Legal

Cookie Policy

PhishOut AI Portugal · EU Last updated: March 2026 Version 1.1

This Cookie Policy explains how PhishOut AI uses cookies and similar technologies on phishoutai.com and app.phishoutai.com. It should be read alongside our Privacy Policy.

01

What Are Cookies?

Cookies are small text files placed on your device when you visit a website. They are widely used to make websites work correctly, improve performance, and provide information to site owners.

We also use similar technologies:

  • Session storage: Temporary data stored in your browser for the duration of a tab session only.
  • HTTP-only cookies: Cookies set with the HttpOnly flag that cannot be accessed by JavaScript — used exclusively for authentication security.
  • Local storage: Used minimally and only for non-personal UI preferences (e.g. language selection).

Under EU law (ePrivacy Directive / GDPR), non-essential cookies require your prior, freely given, and informed consent.

02

Types of Cookies We Use

Strictly Necessary Always On

Essential for the website and application to function. Cannot be disabled. Includes authentication tokens, CSRF protection tokens, and session management.

Functional Optional

Remember your preferences (e.g. language selection) to provide a more personalised experience. Disabling them may affect usability.

Analytics Optional

Help us understand how visitors use the site so we can improve performance and features. All analytics data is aggregated and anonymised.

Marketing / Advertising Not Used

We do not use advertising cookies, third-party tracking pixels, or retargeting cookies of any kind. We do not display ads.

03

Specific Cookies

3.1 phishoutai.com (Marketing Website + WordPress)

Cookie NameTypePurposeDuration
wordpress_logged_in_*NecessaryWordPress authentication — keeps you logged inSession / 14 days
wordpress_sec_*NecessaryWordPress secure cookie (admin panel)Session
wp-settings-*FunctionalWordPress UI preferences (admin only)1 year
woocommerce_cart_hashNecessaryWooCommerce — tracks whether the cart has changedSession
woocommerce_items_in_cartNecessaryWooCommerce — indicates items in cartSession
phishout_langFunctionalRemembers your selected interface language (EN / PT)1 year
phishout_cookie_consentNecessaryRecords your cookie consent decision1 year

3.2 app.phishoutai.com (Application)

Cookie NameTypePurposeDuration
phishout_csrfNecessaryCSRF double-submit token — prevents cross-site request forgery. HttpOnly, SameSite=Strict.Session
phishout_sessionNecessaryPro user session management — links your browser to your active session. HttpOnly, Secure.2 hours (inactivity)
phishout_langFunctionalSelected analysis language preference.1 year

The PhishOut AI app deliberately uses zero localStorage for sensitive business data. All authentication and subscription state is managed server-side. This is a deliberate security design decision.

04

Consent

When you first visit phishoutai.com, a cookie banner will appear before any non-essential cookies are placed:

🍪 PhishOut AI uses strictly necessary cookies to operate the service, and optional functional cookies to remember your language preference. We do not use advertising or tracking cookies. Cookie Policy

Accept All
Reject Optional
Manage Preferences

You may change your consent preferences at any time by:

  • Clicking "Cookie Preferences" in the footer of any page.
  • Clearing your browser's cookies (resets consent; the banner will reappear).
  • Contact us

Strictly necessary cookies cannot be refused as they are required for the service to function.

05

Third-Party Cookies

We use a minimal number of third-party services that may set their own cookies:

ServiceWhyTheir Policy
StripePayment processing — sets cookies to prevent fraud and manage the checkout session.stripe.com/privacy
Google FontsTypography — fonts loaded from Google's CDN may set cookies. We are transitioning to self-hosted fonts to eliminate this.policies.google.com/privacy

We do not integrate with Facebook Pixel, Google Ads, LinkedIn Insight Tag, TikTok Pixel, or any other advertising trackers.

06

Browser-Level Cookie Controls

All modern browsers allow you to manage, restrict, or delete cookies independently. Note that disabling all cookies will prevent the Service from functioning correctly.

Chrome
Cookie settings ↗
Firefox
Cookie settings ↗
Safari
Cookie settings ↗
Edge
Cookie settings ↗
Brave
Cookie settings ↗
Opera
Cookie settings ↗

On mobile: iOS → Settings → Safari → Privacy & Security. Android → check your browser's settings menu.

07

Do Not Track (DNT)

Because there is no agreed-upon standard for DNT signals, we do not currently alter our data collection practices in response to them. However, since we do not use advertising or cross-site tracking cookies in the first place, the practical impact on your PhishOut AI experience is minimal. Your preferences set through our cookie banner are fully honoured.

08

Updates to This Policy

When we update this policy, we will change the "Last updated" date at the top of this page. If we add new non-essential cookies, we will re-request your consent. Registered users may be notified by email for material changes.

09

Contact

If you have any questions about our use of cookies or wish to withdraw your consent: