Acceptable Use Policy

This Acceptable Use Policy (“AUP”) sets forth the rules and guidelines for using the PhishSense platform operated by EVRIZ USA, Inc. (“Company”). This AUP supplements and is incorporated into the Terms of Service.

By accessing or using the Service, you agree to comply with this AUP. Violation of this AUP may result in immediate suspension or termination of your account without notice or refund.

The Service is designed exclusively for authorized internal security awareness training and phishing simulation programs. You represent and warrant that:

• You have obtained all necessary authorizations from your organization to conduct phishing simulation campaigns.
• All simulation targets are employees, contractors, or authorized personnel who have been informed that security testing may occur.
• You will not use the Service to send unsolicited phishing emails or conduct actual malicious phishing attacks.
• All use of the Service complies with your organization’s internal policies and applicable laws.

You agree not to use the Site or Service to:

• Conduct real phishing attacks, social engineering fraud, or unauthorized credential harvesting against any person or organization.
• Collect personal data of third parties without proper authorization.
• Upload, transmit, or distribute malware, viruses, ransomware, or any other harmful software.
• Violate any applicable law, including but not limited to CAN-SPAM, GDPR, CASL, PIPA, or other data protection and anti-spam regulations.
• Interfere with, disrupt, or degrade the Service’s integrity, performance, or security.
• Attempt to gain unauthorized access to the Service, other users’ accounts, or Company’s internal systems.
• Generate, store, or distribute unlawful, harmful, threatening, abusive, defamatory, or objectionable content.
• Use the Service to target individuals outside your organization without explicit written consent.
• Resell, sublicense, or redistribute the Service or any part thereof without Company’s prior written consent.
• Reverse-engineer, decompile, disassemble, or otherwise attempt to derive the source code of the Service.

3.1 Simulation Targeting

Phishing simulation emails must only be sent to authorized recipients within your organization. You must maintain accurate and current recipient lists and promptly remove individuals who are no longer authorized targets.

3.2 Email Content

Simulation emails must not contain actual malicious payloads, real credential-harvesting pages connected to external systems, or content that could cause genuine harm. Templates must be used solely for training and awareness purposes.

3.3 Volume and Frequency

You agree to use the Service within reasonable volume limits as specified by your subscription plan. Excessive or abusive email sending patterns that may harm deliverability or reputation systems may result in account throttling or suspension.

You are responsible for ensuring that your use of the Service complies with all applicable data protection laws, including GDPR, PIPA, CCPA, and other relevant regulations. Specifically:

• You must have a lawful basis for processing the personal data of simulation targets.
• You must inform your employees or authorized personnel that security testing may occur, consistent with your organization’s internal policies.
• You must not use the Service to collect sensitive personal information (e.g., financial data, health records) beyond what is necessary for the simulation.