PhishER Email Storage and Processing

Using PhishER does not allow KnowBe4 to access your emails or inspect parts of your emails for any purpose. Use of PhishER does not require that reported phishing emails be shared with the KnowBe4 team for threat research or machine learning purposes.

In order to use PhishER, copies of reported phishing emails must exist within the PhishER system.

Should you suspect that your user has submitted an email into the PhishER system that contains confidential information, you can delete this email and all copies of it within PhishER using the PhishER platform. This will delete the email from PhishER entirely.

If you are using our Phish Alert Button (PAB) with your PhishER platform and have turned on the Send us a copy option in your Account Settings, you can submit a support ticket to request that we delete a confidential email from our systems. Please include your user’s email address and the Subject line of the reported email in your request to ensure we can process your request successfully.

PhishML must be enabled in your PhishER Settings. KnowBe4 does not perform additional processing on emails within PhishER if PhishML is not enabled. 

PhishML operates within the PhishER architecture. When PhishML is enabled, PhishML takes pieces of the emails within PhishER, temporarily transforms those pieces into an anonymized format, and uses this anonymized format to determine a risk score. 

PhishML does not store any emails, parts of emails, or email metadata.

Use of PhishML does not require you to enable the Send us a copy option in your Phish Alert Button Account Settings.

PhishRIP operates within PhishER and your Microsoft 365 or Google Workspace environment. No additional email data sharing or data retention is necessary to operate PhishRIP.

PhishRIP requires specific permissions to be granted within your Microsoft 365 or Google Workspace account to the PhishRIP app that permits the ability to search, quarantine, and delete emails.