Privacy Policy

Last updated: 2026-05-13

The short version

PhishGuard is a free URL scanner. We don't sell your data. We don't track you across the web. We store the URLs you scan + verdicts so you can see your history; that's it.

What we collect

• URLs you scan — stored against your account so you can revisit results. Required for the product to work.
• Email address — only if you create an account.
• SHA-256 hash of your IP — for anonymous rate-limiting (5 scans/day). The raw IP is never written to disk.
• API key hashes — keys are stored as SHA-256 hashes, never plaintext. We can't recover lost keys.

What we DON'T collect

• Web analytics / tracking pixels
• Third-party cookies
• Your raw IP address
• Anything from the suspicious pages you scan beyond what we send to threat-intel APIs

Third parties we share data with

To analyze a URL, we send it to the following services (and only the URL — never your account info):

• Google Safe Browsing — Google receives the URL.
• VirusTotal — submits to their public database; results may be cached by VT.
• URLhaus (abuse.ch) — checked against a public malware database.
• Anthropic (Claude) — receives the URL + page text for content analysis.
• Microlink — generates the site screenshot.
• Cloudflare DoH — DNS lookups.
• crt.sh — certificate transparency.

Data retention

Account data + scan history are retained while your account is active. To delete: email hello@tryphishguard.com and we will permanently delete your account + all associated scans within 30 days.

Children

PhishGuard is not directed at children under 13. We do not knowingly collect data from anyone under 13.

Changes

We'll update this page when we change anything material. The "Last updated" date at the top reflects the most recent revision.

Contact

Questions: hello@tryphishguard.com