Just use NextDNS and PiHole/AdGuardHome and redirect all port 53 requests to your local DNS instance.

DoT and DoH will mitigate some phishing risks.

Social engineering is the biggest threat, especially through vishing.

Is it necessary, compared to the measures I mentioned above?

That product is trash but how is what you’re doing helping with phishing?

Nope.
Not remotely private.
According to the PDF on their Privacy Policy page:

They collect a whole bunch of data on you. Including every site you visit. As well as every email and SMS you receive.

Specifically, during Your access and/or use of the Services, we will collect or receive the following information (including Personal Information) about You:

• Anonymized browsing behavior needed inter alia for the operation of the Solution including sites and URLs visited during the Solution’s operation.
• Country, IP address, Installation time, E-mail, name, last name (as provided by the user), 4 digits of credit card, credit card type for paying customers, and other information provided by you during and as part of creating and maintaining an account with us.
• To the extent you have chosen to subscribe to and use our email scanning feature and/or SMS messages scanning feature as part of the Services, we will also receive information as follows: (a) when you use our email scanning feature – the information (including email content) contained in your email inbox as of your subscription to the service and information contained in any email you receive thereafter during your use of the Services; and (b) when you use our SMS messages scanning feature, information contained in the SMS messages (including messages content) you receive as of the subscription to such feature and thereafter during your use thereof, all as described in your subscription and as made available by us.

They then use and provide that “anonymized” data to any 3rd party they work with.

The collected information as stated above is stored in Guardio’s database and shall be used and processed by us only for the following purposes:

• Providing the Services or any part thereof and enabling convenient and efficient use of thereof including, as applicable, third-party services made available via our Services;
• Improve and enrich the Services;
• Modify and/or remove existing Services and content;
• Perform research and provide statistical information to third parties (in such case, the provided information will not identify You);
• Enforce the Guardio’s Terms;
• Collecting of payable fees;
• Providing additional services and/or products;
• Any other purpose detailed in the Terms and this Privacy Policy.

They target you with 3rd party ads (personalized content).

Your Personal Information is collected and used because Guardio has a legitimate business interest for Your Personal Information to be used for the above purposes. This enables Guardio to send You relevant and personalized content designed to improve Your use of the Services. You have the right to object to this by contacting us via email: my.privacy@guard.io. Please note that if you object, this may affect Guardio’s ability to provide you with the Services and send personalized content to You.

I wouldn’t use it.

Seems to me like free plan is what browsers natively support anyway. (Scam site blacklist. I highly suspect they use the same. They can’t compete with the one Google hosts and all major browsers integrate.)

And instead of paying 15 usd per month, Windows defender is a well funded, well established, well trusted solution.

There’s no practical gain in blockage before download. Windows defender scans upon and after download, before execution.

Until its known by people that actually know stuff, avoid it

Seems sketchy. You give them access to everything instead? How do we know they won’t be an avenue to compromise?

This bit from their FAQ does not inspire confidence either:

Is Guardio Legit?

Guardio is definitely 100% legitimate, and it’s also a great product.

If it was, they wouldn’t need to say stuff like that.