Privacy Policy
Last updated: March 2026
nophi.sh (hereinafter "we") is committed to protecting the privacy of its users. This policy describes how we collect, use and protect your personal data.
1. Data Collected
We collect the following data: first name, last name, professional email address, company name, job title, IP address, and platform usage data (simulation results, training progress).
2. Processing Purposes
Your data is processed for: providing the phishing simulation and training service, generating compliance reports, improving our services, and communications related to your account.
3. Legal Basis
The processing of your data is based on: contract performance (service delivery), your consent (marketing communications), and our legitimate interest (service improvement and security).
4. Data Retention
Your data is retained for the duration of your subscription and 12 months after account termination. Billing data is retained in accordance with legal obligations (10 years).
5. Your Rights
Under GDPR, you have the following rights: access, rectification, erasure, portability, restriction of processing and objection. To exercise these rights, contact us at dpo@nophi.sh.
6. Hosting and Security
Your data is hosted in France on ISO 27001-certified infrastructure. We implement appropriate technical and organizational measures to ensure the security of your data.
7. Cookies
We use strictly necessary cookies for the operation of the site. No tracking or advertising cookies are used without your explicit consent.
8. Contact
For any questions regarding the protection of your data, contact our DPO: dpo@nophi.sh.