USA FlagUSA
WorldEN

Phonebox

PhoneBox Privacy & Security Policy

LAST UPDATED: February 23, 2026

Earning your trust is important to PhoneBox Network Ltd. operating as PhoneBox (“PhoneBox,” “we,” “us,” or “our”). One way we earn your trust is through our commitment to protecting your personal information and privacy.

This PhoneBox Privacy & Security Policy (“Privacy Policy”) is provided to help you understand the types of information we collect when you use our wireless products and services (our “Service” or “Services”), visit our websites and online portals (including phoneboxmobile.com and any pages where this Privacy Policy is posted or linked), use our mobile apps (if applicable), or otherwise contact or interact with PhoneBox or our online properties, features, platforms, and tools where this Privacy Policy appears or is linked (our “Site” or “Sites”). It describes how we collect, use, and disclose your information and your rights regarding your information.

PhoneBox provides wireless Services as a mobile virtual network operator (MVNO) on the T-Mobile network. Certain information must be shared with our underlying network and operational partners to activate and deliver wireless service (e.g., provisioning, routing, network troubleshooting, and regulatory compliance).

This Privacy Policy should be read together with our Wireless Customer Agreement, which governs your use of our Sites and Services. (You can request a copy by contacting us using the information in How to Contact Us below.)

Certain terms used in this Privacy Policy that are not capitalized or otherwise defined can be found in the Definitions section.

If you are a California resident or live in a U.S. state with a similar comprehensive privacy law, you may have additional privacy rights with respect to the personal information we collect about you. To learn more about your rights under state-level comprehensive privacy laws, please see the State-Specific Privacy Disclosures and California Privacy Rights sections of this Privacy Policy.

Contents

Personal Information We Collect

How We Collect Information

2.1 Information You Provide Directly to Us

2.2 Information We Automatically or Passively Collect from You

2.3 Information We Receive from Third Parties

How We Use Your Information

3.1 Provide Our Services

3.2 Maintain and Improve Our Sites and Services

3.3 Promote Our Services, Send Marketing and Other Communications

3.4 Comply with Legal Obligations & Prevent Fraud

3.5 Analytics, Profiling, and Automated Decision-Making

How We Disclose/Share Your Information

4.1 Service Providers

4.2 Business Partners

4.3 Marketing & Advertising Companies

4.4 Legal Compliance

Our Obligations and Your Rights Related to CPNI

Marketing Communications, Sweepstakes and Contests

How Long We Keep Your Information

How We Protect Your Personal Information

Third-Party Applications, Links to Third-Party Sites and User Submissions

Information Obtained from Children

Cookies

11.1 Types of Cookies

11.2 Cookie Classifications

11.3 Do Not Track

11.4 Global Privacy Control

International Transfers

State-Specific Privacy Disclosures

13.1 How to Make a Request

13.2 Types of Requests & Verification

California Privacy Rights

14.1 Types of Information We Collect

14.2 Personal Information Collected About Consumers

14.3 Purposes of Collecting & Processing Personal Information

14.4 Personal Information Sources

14.5 Disclosure of Personal Information

14.6 Retention of Personal Information

14.7 Sale and Sharing of Personal Information

14.8 Your California Privacy Rights

14.9 How You Can Correct Your Personal Information

14.10 How to Make Consumer Requests, Our Responses & Verification

How to Contact Us

Changes to This Privacy Policy

Additional California Rights

Nevada Rights

Definitions

1. Personal Information We Collect

We collect various types of information about you when you use our Sites, interact with us online, and through your use of our Services. The data we, or our service providers acting on our behalf, collect depends on how you interact with us and your use of our Sites and Services.

Below are categories of personal information we may collect, with examples.

Categories of Personal Information / Examples

Identifiers / Account Information

When you register for an account with us, we process your information to provide and bill you for our products and services, manage your account, send offers and market to you (where permitted), and prevent fraud.

Examples include:

  • First name
  • Last name
  • Postal address
  • Email address
  • Phone number
  • Date of birth
  • Driver’s license number (where required or permitted)
  • Social Security number (where required or permitted)
  • Credit history (where applicable and permitted)
  • Active membership affiliations (if you provide them)
  • Credit/debit card information (where applicable)
  • Account ID
  • User ID / PIN
  • IP address
  • Device ID and other device identifiers

Payment and Financial Information

We use this information to process payments, bill you for our products and services, support collections and chargeback protection, and reduce fraud.

Examples include:

  • Credit/debit card information
  • Bank account information (if applicable)
  • Credit history (where applicable and permitted)
  • IP address
  • Purchase/order history
  • Other payment or billing information

Promotions and Surveys

We may process your information when you enter, register, or participate in promotional campaigns, sweepstakes, contests, or surveys.

Examples include:

  • First name
  • Last name
  • Date of birth
  • Postal address
  • Email address

Location Data

We may process location information of your device when you are connected to the network or the internet, and to provide certain location-based features.

Examples include:

  • IP address
  • Device location (GPS and network-based)
  • Precise geolocation (when enabled)
  • Cell tower location

Customer Service

We may process your information when you contact or interact with customer support.

