At OutKept (referred to as “OutKept”, “we”, “us”, “our”), we understand better than anyone that your privacy is important to you and that you care about how your information is used and shared online. We respect and value the privacy of everyone that visits our website/platform, and only collect and use information in ways that are useful to you and in a manner consistent with your rights and our obligations under the law, including the General Data Protection Regulation (GDPR).
Our website, https://outkept.com is owned and operated by:
OutKept BV, registered in Belgium under nr: BE0769443788. Our registered address is:
Sassevaartstraat 46 bus 102, 9000 Gent, Belgium
Our data protection officer can be contacted at dpo@outkept.com.
We collect information about you when you register with us or complete a form on our website. We collect the information you provide in the forms on our platform. We collect information from files you upload, including e.g. scans of national identity card, passport, driver’s license or other commonly accepted documents as proof of identification. We also collect information when you voluntarily provide feedback, participate in competitions and when you email us or contact us by telephone. Website usage information is collected using cookies.
We collect information about you when you register with us, complete a form on our website, or otherwise interact with our platform.
Some information is collected automatically, such as website usage data via cookies. Other information is provided directly by you, including details submitted through forms, feedback, competition entries, and when you contact us via email or phone.
Sensitive identification documents, such as scans of a national identity card, passport, driver’s license, or other officially recognized forms of identification, are only collected when you register as a phisher. This information is collected as part of our “User Verification via Persona” process, in compliance with Know Your Business (KYB) and applicable tax regulations. It is used strictly to verify your identity and protect the safety and integrity of the platform for other users and customers.
All such sensitive information is stored securely and is accessible only to authorized personnel who require it to fulfill compliance and security-related responsibilities.
With your permission we would like to send you information about our products and services, together with details of news and promotions that we think will be of interest to you. We may use your data to contact you by email, telephone, text message and by direct mail. You may opt out at any time.
If you no longer wish to be contacted for marketing purposes, please email info@outkept.com. You can opt out of our email communications by clicking the unsubscribe link at the footer of any email you receive from us.
We only keep your data if we have a valid legal reason to do so and will only keep it for as long as we need to in order to fulfill our contractual or legal obligations or for as long as we have your permission to keep it.
In the context of a phishing simulation campaign, if you were targeted by one of our phishing simulation mails, the proprietary information provided by you through our platform will only be stored for a minimum of time, to allow us to register the fact that information was shared with us. We do not store information you uploaded for the purpose of keeping it. The purpose of our platform is solely to register whether you have clicked on a link and/or shared data on a phishing simulation page on our platform, in order to generate a report on the vulnerability to phishing of your organisation and to allocate an appropriate reward (bounty) to the ethical social engineer who sent out the phishing simulation mail. Ethical social engineers will under no circumstance have access to the information provided by you through one of our web forms.
We will conduct an annual review to determine if we need to keep your data. Your data will be deleted if we no longer need it to maintain our obligations or if you have requested that we delete it.
We only retain personal data for as long as necessary for the purposes for which it was collected, and in line with our identified retention periods. After this period, the data is securely deleted or anonymised. If you have any questions regarding this matter, please feel free to contact us.
Data security is of great importance to us. We take steps to protect your data by using data encryption on our websites and applications. Our websites are hosted in Belgium and the Netherlands and are monitored 24/7/365. The servers where they are stored include firewall protection and secure monitoring software which generates alerts in the event of a hack attempt or the detection of malware.
The Outkept public list of subprocessors identifies subprocessors authorized to subprocess customer or personal data on behalf of Outkept to provide services to our customers.
An up-to-date list of our subprocessors can be found here.
You have the right to request a copy of the information that we hold about you. If you would like a copy of some, or all of your personal information, please email us at dpo@outkept.com. We may charge a small fee for this service.
We want to ensure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate.
Some or all of your data may be stored or transferred outside of the European Economic Area (“the EEA”). If we do store or transfer data outside of the EEA, we will take all reasonable steps to ensure that your data is treated as safely and securely as it would within the EEA and under the GDPR.
Cookies are text files placed on your computer to collect standard internet information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity. It may also be used for the purpose of running re-marketing adverts to you about our products and services.
You can set your browser not to accept cookies and can also remove cookies from your browser. However, if you do, some features on our website may not function as a result.
You can find out more information about cookies and how to remove cookies by visiting our cookie policy.
To maintain a secure and trustworthy environment, all ethical phishers submitting phishing simulation emails are required to verify their identity through Persona. This verification process is part of our "Know Your Business" (KYB) requirements and is essential to prevent misuse of our platform. By confirming the identity of users, we help ensure that all activities are legitimate, responsibly conducted, and aligned with ethical guidelines. The privacy policy of Persona can be found here: https://withpersona.com/legal/privacy-policy
Our website contains links to other websites. This privacy policy and terms and conditions only apply to this website and platform. So, if you follow a link to other websites you should read their privacy policy.
By installing and using the OutKept Phishing Reporter add-on for Microsoft (Outlook) or Google Workspace (Gmail), you agree to this Privacy Policy and acknowledge that your information may be processed and temporarily stored as part of the phishing email analysis process.
When you use the Report button, the following data is collected:
This information is used to verify whether you are a registered user on the OutKept platform.
If the email is not identified as an OutKept simulation, the data will be stored in accordance with the contractual agreement with the party that registered you as a user on the OutKept platform, this may be your employer, a service provider, or another organization conducting phishing simulations via OutKept.
Furthermore, if configured by the registering party, the reported email may be forwarded to a designated address for further evaluation, provided it is determined not to be an OutKept simulation.
The use of the OutKept Phishing Reporter add-on must comply with the policies and permissions set by the organization or entity that registered you on the platform. OutKept acts solely as an intermediary between you and the registering party. If reporting suspicious emails is not authorized under their policies, you must not use the report function.
We will keep our privacy policy under regular review and will place any updates on this web page. The Privacy Policy was last updated 25/11/2025.
If you have any queries concerning this Privacy Policy, your personal information or any questions on our use of the information, please email us at info@outkept.com or write to us: OutKept - Sassevaartstraat 46 bus 102, 9000 Gent, Belgium
.png){kind=logo}
