SimuPhish

Trust Center

Built to be trusted, on the record.

One page. Every document, every certification, every subprocessor. No NDA wall for the public stuff.

security@simuphish.comRead the security page
Certified

SOC 2 Type 2

Latest report dated November 2025. Available under NDA.

Certified

ISO 27001

Certified across our London and Dubai entities. Audit by BSI.

Certified

GDPR

EU SCCs and the UK IDTA in our standard DPA. DPO: privacy@simuphish.com.

Certified

CCPA

California consumer rights honoured globally. No sale of personal data.

Certified

UAE PDPL

Aligned terms for customers contracted out of our Dubai entity.

Certified

HIPAA

BAA available on Enterprise. Workforce training scopes covered.

How we run

Five pillars.

Compliance posture

SOC 2 Type 2 and ISO 27001 audits run annually. Customer pen testing welcome on 30 days notice.

Infrastructure

AWS across five regions. Encryption at rest with KMS managed AES-256. TLS 1.3 in transit. No customer data on engineer laptops.

Privacy by design

Aggregated views by default. Audit log every drill into individual data. No third party advertising tags.

Identity and access

SAML SSO and SCIM included on every plan. Break glass admin recovery with split key custody.

Residency

Local data residency in 170+ countries. EU only, US only, UAE only, India only available on Enterprise.

Subprocessors

Who we use, where.

ProviderPurposeRegion
Amazon Web ServicesCompute, storage, KMSus-east-1, eu-west-1, eu-west-2, me-central-1, ap-south-1
CloudflareEdge, WAF, DDoS protectionGlobal
StripeSubscription billingUS, EU
AnthropicSimuGPT model inferenceCustomer scoped, no shared training
DatadogApplication monitoringUS, EU options
PostmarkTransactional emailUS, EU

Documents

Available on request.

Master Services AgreementData Processing AgreementStandard Contractual ClausesUK International Data Transfer AddendumUAE PDPL aligned termsSOC 2 Type 2 reportISO 27001 certificatePenetration test summary