Examples include:

  • Call recordings (PhoneBox records customer service calls)
  • Webchat logs (if available)
  • Interactive voice response (IVR) recordings (if available)
  • Recorded audio interactions
  • Customer support tickets and notes

Sensitive Personal Information

When you register for an account, contact customer support, or enable location information on your device, we may collect sensitive personal information to provide and bill for services, send offers/marketing where permitted, and prevent fraud.

Examples include:

  • Social Security number
  • Driver’s license number
  • State ID card number
  • Passport number
  • Username and password
  • Precise geolocation (when enabled)
  • Credit/debit card information (in combination with any security/access code or password)
  • Credit history
  • Other payment or billing information

Network and Devices

We may process information when you use our products and services, including technical information, equipment usage, and network data, to better understand and improve our Services, monitor device and service performance, and protect our network and business.

Examples include:

  • Call detail records (CDRs)
  • Text message records (metadata; not the content unless you send it to us)
  • Wireless data usage
  • Device ID / SIM or eSIM identifiers
  • Equipment type, status, location, settings, and configuration (as relevant to service delivery)

Audio/Visual

We may collect information when you contact customer support and when you participate in promotions.

Examples include:

  • Photographs (if you submit them)
  • Images (if you submit them)
  • Video recordings (if applicable in retail environments)
  • Voice recordings (when you call customer support)

Website and Mobile App

We may collect information about your browsing, searching, buying activities, and how you interact with our websites, mobile apps, or advertisements, and from business partners, to serve cross-context behavioral or targeted ads (where permitted), prevent fraud, and for internal analytics.

Examples include:

  • IP address
  • Device ID
  • Mobile advertising ID (MAID)
  • Information collected using cookies
  • Websites visited (as captured through Site analytics)
  • Applications used (as captured through Site/app analytics)
  • Items placed in shopping carts
  • Screen recordings and/or session replay (only if deployed on a Site/app)
  • Cursor movements
  • Screen interactions/clicks
  • Browser and operating system
  • Platform type
  • Connection speeds

2. How We Collect Your Information

We collect the categories of data described in Personal Information We Collect in various ways.

2.1 Information You Provide Directly to Us

We may collect information directly from you when you interact with us, for example, when you register for an account, use our Services, visit or engage with our Sites, contact customer support, or through our marketing efforts (including contests, sweepstakes, surveys, or promotions).

2.2 Information We Automatically or Passively Collect from You

When you visit our Sites or otherwise interact with us online, we may automatically or passively collect information about you through network technology and advertising tools such as cookies, web beacons, pixel tags, log files, SDKs, or other technologies.

See Cookies for more information about our use of cookies and how to manage cookie preferences. Where required by law, you can opt out of the “sale” or “sharing” of personal information by using the “Do Not Sell or Share My Personal Information” link at the bottom of our website (or by contacting us using the methods in How to Contact Us if that link is not available in your context).

2.3 Information We Receive from Third Parties

We may collect information about you from third parties, such as: credit information/history (where applicable and permitted), marketing lists from partners, risk scores from vendors to help identify fraud, commercially available demographic and interest-based information from third-party data providers, and information from “refer a friend” or similar programs.

We may obtain information from third-party sources including device manufacturers, device protection and warranty providers, retailers, fulfillment providers, and other service providers. Third parties are independent companies; their handling of your information is governed by their own privacy policies.

We may also receive information from social media platforms through your public profile, posts, and other online interactions (for example, if you “like” us, mention PhoneBox, or reach out to us). The information we receive from these third parties is governed by the privacy policies of the applicable platforms, and we encourage you to review them before submitting information on those platforms.

3. How We Use Your Information

We collect the categories of information described in Personal Information We Collect to provide, maintain, and improve our Sites and Services, to promote our products and Services, and to communicate with you, for the following purposes.

3.1 Provide Our Services

Routing calls, delivering text messages, and managing your data connection.

Invoicing and billing for products or Services, shipping items (if applicable), processing payments, and managing your account. (We use Moneris as a payment processor for certain transactions.)

Providing customer support, helping resolve technical issues, and improving customer service.

3.2 Maintain and Improve Our Sites and Services

Managing Service delivery, maintaining and improving coverage and performance (including working with our underlying network partners as needed).

Auditing and improving our Sites and Services; analyzing usage patterns; understanding how you use our Sites and Services; personalizing your experience; and developing new Sites and Services.

Analyzing and improving marketing campaigns.

3.3 Promote Our Services, Send Marketing and Other Communications

Contacting you about Service updates and other important account-related issues (informational or transactional communications) by email and text message.

Responding to inquiries and assisting with operational requests such as password resets.

Sending marketing communications, offers, and promotions to you where permitted. You may have the right to opt out of certain marketing communications via email and text message as described in Marketing Communications, Sweepstakes and Contests.

Personalizing your online experience by providing personalized content or showing relevant advertisements on other websites or mobile apps, where permitted. You may have the right to opt out of certain personalization or advertisements as described in Cookies.

