Terms of Service

1. Agreement

These Terms of Service ("Terms") govern your access to and use of the PhishStats website at phishstats.info, the PhishStats API at api.phishstats.info, and related services (collectively, the "Service") operated under the name PhishStats ("we", "us", or "our").

By accessing or using the Service, creating an account, or using an API key, you agree to these Terms and our Privacy Policy. If you do not agree, do not use the Service.

You must be at least 18 years old, or the age of majority in your jurisdiction, to use the Service.

2. About PhishStats

PhishStats is an independent project that gathers, enhances, and shares phishing intelligence with the infosec community. The Service is currently operated under the name "PhishStats."

If PhishStats is incorporated, acquired, or assigns the Service to another legal entity, these Terms will continue to apply to your use of the Service. We will notify you of any change in the contracting party through the website or the email address associated with your account, and we will publish updated legal contact details on this page when a registered business address becomes available. Your rights and obligations accrued before such change will be preserved.

3. Accounts

Certain features require an account. You may sign in using an email magic link, Google, or GitHub through our authentication provider. You are responsible for maintaining the confidentiality of your account credentials and for all activity under your account.

You must provide accurate information and notify us promptly at [email protected] if you suspect unauthorized access. We may suspend or terminate accounts that violate these Terms or pose a security risk.

4. Services

The Service may include, without limitation:

• Search and exploration of phishing intelligence data
• Programmatic API access to phishing data
• URL submissions and false-positive reports
• Personal collections of saved entries
• Monitoring rules and webhook alert deliveries
• API key management for authenticated programmatic access

We may add, modify, or discontinue features at any time, with or without notice. Free and paid tiers may have different feature availability and usage limits as described on our website and in Section 6; those limits may change as described there.

5. Acceptable Use

You agree not to:

• Use the Service to facilitate phishing, fraud, malware distribution, or other unlawful activity
• Scrape, harvest, or bulk-download data beyond your tier's quotas or fair-use limits
• Circumvent rate limits, authentication, API keys, or other access controls
• Share, resell, or redistribute raw PhishStats data feeds without our written permission
• Use automated means (bots, scripts, credential stuffing) to abuse the Service or impersonate users
• Submit false, malicious, or abusive URLs, reports, or other content
• Probe, scan, or test the vulnerability of our systems without authorization
• Interfere with or disrupt the Service or other users' access
• Use the Service in violation of applicable law or third-party rights

Phishing URLs in our database may point to live malicious content. You are solely responsible for handling such URLs safely—for example, in isolated environments and in compliance with your organization's security policies.

6. API & Quotas

API access and certain features are subject to usage limits that depend on your tier (anonymous, registered free, or paid). Limits may include daily request caps, API key counts, submission limits, collection size caps, and monitoring webhook delivery limits. Unless stated otherwise, daily quotas reset at UTC midnight.

Current tier limits are described on our website and API documentation for convenience. Those descriptions are informational and are not a guarantee of future availability or levels.

We may change any usage limits, quotas, burst rate limits, tier caps, feature availability, or other account entitlements at any time, whether higher or lower, with or without prior notice. This includes limits on API requests, API keys, submissions, false-positive reports, collection size, monitoring rules, webhook destinations, and webhook deliveries. Changes may take effect immediately in our systems and may be applied before published documentation is updated.

We may make these changes for any reason, including infrastructure capacity, abuse prevention, security, product adjustments, or operational needs. Exceeding your quota after a limit change may result in HTTP 429 or 402 responses until the quota resets, you upgrade your tier, or we restore or raise the limit.

We may also change tier definitions or pricing. Continued use of the Service after limits or tiers change constitutes acceptance of the updated entitlements. Nothing in this section limits any rights or remedies you may have under applicable law that cannot be waived or contracted away (including, where applicable, requirements for notice before certain changes to paid entitlements during a billing period you have already paid for).

7. User Content

You may submit URLs, notes, false-positive reports, monitoring configurations, and other content ("User Content") through the Service. You retain ownership of your User Content, but you grant PhishStats a worldwide, non-exclusive, royalty-free license to use, store, process, display, and distribute your User Content as needed to operate the Service, improve threat intelligence, and share indicators with the security community.

You represent that you have the right to submit User Content and that it does not violate these Terms or applicable law. We may review, moderate, reject, or remove User Content at our discretion, including submissions we believe are inaccurate, abusive, or harmful.

