PhishIndex logo PhishIndex

Privacy Policy

Effective date: April 4, 2026

Introduction

PhishIndex ("we", "us", "our") operates this website and a browser extension. This Privacy Policy explains what information we collect, why we collect it, how we use it, with whom we share it, how long we keep it, and how you can exercise your privacy rights.

Controller & Contact

  • Controller: PhishIndex
  • Contact email: phishindex@outlook.com

Definitions

  • Technical information: This means your IP address, browser type and version, operating system, device identifiers, network data, and other technical metadata.
  • Processing: Any operation performed on personal data, whether or not by automated means.
  • Controller: The entity that determines the purposes and means of the processing of personal data.

Information We Collect & Purposes and Legal Basis

  • Website: We collect certain Technical information, such as your IP address, browser type and version, operating system, device identifiers, network data, and other technical metadata when you visit our website. We rely on legitimate interest to process this information for the purposes of providing you with our website and tools, and for ensuring the security, reliability, and performance of that website or tools.
  • Form submissions: We collect data submitted through forms on our website, such as your email address, any content you provide via the forms and certain Technical information. We rely on user consent to process this information for the purpose of responding to your inquiries or reports.
  • Password Checker tool: We do NOT intentionally collect or store plain-text passwords as password processing occurs in your browser. However, for the password breach check feature, your browser sends the first 5 characters of the SHA-1 hash of the password you entered and certain Technical information to the Have I Been Pwned service. Neither we, or the Have I Been Pwned service get your full plain-text password. Also, only the Have I Been Pwned service ever gets access to the first 5 characters of the SHA-1 hash, we don't. We rely on user consent to process this information for the purpose of providing you this feature.
  • Browser extension: The Malicious URL Blocklist feature downloads a list of domains from GitHub; GitHub may receive certain Technical information when the extension fetches that list. We rely on user consent to process this information for the purpose of providing you this feature.

Data Sharing with Third-Parties

  • We never sell or rent your personal data. However, we do share it with certain companies to provide you with certain features or services.
  • Their privacy policies can be found at:
  • Website data is shared with Cloudflare. They provide us with website hosting, security, analytics and performance monitoring. Their privacy policy is available at: https://www.cloudflare.com/privacypolicy/
  • Form submission data is shared with Formspree. They handle form submissions for us. Their privacy policy is available at: https://formspree.io/legal/privacy-policy/
  • Password Checker tool data, specifically the password breach check feature, is provided by Have I Been Pwned. Their privacy policy is available at: https://haveibeenpwned.com/Privacy
  • Browser extension data, specifically the malicious URL blocklist feature, is provided by GitHub. Their privacy policy is available at: https://docs.github.com/site-policy/privacy-policies/github-privacy-statement

Data Retention

  • Data is retained for as long as it is necessary to provide our services and comply with legal obligations.

International Transfers

  • Data may be processed in or transferred to countries outside your jurisdiction.
  • Where transfers occur, we use appropriate safeguards or rely on processor certifications.

Your Rights

  • Depending on applicable law, you may have rights to: access, correct, delete, restrict processing, receive a copy, object to processing, opt out of sale/sharing, of your personal data and to lodge a complaint with a supervisory authority.
  • To exercise these rights, contact us at phishindex@outlook.com.
  • We will respond in accordance with applicable law.

Children

  • Our services are not directed to children under 18.
  • We do not knowingly collect personal information from children under 18. If we learn we have collected such data, we will delete it.

Security

  • We implement reasonable administrative, technical, and physical safeguards appropriate to the risk.
  • No internet transmission is fully secure; we cannot guarantee absolute security.

Cookies and Third-Party Content

  • We do not set first-party cookies.
  • Third party cookies may be used by Cloudflare for the purposes of security .

Changes to This Policy

  • From time to time, we may update this privacy policy. Continued use after changes constitutes acceptance.

How to Contact Us

Email us at phishindex@outlook.com or use the contact form on our website.