Privacy Policy

Last updated: March 15, 2026

1. Information We Collect

We collect information you provide directly: your name, email address, company name, and employee directory data (names and email addresses only) when you connect Microsoft 365 or Google Workspace. We do not read, store, or access the content of any emails.

2. How We Use Your Information

We use your information to provide phishing simulation services, deliver training content, generate compliance reports, process payments, and communicate platform updates. We never sell your data to third parties.

3. Data Security

All data is encrypted at rest (AES-256) and in transit (TLS 1.3). We use dedicated infrastructure with strict access controls. Simulation emails are sent from a separate domain (ceralid-sim.com) on dedicated IP addresses — your company's domain reputation is never affected.

4. Data Retention

Campaign data is retained for the duration of your subscription plus 90 days. You can request deletion of all your data at any time by contacting us.

5. Third-Party Services

We use Stripe for payment processing, Supabase for database hosting, and Bird for email delivery. Each provider maintains their own privacy practices and security certifications.

6. Your Rights

You have the right to access, correct, or delete your personal data. You may also request a copy of your data in a portable format. To exercise these rights, contact us at privacy@ceralid.com.

7. Contact

For questions about this policy, contact us at privacy@ceralid.com.