AI Transparency

Last updated: 09.07.2026

This statement explains how AutoPhish uses artificial intelligence (AI) within the platform. It supplements our Service Privacy Policy, Terms of Service, and Data Processing Agreement.

1. What We Use AI For

AutoPhish primarily uses AI to create and improve campaign and training content. This includes in particular:

  • Drafts for simulated phishing emails and smishing messages
  • Wording, scenarios, and learning prompts for security awareness training
  • Explanations of typical warning signs in simulated messages
  • Limited editorial support for AutoPhish-owned content, such as blog SEO title suggestions

AI supports content creation. The platform remains a tool for training, simulation, and reporting on behalf of the customer.

2. Safeguards Before AI Use

When AutoPhish prepares company and target-list context for AI-generated campaign content, it applies technical filters designed to keep known personal data out of LLM prompts.

Known personal names from structured company and target data, as well as detected email addresses, phone numbers, and IPv4 addresses in the filtered context, are replaced with technical placeholders. Placeholder restoration happens locally within the AutoPhish platform.

Operational data such as user agents, clicks, opens, login interactions, training status, and individual behavioral data is not included in these content-generation prompts.

3. No AI Assessment of Individuals

AutoPhish does not use AI to assess, classify, profile, rank, or make automated decisions about individuals.

Reports, risk values, and security scores are based on platform events and rules, for example whether a simulated message was opened, a link was clicked, a report was submitted, or training was completed. These evaluations are not AI-based.

4. No Customer-Data Model Training by AutoPhish

AutoPhish does not train AI models with customer data or submit customer data for that purpose.

Personal data is not submitted to AI systems for marketing or profiling.

AutoPhish uses personal data only for the purposes described in the Service Privacy Policy and the Data Processing Agreement.

5. Training and Responsible Use

All AutoPhish employees are trained in the responsible, secure, and privacy-compliant use of AI.

We review AI features before use for purpose limitation, data minimization, security, and privacy. Changes to AI-supported functionality are designed to preserve and improve these filtering controls.

6. Questions

For any questions about AI use in AutoPhish, please contact:

QADS e.U.

Email: support@autophish.io