Our privacy policy
Last updated: 9 March 2024
In short, phishing net was designed with privacy as a priority. Our service is completely free to use, and no account or payment is required to use the service. We do not sell your data, use your data for marketing, display ads, or track you.
This privacy policy outlines how we handle your data when you use our service. By accessing and using our website, you consent to the practices described in this policy.
Data we collect
We aim to provide the most accurate and high-quality service possible while collecting as little data as possible. We strictly only collect data that is necessary to operate and improve our service for all users. When you submit a message for analysis, we collect the message text and the response from our analysis engine in order to quickly detect errors, perform automated quality testing, and measure performance between updates to our analysis engine.
To protect your privacy, submitted messages are kept completely anonymous - we do not store any information that could be used to identify you. This data is necessary to both improve the service and maintain a standard level of quality expected from the service. It is always encrypted using AES-256 while at rest, and is only used to improve the service - it is never shared with or sold to any third-party after analysis.
We also rely on Cloudflare’s Turnstile service for bot filtering to mitigate abuse. Your IP address may be sent to Cloudflare to enhance the effectiveness of this service, and will be processed in accordance with Cloudflare’s privacy policy.
Scam analysis and third parties
In order to provide an accurate scam analysis, we leverage several third-party services that assist in powering our analysis engine. When submitting messages on our website for analysis, data from the messages will be sent to third-parties to help us evaluate submissions. These third-party services play a crucial role in enhancing the accuracy of our analysis engine by cross-referencing the submitted message data with their own databases. To maintain your privacy, we only provide third-parties with the minimum amount of data needed for our service to be effective. For transparency, when you submit a message, we utilise third-party services in the following ways:
- Any URLs embedded in the message will be extracted and forwarded to Google for evaluation through their Safe Browsing API. This assists the analysis engine in detecting any unsafe URLs in the message. Google only receives the URLs in your message, not the entire message or any information about you. For additional privacy, potential identifiers such as the URL path and query parameters are removed before being sent to Google. This data will be processed according to Google’s privacy policy.
- The message is submitted to Google’s Gemini API for further analysis, to provide clarification questions for improved evaluation accuracy, and to supply context to provided results. Only the message is submitted, not any information about you. This data will be processed according to Google’s privacy policy.
- The first URL in the message is also sent to the Tranco API, which assists in determining the popularity of the submitted domain. Only the first URL in your message is sent to Tranco, not the entire message or any information about you. For additional privacy, potential identifiers such as the URL path, subdomains, and query parameters are removed before being sent to Tranco. This data will be processed according to Tranco’s privacy policy.
- If we detect that the message references a specific company, we’ll send the company name to Clearbit to retrieve the company’s logo and official domain. This allows our analysis engine to check if links in the message are impersonating the company’s official website. Clearbit will not receive any information about you or the submitted message, apart from the company name. This data will be processed according to Clearbit’s privacy policy.
- To localise results and make the analysis more accurate, your IP address will be sent to ip-api to get your current country. ip-api never sees your submitted message and states that your IP address will not be logged. This data will be processed according to ip-api’s privacy policy.
We leverage these third-party services exclusively for assessing if your submitted text is a scam attempt, and all data provided is evaluated in conjunction with our internal algorithm to provide a final outcome and analysis report. We do not share your data with these third-party services for any other purpose.
While we strive to maintain your privacy while utilising these third-party services, it is impossible for us to have full control over how they process the submitted data. Therefore, as a precaution, we strongly recommend that you avoid submitting any sensitive or personal information when using our service.
Reporting messages
Reported messages are used to improve the scam analysis service. When you report a message, it is internally flagged for review. No personal information is collected when you report a message. Your IP address may be sent to Cloudflare’s Turnstile service to mitigate abuse, but will not be stored by us, and is never associated with the reported message. This data will be processed according to Cloudflare’s privacy policy.
Analytics
We use Cloudflare Web Analytics, a privacy-preserving analytics service.
The gathered analytics are aggregate, anonymous, and never associated with individual users. The insights are used solely for enhancing our service to create a better user experience.
Analytics will be processed according to Cloudflare’s privacy policy.
External Links
phishing net contains links to other sites. Our privacy policy does not extend to these sites; you are advised to consult their privacy policies for information on their privacy practices.
Changes to this Privacy Policy
This privacy policy may be updated from time to time, indicated by the ‘Last Updated’ date at the top. We encourage you to review this policy periodically.
Contact us
If you have any questions or concerns regarding this privacy policy, please contact us at contact@nathanwijaya.com.