Terms of Service

Last updated: 5.5.2025

Welcome to AutoPhish, a service provided by Lorenz Peter Lösch e.U. (“AutoPhish,” “we,” “us,” or “our”). These Terms of Service (“Terms”) govern your access to and use of our phishing simulation and security awareness services (“Service”). By accessing or using the Service, you agree to be bound by these Terms.

If you are using the Service on behalf of a company or other legal entity, you represent that you have the authority to bind such entity to these Terms.

1. Service Description

AutoPhish provides simulated phishing campaigns and related cybersecurity awareness tools. These are designed to train and test the awareness of employees by generating realistic phishing emails using AI models.

2. Account Registration

To access the Service, your company must create an account and provide required information, including a list of employee email addresses. You agree to provide accurate and complete information and to keep your account credentials secure.

3. Use of the Service

You agree to use the Service in compliance with all applicable laws and only for the purpose of employee training and internal security testing. You acknowledge that phishing simulations may cause confusion or concern among recipients. It is your responsibility to inform your employees of the existence and purpose of simulated phishing campaigns.

You may not:

• Use the Service to conduct unauthorized phishing tests on third parties
• Resell, sublicense, or redistribute the Service without prior written consent
• Use the Service for malicious, unlawful, or fraudulent purposes

4. Customer Responsibilities

You are solely responsible for:

• Obtaining necessary consent from employees, if required by law
• Informing affected parties that simulated phishing emails may be received
• Handling employee reactions and potential incidents arising from simulations
• Ensuring your use complies with all applicable data protection laws, including the GDPR

5. Data Privacy

AutoPhish processes customer data in accordance with our Privacy Policy. We act as a data processor with respect to employee data and you remain the data controller. All data is processed within the EU unless explicitly agreed otherwise.

6. Intellectual Property

All content and software provided through the Service are owned by AutoPhish or its licensors. You may not reverse engineer, decompile, or otherwise attempt to extract source code or underlying ideas.

7. Payment and Subscription

Access to the Service is provided on a subscription basis. Pricing, billing cycles, and payment methods are outlined in your Service Agreement or selected plan. Failure to pay may result in suspension or termination of access.

8. Disclaimer of Warranties

The Service is provided on an “as is” and “as available” basis. To the maximum extent permitted by Austrian law, we disclaim all warranties, express or implied, including but not limited to warranties of merchantability, fitness for a particular purpose, and non-infringement.

Nothing in this section shall be construed to exclude or limit liability in a manner not permitted under applicable law, including in cases of gross negligence, willful misconduct, or personal injury.

9. Limitation of Liability

To the maximum extent permitted by applicable Austrian law, AutoPhish's total liability for any claim arising out of or in connection with these Terms or the use of the Service shall not exceed the amount paid by you for the Service in the six (6) months preceding the event giving rise to the claim.

AutoPhish shall not be liable for any indirect, incidental, special, consequential, or punitive damages, or for any loss of profits, business, data, or goodwill, arising from your use of or inability to use the Service.

AutoPhish shall not be liable for:

• Employee confusion, distress, or reactions to simulated phishing emails
• Disruptions to business operations caused by employee responses to simulations
• Your failure to notify employees or obtain consent (where required)

Nothing in these Terms shall limit or exclude AutoPhish's liability for death or personal injury resulting from negligence, for damages caused by gross negligence or willful misconduct, or for any other liability that cannot be excluded under applicable law, including liability under the GDPR.

10. Termination

Either party may terminate the agreement at any time for any reason by providing written notice. Upon termination, you will no longer have access to the Service. Fees paid are non-refundable unless required by law.

11. Changes to These Terms

We may update these Terms from time to time. We will provide notice of material changes via email or through the Service. Continued use of the Service after such changes constitutes your acceptance of the updated Terms.

12. Governing Law and Jurisdiction

These Terms shall be governed by the laws of Austria, without regard to conflict of law provisions. Any disputes shall be resolved in the courts of Vienna, Austria, unless otherwise agreed in writing.

13. Contact

If you have any questions about these Terms, please contact us at: