Skip to content
For enterprises

Org-wide phishing protection, no rip-and-replace.

Give your team a second opinion on every suspicious message - as bulk triage, a connector, or an API. Without replacing your mail infrastructure.

DPA incl. EU SCCp95 under 5 secEU hosting: Frankfurt & Falkenstein
"An API for the question is this real? - in the shape we already call Safe Browsing with."- Theo, backend architect
What you bring

A bearer token, an HTTPS connection, an OpenAPI 3.1 client library. That's it.

What we bring

A stable API, an MCP server for AI agents, a heuristic fallback on model outage, signed audit trails for compliance.

01
The value

The expensive, targeted mails - not just bulk spam.

Your spam filter catches the obvious 95 %. Scampilot is the on-demand second opinion for the rest.

Bulk triage

Collect suspicious mails, score them in one pass, surface them ranked by risk.

Connector, not migration

Inline checks alongside your existing mailbox - no mail-server switch.

Audit trail

Every check logged: who, when, what verdict - exportable for compliance.

EU DPA without lawyer-months

Data processing with a named subprocessor list, EU hosting, no model training.

03
The path

From pilot to org-wide coverage.

Start small, with one team. Roll out when the numbers add up.

01

Pilot with one team

Connector or API for one department. We set it up in days, not quarters.

02

Triage into your workflows

Suspicious mails run through Scampilot before escalation. Verdicts land in your helpdesk.

03

Org-wide with an SLA

Higher quotas, 99.5 % SLA, a dedicated account manager, custom-branded reports.

04
Compliance

Contracts your compliance team waves through.

One table, one PDF, one DPA. Not four weeks of back and forth.

Data processing (GDPR Art. 28)Standard DPA as an appendix to the main contract. EU SCC for AI and email sub-processors.
HostingEU hosting provider, sites in Falkenstein and Frankfurt. DE/EU, ISO/IEC 27001 certified.
Storage encryptionLUKS full-disk on all DB hosts. Backups separately encrypted with a dedicated key.
Transport securityTLS 1.3 enforced. HSTS with a 6-month header + preload entry.
Audit trailAppend-only audit log for all privileged actions. Available on request as a database export for audits.
Pen testAnnual, by a BSI-approved assessor. Latest report available under NDA.
SLA99.5 % uptime on the business tier (in preparation). Q2 2026.

Frequently asked questions

Does Scampilot cover CEO fraud and invoice fraud?

Yes. Detection evaluates email authentication (SPF/DKIM/DMARC), lookalike domains, and payment and urgency patterns - the classic signals of CEO fraud and forged invoices (BEC).

Can Scampilot integrate with our organisation?

Yes: REST API, bulk checks, webhooks, SSO/SAML and SCIM provisioning, plus audit logs and a custom DPA.

Where is the data held for regulated teams?

On EU servers, with no US data flows and no model training on content - with audit trails and exportable evidence.