Privacy Policy

1. Data Controller

For the purposes of applicable data protection legislation, A.R.I.A Mobile acts as the data controller in respect of personal data processed through our Services. Contact: A.R.I.A Mobile, United Kingdom. Email: support@ariamobile.co.uk.

2. Information We Collect — Information You Provide

We may collect:

• Full name
• Email address
• Telephone number
• Billing details
• Account credentials
• Support enquiries
• Uploaded support files
• Business account information
• Fleet management information

3. Information We Collect — Service Information

We may collect:

• ICCID identifiers
• Activation information
• Provisioning status
• Subscription status
• Device compatibility information
• eSIM usage information
• Top-up and renewal history

4. Information We Collect — Technical Information

We may collect:

• IP address
• Browser information
• Device information
• Operating system information
• Session information
• Authentication logs
• Security logs

5. Payment Information

Payment card information is processed by Stripe. We do not store full payment card details.

6. Lawful Basis for Processing

We process personal data under one or more of the following legal bases: Contractual Necessity (to provide Services, process purchases, activate eSIMs, deliver support, manage subscriptions); Legal Obligations (to comply with applicable laws, prevent fraud, respond to lawful requests, maintain accounting records); Legitimate Interests (to improve Services, protect platform security, monitor service performance, prevent abuse, manage business operations); Consent (where required by law, including certain marketing communications and analytics activities).

7. How We Use Information

We may use personal data to:

• Create and manage accounts
• Process payments
• Provision eSIM services
• Deliver QR codes
• Manage subscriptions
• Process top-ups
• Respond to support requests
• Detect fraud
• Monitor network service quality
• Improve customer experience
• Maintain platform security
• Comply with legal requirements

8. Telecommunications Data

To provide connectivity services we may process ICCID identifiers, provisioning records, service activation information, network usage information and technical diagnostic information. We do not monitor the content of communications.

9. Sharing of Information

We may share information with trusted service providers, including: Payment Providers (Stripe — payment processing, refunds and subscription management); Connectivity Providers (eSIM Go and associated telecommunications providers — provisioning, activation and management of eSIM services); Hosting Providers (Supabase and associated infrastructure providers — secure storage and platform operation); Authentication Providers (Google and other identity providers — authentication and account security); Email Providers (transactional email infrastructure providers — service communications and notifications); Legal Authorities (where required by applicable law). We do not sell personal data.

10. International Transfers

Because we operate globally, personal data may be processed in multiple jurisdictions. Where data is transferred outside the United Kingdom or European Economic Area, we implement appropriate safeguards designed to protect personal data.

11. Security

We implement technical and organisational measures including:

• Access controls
• Role-based permissions
• Encryption in transit
• Audit logging
• Authentication controls
• Security monitoring
• Rate limiting
• Data minimisation practices

12. Data Retention

We retain information only for as long as necessary. Typical retention periods may include: account information (while account remains active); billing records (as required by law); security logs (reasonable operational period); support records (operational necessity period); deletion requests (compliance purposes). Where possible, data is anonymised or securely deleted.

13. Your Rights

Depending on your jurisdiction, you may have rights to:

• Access your data
• Correct inaccurate data
• Request deletion
• Restrict processing
• Object to processing
• Request portability
• Withdraw consent
• Lodge a complaint with a supervisory authority

14. Data Access Requests

Requests may be submitted to support@ariamobile.co.uk. We may require identity verification before processing requests.

15. Automated Processing

Certain operational decisions may be automated, including fraud detection, risk assessment, provisioning workflows and security controls. Automated decisions are used primarily to protect platform security and ensure service delivery.

16. Marketing Communications

Where permitted by law, we may send service-related communications. Marketing communications are only sent where a lawful basis exists. Users may unsubscribe from marketing communications at any time. Service notifications relating to active accounts may still be sent.

17. Cookies and Tracking Technologies

We use cookies and similar technologies. Further information is available in our Cookie Policy.

18. Children

Our Services are not intended for individuals who do not meet the minimum legal age requirements applicable in their jurisdiction. We do not knowingly collect personal information from children in violation of applicable laws.

19. Business Accounts

Where Services are purchased by businesses or organisations, personal data may be processed on behalf of authorised users within those organisations. Business customers remain responsible for ensuring they have appropriate authority for any personal data they provide.

20. Changes to this Policy

We may amend this Privacy Policy periodically. Updated versions will be published on our website. Continued use of Services after publication constitutes acceptance of the updated Policy.

21. Contact

A.R.I.A Mobile, United Kingdom. Email: support@ariamobile.co.uk.