Privacy Policy & Cookie Policy

Effective Date: December 02, 2025

Last Updated: December 02, 2025

1. Information We Collect

1.1 Personal Information

• Account Information: Email addresses, authentication data, subscription details
• Contact Information: Phone numbers provided for SMS phishing simulation campaigns
• Service Data: Content you create and manage through our platform including email templates, SMS templates, campaigns, and reports
• Usage Data: Platform usage statistics and performance metrics
• Technical Data: Connection information, browser data, device information
• Payment Information: Processed securely through third-party providers

1.2 Automatically Collected Information

• System logs and operational data
• Cookies and similar technologies (see Cookie Policy below)
• Performance and usage analytics

2. Cookie Policy

We use cookies and similar technologies to provide and improve our services. You can manage your cookie preferences at any time.

2.1 Types of Cookies We Use

2.2 Managing Your Cookie Preferences

You can manage your cookie preferences at any time:

• Preference Center - Manage all settings
• Browser Settings: Control cookies through browser preferences
• Withdraw Consent: Change your preferences anytime

3. How We Use Your Information

3.1 Service Provision

• Provide our core services
• Deliver platform functionality
• Generate reports and analytics
• Process payments and manage accounts
• Provide customer support

3.2 Platform Improvement

• Analyze usage patterns to improve features
• Monitor platform performance and security
• Develop new features and services

3.3 Legal Compliance

• Comply with legal obligations
• Prevent fraud and abuse
• Maintain audit trails for security purposes

4. Legal Basis for Processing (GDPR)

• Contract Performance: Processing necessary to provide our services
• Consent: For cookies and marketing communications
• Legitimate Interest: For security, fraud prevention, and service improvement
• Legal Obligation: For compliance with applicable laws

5. Data Sharing and Third Parties

5.1 Service Providers

• Cloud Infrastructure: Hosting and data storage
• Payment Processors: Secure payment handling
• Communication Services: Email and SMS messaging delivery
• Authentication Services: User identity management

5.2 Email Service Consent

Business Name: Identifai.us

Purpose: You will receive cybersecurity awareness training emails, phishing simulation alerts, campaign notifications, and service updates.

Email Frequency: Varies based on your campaign activity and training schedule.

Opt-Out: Click the unsubscribe link in any email or contact support@identifai.us

Compliance: All emails comply with CAN-SPAM Act requirements.

No Purchase Required: Consent to receive emails is not a condition of purchasing or using our services.

5.3 SMS Service Consent

Business Name: Identifai.us

Message Types: You will receive text messages for the following purposes:

• Campaign Delivery Notifications - Updates about your phishing training campaigns
  Example: "Your campaign 'Q4 Security Training' was sent to 50 employees"
• Account Notifications - Important updates about your account status
  Example: "Your monthly usage limit has been reached" or "Payment processed successfully"
• Security Alerts - Critical security and compliance notifications
  Example: "Unusual login activity detected on your account"
• Customer Care - Support responses and service updates
  Example: "Your support ticket #12345 has been resolved"
• Fraud Alerts - Notifications about suspicious activity
  Example: "Multiple failed login attempts detected"

Message Frequency: You may receive 1-10 messages per month depending on your campaign activity and account usage.

Opt-Out: Reply STOP to unsubscribe from SMS messages at any time. If you opt out, your phone number will be added to our do-not-contact list and you will not receive further messages unless you opt back in by contacting support@identifai.us.

Help: Reply HELP for assistance or contact support@identifai.us

Message & Data Rates: Standard message and data rates from your wireless carrier may apply.

No Purchase Required: Consent to receive SMS messages is not a condition of purchasing or using our services.

5.4 User Responsibility for Recipient Consent

Important: As an account holder and campaign administrator, you are responsible for obtaining proper consent from recipients before sending training campaigns.

Your Responsibilities:

• Obtain Written Consent: You must obtain proper written consent from ALL recipients (your employees, team members, etc.) before sending SMS or email training campaigns to them through our platform.
• Required Consent Elements: Consent obtained from recipients must include:
  • Business name (your organization or Identifai.us)
  • Message type (cybersecurity training, phishing simulations)
  • Message frequency disclosure
  • Opt-out instructions (Reply STOP for SMS, unsubscribe link for email)
  • Help instructions (Reply HELP for SMS)
  • "Message & data rates may apply" disclosure (for SMS)
• Maintain Records: You agree to maintain records of all consent obtained (e.g., employment agreements, IT policies, explicit opt-in forms) and provide documentation if requested.
• Honor Opt-Outs: You must respect opt-out requests immediately and remove opted-out contacts from future campaigns.
• Compliance: You are responsible for ensuring compliance with all applicable laws including CAN-SPAM Act, TCPA, and GDPR when sending campaigns to your recipients.

Note: The SMS consent described in section 5.3 above is for you (the account holder) to receive notifications about your campaigns. You must separately obtain consent from your recipients before sending training campaigns to them.

5.5 Data Protection

All third-party providers are bound by data protection agreements and process data only as instructed.

6. International Data Transfers

Your data may be processed in the United States and other countries. We ensure adequate protection through:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions where applicable
• Other appropriate safeguards as required by law

7. Data Retention

• Account Data: Until account deletion or as required by law
• Campaign Data: Until deletion by user or account closure
• Payment Records: 7 years for tax compliance
• Audit Logs: Up to 7 years for security and compliance
• Cookies: As specified in cookie descriptions above

8. Your Privacy Rights

You have the following rights regarding your personal data:

8.1 Access

Request information about data we hold about you.

8.2 Correction

Request correction of inaccurate information.

8.3 Deletion

Request deletion of your personal data.

8.4 Restriction

Request limitation of data processing.

8.5 Portability

Request your data in a portable format.

8.6 Objection

Object to certain types of processing.

8.7 Consent Withdrawal

Withdraw consent for optional processing.

8.8 Complaints

Contact relevant authorities if you have concerns.

9. California Privacy Rights (CCPA)

California residents have additional rights:

• Right to Know: What personal information we collect and how it's used
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt-out of sale of personal information (we don't sell data)
• Right to Non-Discrimination: Equal service regardless of privacy choices

California Privacy Rights Page

10. Data Security

We implement comprehensive security measures:

• Encryption in transit and at rest
• Access controls and authentication
• Regular security audits and monitoring
• Incident response procedures
• Employee training on data protection

11. Children's Privacy

Our services are not intended for children under 16. We do not knowingly collect personal information from children.

12. Changes to This Policy

We may update this policy periodically. We will notify you of significant changes via email or platform notification.

13. Contact Information