLs may be checked against Google's Safe Browsing database. Subject to Google's Privacy Policy.
  • WHOIS/RDAP services (Enterprise plan only) โ€” sender domain registration dates are queried from public RDAP servers to assess domain age.

We do not sell, rent, or share your data with any third party for marketing or advertising purposes.

7. Data Retention

We retain your data for the following periods:

  • Scan event logs โ€” retained for 12 months from the date of the scan, then automatically deleted.
  • Account and licence data โ€” retained for the duration of your subscription plus 90 days after cancellation.
  • Payment records โ€” retained for 7 years for tax and accounting purposes.
  • Server logs โ€” retained for 30 days.

You may request early deletion of your data at any time by contacting privacy@phishguardd.com.

8. Your Rights

You have the following rights in relation to your personal data:

  • Access โ€” request a copy of the data we hold about you.
  • Rectification โ€” request correction of inaccurate data.
  • Erasure โ€” request deletion of your data (subject to legal retention requirements).
  • Portability โ€” request your data in a machine-readable format.
  • Restriction โ€” request that we restrict processing of your data in certain circumstances.
  • Objection โ€” object to processing based on legitimate interests.

To exercise any of these rights, contact us at privacy@phishguardd.com. We will respond within 30 days.

9. GDPR & CCPA Compliance

9.1 GDPR (European Union & United Kingdom)

Where PhishGuard processes personal data of individuals in the EU or UK, we act as a data processor on behalf of the Customer (who is the data controller). You have the right to lodge a complaint with your national data protection authority if you believe we have not handled your data appropriately.

9.2 CCPA (California, USA)

California residents have the right to know what personal information we collect, request deletion of personal information, and opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact privacy@phishguardd.com.

10. Children's Privacy

PhishGuard is a business-to-business service intended for use by organisations and their employees. We do not knowingly collect personal data from anyone under the age of 16. If we become aware that we have collected data from a minor, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and update the "Last updated" date at the top of this page. Your continued use of PhishGuard after the effective date constitutes acceptance of the updated policy.

12. Contact Us

For any privacy-related questions, requests, or concerns:

PhishGuard Privacy Team
Email: privacy@phishguardd.com
General enquiries: hello@phishguardd.com

This Privacy Policy was drafted for informational purposes. PhishGuard recommends having this policy reviewed by a qualified legal professional for your jurisdiction.