Skip to main content

Trust & compliance

Everything you need to evaluate PhishFence in one place: privacy, terms, security posture, and sub-processors. Procurement teams: this is the URL you want.

Operating entity: MAJUVO LLC · California, United States. PhishFence is a MAJUVO product.

Documents

Data Processing Addendum (DPA)
Custom-issued for paid customers on request. Same-week turnaround typical.
On request
Request DPA →
Security questionnaires (SIG, CAIQ, custom)
Same-week turnaround on SIG, CAIQ, or your custom format. Send whatever your team uses.
On request
Send questionnaire →

Sub-processors

Every third party that touches customer data is listed here. Customers will be notified at least 30 days before a new sub-processor is added.

Sub-processor Purpose Data shared Region
Google Cloud PlatformApplication hosting (Cloud Run, Cloud SQL, Cloud Storage, Cloud Logging, Cloud Scheduler, Secret Manager)All customer data at rest and in transit through the application tierUnited States
StripePayment processing & subscription managementBilling email, subscription & invoice metadata, last 4 digits of payment method (card data handled by Stripe, never seen by PhishFence)United States
ResendTransactional email delivery (account verification, password reset, alert notifications)Recipient email address & the message body of system mail we sendUnited States
SentryApplication error monitoringStack traces and request metadata, scrubbed of PII before transmissionUnited States
CloudflareCDN, DDoS protection, Turnstile bot challenge on signupRequest metadata (IP, user agent, headers); no application database dataGlobal edge network
AWS Route 53Authoritative DNS for phishfence.ioNo customer data. DNS records for our domain onlyUnited States
AnthropicLLM-backed analysis features (DMARC assistant, beta)Only the specific DMARC record / report excerpt sent for the requested analysis; no auth credentials or persistent identifiersUnited States

Last updated 2026-06-22. Subscribe to trust@phishfence.io for change notifications.

Vulnerability reporting

Send vulnerability reports to security@phishfence.io. Coordinates are published per RFC 9116 at /.well-known/security.txt. Full disclosure policy and SLAs on the Security page.

Procurement reviewing PhishFence?

DPAs, security questionnaires, and custom MSAs all get same-week turnaround. The fastest way to close out your review is to email the trust desk directly.