Security training your team will finish.

Built for teams of 5 to 30. Sign up is one person in an afternoon, not a procurement loop. No per-employee licensing portal, no admin console you need to staff, no SSO requirement to start. If you have a dedicated security team and a CISO, this isn't for you. If security is one of forty things on a Head of Ops's plate, this is exactly for you.

Three minutes per lesson, one lesson per week. A phish lands in the inbox 3 to 5 business days after each module. Falling for one costs an extra 2 minutes for the debrief. Total: under 15 minutes per employee per month. Setup for the buyer is 15 minutes on day one and zero per week after that, unless you want to look at the dashboard.

They're built for compliance teams at 500-person companies: annual video cycles, click-rate dashboards, audit exports. For a 15-person startup, that's months of procurement to get a tool your team ignores. We're built for the buying decision one person makes in an afternoon: flat-rate, no procurement, lessons your team will finish. The bigger gap is content. Their AI-threat coverage is 12 to 24 months behind. Ours updates weekly.

Read-only, scoped to message metadata and channel names. We don't index message content. For GitHub, we read repo names and tool references, not code. The generated phishes reference your real stack and channels. The raw data never leaves your tenant and never trains shared models. You can revoke integrations at any time and we delete the derived context within 24 hours.

They see the email they fell for, annotated: here's what gave it away. Three takeaways, a 2-minute lesson on exactly what they missed. No manager notification, no leaderboard, no record held against them. The goal is teaching, not scoring.

Every voice model requires explicit written consent from the executive: signed, timestamped, stored in your audit log. They can revoke at any time and we delete the model and purge derived samples within 48 hours. We treat voice biometrics under the most restrictive applicable framework (BIPA and GDPR Article 9) regardless of where you're incorporated. No one gets cloned without asking first, including during sales demos.

Yes. We map to SOC 2 CC1.4 and CC2.2, and ISO 27001 A.7.2.2, and export completion reports in the format auditors expect. We're pursuing SOC 2 Type II ourselves. Current trust report available on request. The actual goal is training your team well enough that the audit section becomes a formality.

Yes. Employee training data and phishing simulation records are processed as legitimate interest under Article 6(1)(f), consistent with EDPB guidance. Behavioral data is never tied to an individual in exports or shared outside your tenant. If you require a Data Processing Agreement, we send one at signup. No procurement needed. EU data residency is on the beta roadmap and available for teams where it's a hard requirement.

Yes. Phishing simulations land in email by default. That's where most attacks arrive anyway. Slack-channel spoofing is one optional layer for teams that use it. If your team lives in Microsoft Teams or email-only, the core path (lessons, inbox phish tests, debrief) works the same. We'll ask about your stack during onboarding.

Private beta opens summer 2026. The first 30 teams get one-on-one onboarding and we reply to every waitlist signup within 48 hours. Pricing is flat per-company for pre-Series A teams (30 people or fewer), in the range of what you'd pay for one seat of a mid-market awareness platform. Per-seat pricing above 30. Exact numbers published at beta launch.