🚀 PhishGuard is live! We're improving daily — results are good but always double-check critical decisions. Share feedback →

Privacy Policy — What Data PhishGuard Collects (and Doesn't)

Last updated: February 2026

1. Who We Are

PhishGuard is operated by Kuldeep Tiwari and Aman Tiwari ("we", "us", "our"). We provide free cybersecurity tools including URL scanning, SSL checking, DNS lookup, and password strength analysis at phishguard.yourdomain.com (the "Service").

2. What Data We Collect

When you use our tools we may collect:

  • URLs you submit for scanning (stored temporarily for analysis and in aggregate for statistics)
  • IP address (stored as a one-way SHA-256 hash — we cannot recover your original IP)
  • Browser type, OS, and device type via standard HTTP headers
  • Pages visited and time spent via Google Analytics
  • Community reports you voluntarily submit
  • Cookie consent preference (yes/no, stored in a browser cookie)

We do NOT collect your name, email address, or create user accounts.

3. How We Use Your Data

  • To provide URL security analysis results
  • To improve our phishing detection accuracy over time
  • To display aggregate, anonymised statistics on our dashboard
  • To prevent abuse and rate-limit our APIs
  • To serve relevant advertisements (see Section 5 below)
  • To comply with applicable law

4. Data Retention

  • Scan results are cached for 60 minutes for performance
  • Full scan records are retained for up to 30 days then automatically deleted
  • Community reports may be retained up to 6 months to improve accuracy
  • Admin logs are retained for 90 days

5. Cookies and Advertising

We use the following cookies and tracking technologies:

Cookie Purpose Duration
cookie_consent Stores your cookie preference (yes/no) 1 year
Google Analytics (_ga, _gid) Measures traffic and user behaviour (analytics) Up to 2 years
Google AdSense (__gads, IDE) Delivers and measures personalised advertisements Up to 13 months
Admin session Keeps admin users logged in (HttpOnly, not accessible to JS) 30 minutes

Google AdSense uses cookies to show you relevant ads based on your browsing history. Google and its partners may also use these cookies to show ads on other sites. You can opt out of personalised advertising by visiting Google Ad Settings or aboutads.info.

You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on.

If you decline cookies when prompted, only strictly necessary cookies (the consent cookie itself) will be set. Analytics and advertising cookies will not be loaded.

6. Password Checker Privacy

Your password never leaves your device in plain text. Our password breach checker uses the k-anonymity model — your browser computes the SHA-1 hash of your password locally and sends only the first 5 characters of that hash to the HaveIBeenPwned API. We receive no information that could identify your password. We do not log or store any information related to password checks.

7. Third-Party Services

We integrate with the following external services, each governed by their own privacy policy:

8. Your Rights

Depending on where you reside, you may have rights to:

  • Access the personal data we hold about you
  • Delete your data
  • Object to processing for advertising purposes
  • Withdraw consent at any time by clicking "Manage Cookies" in the footer

These rights are provided under the Information Technology Act 2000 (India), GDPR (EU/UK), and CCPA (California). To exercise any right, contact us at the email below. We respond within 30 days.

9. Children's Privacy

Our Service is not directed to children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us with data, contact us and we will delete it promptly.

10. Changes to This Policy

We may update this policy. Material changes will be indicated by an updated "Last updated" date at the top. Continued use of the Service after changes constitutes acceptance.

11. Grievance Officer (India — IT Act 2000)

Name: Kuldeep Tiwari
Email: phishguard.co@gmail.com
Response time: Within 30 days

12. Contact Us

For any privacy questions or data requests, email us at privacy@yourdomain.com.