Privacy Policy

Last updated: February 2026

1. Who We Are

PhishGuard is operated by Kuldeep Tiwari and Aman Tiwari ("we", "us", "our"). We provide free cybersecurity tools including URL scanning, SSL checking, DNS lookup, and password strength analysis at phishguard.yourdomain.com (the "Service").

2. What Data We Collect

When you use our tools we may collect:

URLs you submit for scanning (stored temporarily for analysis and in aggregate for statistics)
IP address (stored as a one-way SHA-256 hash — we cannot recover your original IP)
Browser type, OS, and device type via standard HTTP headers
Pages visited and time spent via Google Analytics
Community reports you voluntarily submit
Cookie consent preference (yes/no, stored in a browser cookie)

We do NOT collect your name, email address, or create user accounts.

3. How We Use Your Data

To provide URL security analysis results
To improve our phishing detection accuracy over time
To display aggregate, anonymised statistics on our dashboard
To prevent abuse and rate-limit our APIs
To serve relevant advertisements (see Section 5 below)
To comply with applicable law

4. Data Retention

Scan results are cached for 60 minutes for performance
Full scan records are retained for up to 30 days then automatically deleted
Community reports may be retained up to 6 months to improve accuracy
Admin logs are retained for 90 days

5. Cookies and Advertising

We use the following cookies and tracking technologies:

Cookie	Purpose	Duration
`cookie_consent`	Stores your cookie preference (yes/no)	1 year
Google Analytics (`_ga`, `_gid`)	Measures traffic and user behaviour (analytics)	Up to 2 years
Google AdSense (`__gads`, `IDE`)	Delivers and measures personalised advertisements	Up to 13 months
Admin session	Keeps admin users logged in (HttpOnly, not accessible to JS)	30 minutes

Google AdSense uses cookies to show you relevant ads based on your browsing history. Google and its partners may also use these cookies to show ads on other sites. You can opt out of personalised advertising by visiting Google Ad Settings or aboutads.info.

You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on.

If you decline cookies when prompted, only strictly necessary cookies (the consent cookie itself) will be set. Analytics and advertising cookies will not be loaded.

6. Password Checker Privacy

Your password never leaves your device in plain text. Our password breach checker uses the k-anonymity model — your browser computes the SHA-1 hash of your password locally and sends only the first 5 characters of that hash to the HaveIBeenPwned API. We receive no information that could identify your password. We do not log or store any information related to password checks.

7. Third-Party Services

We integrate with the following external services, each governed by their own privacy policy:

Google Safe Browsing — URL threat detection
VirusTotal — URL malware scanning
WhoisXML API — Domain registration data
HaveIBeenPwned — Password breach database
Google Analytics — Usage analytics
Google AdSense — Advertising

8. Your Rights

Depending on where you reside, you may have rights to:

Access the personal data we hold about you
Delete your data
Object to processing for advertising purposes
Withdraw consent at any time by clicking "Manage Cookies" in the footer

These rights are provided under the Information Technology Act 2000 (India), GDPR (EU/UK), and CCPA (California). To exercise any right, contact us at the email below. We respond within 30 days.

9. Children's Privacy

Our Service is not directed to children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us with data, contact us and we will delete it promptly.

10. Changes to This Policy

We may update this policy. Material changes will be indicated by an updated "Last updated" date at the top. Continued use of the Service after changes constitutes acceptance.

11. Grievance Officer (India — IT Act 2000)

Name: Kuldeep Tiwari
Email: kuldeep@yourdomain.com
Response time: Within 30 days

12. Contact Us

For any privacy questions or data requests, email us at privacy@yourdomain.com.