8. Paid Plans

PhishStats may offer paid subscription tiers processed through Stripe. If you purchase a paid plan:

• Subscriptions renew automatically each billing period unless cancelled before renewal
• You authorize us and our payment processor to charge your payment method on a recurring basis
• You may cancel through the Stripe Customer Portal or by contacting us; cancellation stops future renewals but does not refund fees already paid for the current billing period
• Prices may change with advance notice; changes apply to subsequent billing periods
• You are responsible for applicable taxes
• Chargebacks or payment disputes may result in suspension of paid features

Refund policy

All paid fees are non-refundable, except where applicable law requires otherwise. By purchasing a paid plan, you acknowledge that you receive immediate access to paid features—including API access, higher quotas, and downloadable or queryable data—and that this access constitutes delivery of the Service for the billing period you paid for.

We do not provide refunds, credits, or prorated refunds if you cancel before the end of your billing period, including annual subscriptions cancelled after only part of the term has elapsed. If you no longer need the Service, you may cancel to prevent renewal; you will retain paid access until the end of the period already paid for, and you will not receive a refund for unused time.

Refund requests based on change of mind, reduced need, or partial use of the Service during an active billing period will not be granted. This includes situations where substantial API or data access was used during the subscription term. Nothing in this section limits any mandatory consumer rights that cannot be waived under the laws of your jurisdiction (for example, certain statutory withdrawal or refund rights where applicable).

If we terminate your account for violation of these Terms, you are not entitled to a refund for any unused portion of your billing period. If we discontinue the Service entirely through no fault of yours, we may, at our discretion, offer a prorated credit or refund for the unused portion of a prepaid period.

Paid tier entitlements are tied to an active subscription. If payment fails or a subscription ends, your account may revert to a free tier and associated limits will apply.

9. Suspension & Termination

We may suspend or terminate your access to the Service, revoke API keys, or restrict features if you violate these Terms, exceed fair-use limits, pose an abuse or security risk, or if required by law. Suspended accounts may lose access to submissions, API keys, monitoring, and other features until the suspension is lifted.

You may stop using the Service at any time. You may request account deletion by contacting us. Provisions that by their nature should survive termination (including disclaimers, limitation of liability, and indemnification) will survive.

10. Intellectual Property

The Service, including its design, branding, software, documentation, and the compilation and presentation of phishing intelligence data, is owned by PhishStats or its licensors and protected by intellectual property laws. These Terms do not transfer any ownership rights to you.

Subject to these Terms and your tier limits, we grant you a limited, non-exclusive, non-transferable, revocable license to access and use the Service for lawful security research, threat intelligence, and related purposes.

11. Disclaimers

THE SERVICE AND ALL DATA ARE PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, AND NON-INFRINGEMENT.

PhishStats does not guarantee that data is complete, current, or error-free. Phishing intelligence is provided for informational and security-research purposes only. The Service does not constitute legal, compliance, or incident-response advice. You use the data at your own risk.

12. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, PHISHSTATS AND ITS OPERATORS WILL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR ANY LOSS OF PROFITS, DATA, GOODWILL, OR BUSINESS OPPORTUNITY, ARISING FROM YOUR USE OF THE SERVICE.

OUR TOTAL LIABILITY FOR ANY CLAIM ARISING FROM OR RELATED TO THE SERVICE IS LIMITED TO THE GREATER OF (A) THE AMOUNT YOU PAID TO PHISHSTATS IN THE TWELVE (12) MONTHS BEFORE THE CLAIM, OR (B) FIFTY US DOLLARS (USD $50) IF YOU USE ONLY FREE FEATURES.

13. Indemnification

You agree to indemnify and hold harmless PhishStats and its operators from any claims, damages, losses, and expenses (including reasonable legal fees) arising from your use of the Service, your User Content, or your violation of these Terms or applicable law.

14. Changes

We may update these Terms from time to time. Material changes will be posted on this page with an updated "Last updated" date. When paid billing is active, we will also provide notice to subscribers by email for material changes affecting paid features or billing.

Your continued use of the Service after changes take effect constitutes acceptance of the revised Terms. If you do not agree, you must stop using the Service.

15. Governing Law & Disputes

These Terms are governed by the laws that apply where PhishStats operates the Service, without regard to conflict-of-law principles, except where mandatory consumer-protection or other laws in your country require otherwise.

Before starting formal legal proceedings, you agree to contact us at [email protected] and attempt to resolve the dispute informally for at least thirty (30) days.

If informal resolution fails, disputes may be brought before the courts or tribunals that have jurisdiction over PhishStats at the time of the dispute. If PhishStats later establishes a formal legal entity, we may update this section to name a specific governing law or venue; we will post material changes on this page and, where appropriate, notify registered users by email.

16. Contact

Questions about these Terms? Contact us at [email protected].

See also our Privacy Policy.