KnowBe4 Security

PhishER Email Storage and Processing Overview

In this article, you can learn how KnowBe4 safely stores and processes data from emails in your PhishER platform. For more information about KnowBe4's data protection policy, visit our Security Statement page.

PhishER

Your use of PhishER does not allow KnowBe4 to access your emails or inspect your emails for any reason. You're also not required to share reported phishing emails with the KnowBe4 team for threat research or machine learning purposes.

To use PhishER, copies of your users' reported emails must exist in the PhishER platform. If a user submits a confidential email to your PhishER platform, you can delete the email and all copies of it in your platform. Once you delete the email in your platform, it will be deleted from PhishER entirely.

If you use our Phish Alert Button (PAB) with your PhishER platform and have enabled the Send Us a Copy setting, you can also submit a support ticket to request that we delete the confidential email from our systems. Please include the reporting user’s email address and the subject line of the reported email in your support ticket. For more information about using the PAB with your PhishER platform, visit our Sharing Reported Phishing Emails with KnowBe4 Using the Phish Alert Button (PAB) article.

PhishML

KnowBe4 will only perform additional processing on emails if you've enabled PhishML in your PhishER settings. For more information about enabling PhishML, visit our How to Use PhishML article.

When PhishML is enabled, it takes pieces from emails reported to your PhishER platform. Then, PhishML anonymizes those pieces temporarily and uses the pieces to determine if the email is a threat.

PhishML does not store any emails, parts of emails, or email metadata.

You're also not required to enable the Send Us a Copy setting in your KSAT account settings. If you enable this setting, PhishML uses information from the reported emails to improve its accuracy.

PhishRIP

If you've enabled PhishRIP, it will operate in your PhishER platform and your Microsoft 365 or Google Workspace environment. PhishRIP requires you to grant specific permissions in your Microsoft 365 or Google Workspace environment to the PhishRIP app. These permissions allow PhishRIP to search, quarantine, and delete emails. KnowBe4 does not require additional email data sharing or data retention permissions to operate PhishRIP.

Can't find what you're looking for?

Contact Support