Privacy Policy

When you use DelPhish, we may collect:

• Account data: Email address and hashed password when you register.
• Analysis data: Email content (sender, subject, body, headers, URLs) that you submit for analysis. This data is stored to provide your analysis history.
• Usage data: Analysis counts, timestamps, and risk scores for dashboard statistics.
• Technical data: IP address, browser type, and access logs for security and rate limiting.

We use your information to:

• Provide phishing analysis services
• Maintain your analysis history and dashboard
• Send account-related emails (verification, password reset)
• Protect against abuse through rate limiting
• Improve our detection algorithms

Email content submitted for analysis is processed by:

• Heuristic engine: Runs locally on our servers
• ML model: Runs locally on our servers
• BERT model: Runs locally on our servers
• LLM (Ollama): Runs locally on our servers - no data sent to external AI providers
• URL Intelligence: DNS, SSL, and WHOIS lookups are performed on URLs found in emails

We do not send your email content to third-party AI services (OpenAI, Google, etc.).

Analysis records are retained according to your subscription plan. You can delete individual analyses from your history at any time. When you delete your account, all associated data is permanently removed.

We implement industry-standard security measures including:

• Password hashing with bcrypt
• JWT tokens with expiration
• HTTPS encryption in transit
• Rate limiting to prevent abuse
• Security headers (CSP, HSTS, X-Frame-Options)

You have the right to:

• Access your personal data through your account
• Export your analysis history (CSV export)
• Delete your analyses individually
• Request account deletion