1. Agreement
These Terms govern your use of the Phishy platform operated by Richard Oros. By activating an account on behalf of an organisation, you agree to these Terms for that organisation.
2. Service scope
Phishy currently offers phishing simulations, training flows, reporting, and related onboarding/support services. The service is sold as early access, so the public offer is limited to what is currently supportable.
3. Customer responsibilities
You are responsible for accurate account data, lawful use of sending domains, appropriate employee notifications where required, and review of your own rollout decisions.
4. Fees & payment
Paid subscriptions are billed in advance through Stripe unless a separate order form says otherwise. Trial access does not require a card. Refunds are handled under the published Refund Policy.
5. Data protection
You retain ownership of your customer data. We handle personal data according to the Privacy Policy and any agreed DPA.
6. Availability & support
Phishy does not offer a default uptime SLA in the public early-access plan. Support is email-based and best effort unless a separate contract states otherwise.
7. Changes to the service
We may change the product over time. If a material commercial change affects paying customers, we will communicate it before it takes effect.
8. Term & termination
Subscriptions renew until cancelled. Either party may terminate for material breach. After termination, data export and deletion are handled according to the active operational process and legal obligations.
9. Limitation of liability
To the extent allowed by law, aggregate liability is limited to the fees paid by you during the 12 months before the event giving rise to the claim. Indirect or consequential damages are excluded.
10. Governing law
These Terms are governed by Danish law unless a signed agreement states otherwise.