Terms of Service

By accessing or using DelPhish you confirm that you have read, understood and agree to be bound by these Terms and by our Privacy Policy. If you are using the service on behalf of an organization, you represent that you are authorised to bind that organization to these Terms. If you do not agree, you must not use the service.

DelPhish is an AI-assisted phishing and smishing detection platform. It analyses email and SMS messages submitted by the user and returns a risk score, classification (phishing, spam, suspicious or legitimate) and a human-readable explanation, combining heuristic rules, machine learning, BERT-based classification and large language models. It also provides phishing simulation tools for authorised security awareness training within an organization.

DelPhish provides advisory risk assessments. No detection system is 100% accurate. We do not guarantee that all phishing attempts will be detected, nor that every flagged message is malicious. The output of the service must not be relied upon as the sole basis for security decisions; you should always exercise your own judgement and follow your organization's security procedures.

You agree not to:

• Use the service for any unlawful, fraudulent or harmful purpose.
• Submit content that violates third-party rights or applicable law.
• Attempt to bypass authentication, rate limits or any other security measure.
• Probe, scan, attack or disrupt the service or its underlying infrastructure.
• Reverse engineer, decompile, scrape or attempt to extract the detection models.
• Create multiple accounts or otherwise circumvent usage limits.
• Use the phishing simulation feature against individuals or systems for which you do not have explicit written authorisation.
• Use the service to send unsolicited communications (spam) or to facilitate any cyber-attack.

We reserve the right to suspend or terminate accounts that breach these rules, without prior notice when necessary to protect the service or its users.

You are responsible for maintaining the confidentiality of your credentials and for all activity that occurs under your account. You must notify us immediately of any unauthorised access. Guest users may perform a limited number of analyses without an account; registered users obtain access to history, dashboards, simulations and other features depending on their subscription plan. You must be at least 16 years old (or the minimum age of digital consent in your jurisdiction) to create an account.

Paid subscriptions are processed by Stripe and billed in advance for each billing cycle (monthly or annual). Prices and the features included in each plan are displayed on the pricing page and may change with reasonable prior notice. You can cancel your subscription at any time from your account settings; you will retain access until the end of the current billing period and will not be charged again.

Right of withdrawal (consumers in the EU): in accordance with Art. 102 TRLGDCU, consumers have a 14-day right of withdrawal from the date of contract conclusion. By starting to use the service immediately upon subscription you expressly request that performance begins during the withdrawal period and acknowledge that, once the service has been fully performed, the right of withdrawal is lost (Art. 103.a TRLGDCU). For requests within the withdrawal period before substantial use of the service, contact support@delphish.app. Other refund requests are handled on a case-by-case basis.

All intellectual property rights in the DelPhish service, including its source code, models, design, trademarks and documentation, belong to DelPhish or its licensors. You retain all rights in the content you submit for analysis. By submitting content you grant us a limited, non-exclusive, worldwide licence to process it for the sole purpose of providing the service, in accordance with our Privacy Policy.

The processing of personal data within the service is governed by our Privacy Policy, which forms an integral part of these Terms. When you use DelPhish to process personal data of third parties (for example, by analysing emails that contain their data, or by running phishing simulations against employees), you act as the data controller and DelPhish acts as a data processor on your behalf within the meaning of Art. 28 GDPR. You are responsible for having an appropriate legal basis and for informing the data subjects.

To the maximum extent permitted by applicable law, DelPhish is provided "as is" and "as available" without warranty of any kind, whether express or implied. We are not liable for indirect, incidental, special, consequential or punitive damages, nor for loss of profits, data or business opportunities, arising out of or in connection with the use or inability to use the service, including damages caused by undetected phishing attacks or false positives. Nothing in these Terms excludes or limits any liability that cannot lawfully be excluded or limited, including liability for fraud, gross negligence or wilful misconduct, and the statutory rights of consumers.

These Terms are governed by Spanish law. Any dispute arising from the use of the service shall be submitted to the courts of the city of the user's domicile when the user is a consumer; in any other case, to the courts of Madrid (Spain), to the extent permitted by law. Consumers may also use the European Online Dispute Resolution platform at https://ec.europa.eu/consumers/odr.

We may modify these Terms at any time. Material changes will be notified by email or through a prominent notice in the application at least 15 days before they take effect. Continued use of the service after the effective date constitutes acceptance of the updated Terms.