Security &
Transparency
A security company that hides behind a 47-page privacy policy? That’s not security — that’s a red flag. Here’s exactly what we do and don’t do with your data. In plain English.
What We Never Touch
These are hard lines. Not policies that change with our business model. Not terms buried in fine print. Hard. Lines.
Passwords, auth tokens, or security credentials
Financial account numbers, bank credentials, or credit cards
Private email content, DMs, or chat messages
Medical or health records (HIPAA protected)
Social Security numbers, dates of birth, or home addresses
Raw customer databases or client contact lists
Trade secrets, source code, or proprietary formulas
Anything behind an access boundary you haven't explicitly opened
“We don’t read your mail. We don’t open your vault. We don’t touch what isn’t ours.”
This is not a promise. It’s architecture. Our systems are built so we can’t, not just that we won’t.
What We Do Collect
Here’s exactly what data we process, why we need it, and what it looks like. No surprises.
Breach Exposure Data
We check your email against 14.9 billion compromised records. We see IF you were breached and WHERE — never your actual passwords or account contents.
"user@company.com appeared in 3 breaches" — NOT "user's password was xyz123"
Scan Metadata
When you ran a scan, what type of scan, and the results summary. This helps us improve detection speed and accuracy.
"Identity scan completed March 3, 2026 — 3 breaches detected" — NOT what those breaches contained
Threat Patterns
Anonymized, aggregated patterns across all users. This is how we get smarter at predicting threats for everyone.
"Healthcare sector seeing 40% more credential stuffing attacks this month" — NOT "Company X was attacked"
Advisory Conversations
If you chat with our AI advisor, we store the conversation to improve future recommendations. You can delete this anytime.
Conversation history for YOUR reference and continuity — deletable with one click
Our Commitments to You
Not just policies — features you can use right now in your dashboard.
Instant Delete
Hit the delete button and your data is gone. Immediately. Not a 30-day "request" — actual deletion, right now.
Full Export
Download everything we have about you in JSON or CSV. Anytime. No hoops, no support tickets, no waiting.
Audit Trail
Every time our system accesses your data, it's logged. Who, what, when, why. You can see the full audit trail in your dashboard.
Your Data, Your Database
Your data lives in an isolated, dedicated database instance. Not mixed with other users. Not shared. Yours.
Encryption Everywhere
AES-256 at rest. TLS 1.3 in transit. Your data is encrypted at every stage — even we can't read it without your permission.
Never Sold. Never Shared.
We don't sell your data. We don't share it with advertisers. We don't use it to train external AI models. Period.
How Aggregate Intelligence Works
Your scans make Phylaxone smarter for everyone — without anyone seeing your data.
You run a scan
Phylaxone checks your email against 14.9 billion records. Results are shown only to you.
We learn a pattern
"Healthcare emails are appearing in 40% more breaches this month." This is a pattern — not your data.
Everyone benefits
Next time a healthcare worker scans, we can proactively warn them: "Your sector is being targeted."
Your data stays yours
The pattern is anonymized and stripped of all identifying information. Nobody can trace it back to you. Ever.
Think of it like Waze — your drive helps your route, but everyone’s data makes traffic predictions better for all drivers. Nobody sees your actual location. Everyone benefits from the collective intelligence.
Compliance & Standards
We commit to annual third-party security audits and publish the results. Because trust isn’t claimed — it’s proven.
Security Without Secrets
Other companies hide behind privacy policies nobody reads. We give you a window into everything and a delete button. That’s what real security looks like.
Try Your Free Scan →