Privacy Policy

1.  Who we are?

Test My Users (TMU) is a platform which allows our customers to send and manage simulated phishing email campaigns to test their users.

2.  What is Personal Data?

“Personal Data” means any personally identifiable information that can be linked back to you such as your name, address, date of birth, phone number, and email address.

3.  Privacy for Clients and visitors

“Client” means any person or entity that is registered with us to use the Service.

“Visitor” means, any person who visits Test My Users site.

3.1 What kind of personal data does TMU collect from clients and visitors?

Information YOU provide US

You may provide certain Personal Information to us when you sign up for a TMU account and use the Service, send us an email or communicate with us in any other way.

This information may include:

• Information about you (such as your Name, Phone number, Email, Address, Job title)
• Information about your organization (such as Name of your Organization, Address of your organization)
• Marketing information (such as your contact preferences)
• Account log-in credentials (such as your email address or username and password when you sign up for an account with us)
• Payment information including your credit card numbers and associated identifiers and billing address.

 

Information we collect automatically

When you visit our site, use TMU services, we may automatically collect or receive certain information about your device and usage of the Service. We use cookies and other tracking technologies to collect some of this information.

Service Usage Data may include:

Device information: We collect information about the device and applications you use to access the Service, such as your IP address, your device type, your operating system, your browser ID.

Log data: Our web servers keep log files that record data each time a device accesses those servers and the nature of each access, including originating IP addresses and your activity in the Service (such as the date/time stamps associated with your usage, pages and files viewed, searches and other actions you take (for example, which features you used)), device event information (such as system activity, error reports (sometimes called crash dumps).

Usage data: We collect usage data about you whenever you interact with our Service, which may include the dates and times you access the Service. We also collect information regarding the performance of the Service, including metrics related to the deliverability of emails and other communications you send through the Service. This information allows us to improve the content and operation of the Service, and to facilitate research and analysis of the Service.

3.2 How TMU use clients/ visitors Personal Information?

We may use the Personal Information we collect for the purposes and on the legal bases identified below:

• For billing purposes. This includes sending you emails, invoices, receipts.
• We use third parties for secure credit card transaction processing, and those third parties collect billing information to process your orders and credit card payments.
• To send you system alert messages in reliance on our legitimate interests in administering the Service and providing certain features. For example, we may inform you about temporary or permanent changes to our Service, such as planned outages, or send you account notifications, such as subscription related reminders, Campaign status, summaries, payment reminders, new features, and changes to this Privacy Policy.
• To meet legal requirements, including complying with court orders, valid discovery requests, and other appropriate legal mechanisms.
• To provide information to representatives and advisors, including attorneys and accountants, to help us comply with legal, accounting, or security requirements in reliance on our legitimate interests.
• To prosecute and defend a court, arbitration, or similar legal proceeding.
• To respond to lawful requests by public authorities, including to meet national security or law enforcement requirements.
• To provide, support and improve our services.
• To perform data analytics projects in reliance on our legitimate business interests in improving and enhancing our products and services for our clients.
• We may use your Personal Information to serve you specifically, such as to deliver marketing information, product recommendations and non-transactional communications (e.g., email, telemarketing calls, SMS, or push notifications) about us, in accordance with your marketing preferences and this Privacy Policy.

 

3.3  Client Target Lists

In order to launch a campaign, you need to upload a Target List that provides us information about your Targets, such as their names and email addresses.

A Target List can be created in a number of ways, including by importing Targets, such as through a CSV or enter details one-by-one.  We do not, under any circumstances, sell your Target Lists. If someone on your Target List complains or contacts us, we might then contact that person.

4.  Privacy for Targets

“Target” is a person a client may Target through our Service. In other words, a Target is anyone on a Client’s Campaign List about whom a client has given us information or is anyone who has otherwise interacted with a Client via the Service.

4.1  What kind of personal data does TMU collect about Targets?

The Personal Information that we may collect or receive about you broadly falls into the following categories:

Information we receive about Targets from our Clients

A Client may provide Personal Information about you to us through the Service. When a client uploads their Target List, the Client may provide us with certain Target information or other Personal Information about you such as your name and email address.

Information we collect from campaigns

We will collect your credentials if you submit them on a phishing landing page during the phishing campaign. (Please note the credentials submitted during phishing campaigns are not encrypted and will be stored in plain text)

Information we collect automatically:

When you interact with a campaign that you receive from a client, we may collect information about your device and interaction with an email. We use cookies and other tracking technologies to collect some of this information.

Device information: We collect information about the device and applications you use to access emails sent through our Service, such as your IP address, your operating system, your browser ID.

Usage data: We also collect usage data about your interactions with campaigns (and/or emails) sent through the Service, which may include dates and times you access campaigns (and/or emails). We also collect information regarding the performance of the Service, including metrics related to the deliverability of emails that our clients send through the Service.

4.2 How TMU use Targets Personal Information?

We may use the Personal Information we collect or receive about you for the following purposes:

• To assess the risk compromising clients’ organization from phishing attacks.
• To assess level of information security awareness, and needs of information security awareness.
• To meet legal requirements, including complying with court orders, valid discovery requests, valid subpoenas, and other appropriate legal mechanisms.
• To provide information to representatives and advisors, including attorneys and accountants, to help us comply with legal, accounting, or security requirements.
• To prosecute and defend a court, arbitration, or similar legal proceeding.
• To respond to lawful requests by public authorities, including to meet national security or law enforcement requirements.

5.  Cookies and Tracking Technologies

We may use various technologies to collect and store Service Usage Data when you use our Service, and this may include using cookies and similar tracking technologies, such as pixels and web beacons. For example, we use web beacons in the emails we send on your behalf, which enable us to track certain behavior, such as whether the email sent through the Service was delivered and opened and whether links within the email were clicked. Web beacons allow us to collect information such as the recipient’s IP address, browser, email client type and other similar data as further described above details. We use this information to measure the performance of your campaigns, to provide analytics information, enhance the effectiveness of our Service, and for other purposes described above.

6.  How TMU store your information?

TMU is hosted in AWS. TMU databases which holds your personal information are encrypted. Please note that the credentials submitted during phishing campaigns are not encrypted and will be stored in plain text.

7.  Does TMU share your data with third parties?

At TMU, we do not share your information with third parties. And we do not rent or sell your information.

8.  Your Rights

We want you to be in control of how your personal data is used by us. You can do this in the following ways:

• You can ask us for a copy of the personal data we hold about you.
• You can inform us of any changes to your personal data, or you can ask us to correct any of the personal data we hold about you, your company and company employees. you can make some of these changes yourself, online, when you have an account.
• You can ask us to erase your data.
• Where we are using your personal data on the basis of your consent, you are entitled to withdraw that consent at any time.

 

You can make these requests by contacting us via info@testmyusers.com