3.4 Comply with Legal Obligations & Prevent Fraud

Security and fraud prevention; protecting your account and our Services from misuse or abuse; and protecting the safety of customers and others.

Complying with applicable laws, legal processes, and government requests; enforcing legal rights; and enforcing our terms, agreements, and policies.

We may employ artificial intelligence or automated processing or systems, including profiling technology, to detect and prevent fraud and secure our Sites and Services. Unless we notify you separately, we do not process your personal information for “profiling” in furtherance of “decisions that produce legal or similarly significant effects,” as such terms are defined under applicable law.

3.5 Analytics, Profiling, and Automated Decision-Making

We use analytics and profiling (automated processing of personal information to analyze, evaluate, or predict preferences, behavior, or needs) to operate, secure, and improve our Services. This includes evaluating information such as account details, device identifiers, service-usage patterns, network and performance data, and customer-interaction history.

We use these tools to help:

detect and prevent fraud or security risks,

verify account activity,

support customer service,

maintain and troubleshoot service performance, and

improve quality and functionality of products and Services.

We may also use analytics to tailor certain communications or to measure or deliver advertising where permitted by law.

Where U.S. state law defines or treats profiling as part of automated decision-making or targeted advertising, we provide the disclosures and rights required by applicable law. These may include the right to request information about categories of personal information used in profiling, the right to access information about outcomes of profiling, the right to appeal or seek human review of a decision (where applicable), and the right to opt out of targeted advertising or profiling to the extent permitted by law.

We do not rely solely on automated systems to make decisions that deny or restrict access to core wireless Services.

We use customer proprietary network information (CPNI) only as permitted by federal law. We do not use call-detail or similar CPNI data for marketing non-communications Services without appropriate consent. Please see Our Obligations and Your Rights Related to CPNI for more information.

Where U.S. state law provides rights to opt out of the use of personal information for targeted advertising, profiling, or the sale or sharing of personal information — including through browser signals such as the Global Privacy Control (GPC) — you may exercise those rights by using the “Do Not Sell or Share My Personal Information” link (where available) or by enabling an authorized preference signal in your browser. Please see Global Privacy Control for more information.

4. How We Disclose/Share Your Information

While we do not sell your personal information in exchange for monetary consideration, we may disclose the categories of information described in Personal Information We Collect to certain third parties in support of our business operations. Under U.S. state privacy laws (including the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020, the “CCPA”), certain disclosures may be considered a “sale” or “sharing” of personal information even if no money changes hands.

The categories of information we may disclose depend on the types of third parties and their relationship with us. We may disclose your information for business purposes, including to the following third parties.

4.1 Service Providers

We use service providers to provide, improve, and maintain our Sites and Services. We disclose information to third parties who perform services at our request or on our behalf so we or they can provide requested products and Services. Service providers are contractually required to protect information and only use it to provide services to us according to our instructions or as otherwise agreed in our contracts.

Examples of services include:

Billing, invoicing, shipping and delivering products, fulfilling orders or requested Services.

Processing payments and transactions (including Moneris, where applicable).

Sending communications and providing customer support functions.

Collections for unpaid purchases or Services.

Identity verification, fraud detection and prevention.

IT infrastructure for data hosting and system maintenance.

4.2 Business Partners

When you purchase certain products or use certain Services offered by PhoneBox and one of our business partners, both parties may collect information. Information collected by partners is subject to the partner’s privacy practices, which we encourage you to review.

Examples of business partners include:

Wireless network infrastructure providers and underlying network partners required to deliver our Services (including the T-Mobile network and related providers).

Device manufacturers, device protection and warranty providers, and device financing companies (if applicable).

Retailers and other third parties for order fulfillment (if applicable).

Membership affiliations or partner programs (if applicable) for promotion administration or marketing.

4.3 Marketing & Advertising Companies

We may disclose or allow certain third-party advertising and analytics companies to collect information when you visit our Sites, use our Services, or otherwise interact with us online. This may include cookies, web beacons, pixel tags, log files, SDKs, and similar technologies.

These companies may combine information we provide with information they have to provide relevant advertising. We may disclose information to:

Digital advertising platforms for serving cross-context behavioral or targeted advertising (where permitted).

Marketing companies for promotional campaigns.

Analytics providers for our Sites and Services.

4.4 Legal Compliance

We may disclose information for additional purposes if we believe disclosure is necessary or appropriate, including:

Disclosing information about a secondary account user to the primary account holder or the party financially responsible for the account.

Disclosing account and location information in an emergency to individuals you authorize and/or emergency responders where permitted.

Responding to requests for cooperation from law enforcement or government agencies, or outside auditors or regulators, if required.

Responding to subpoenas, court orders, or other legal processes.

Investigating violations of our Acceptable Use Policy or other terms, agreements, or policies.

Recovering payment for unpaid purchases or Services.

Preventing fraudulent use of our Sites or Services and protecting the safety of customers and others.

As part of a business transaction such as sale, acquisition, divestiture, merger, bankruptcy, consolidation, or reorganization.

Disclosing information to professional service providers (auditors, lawyers, privacy vendors, consultants).

Calculating taxes, fees, or other obligations due to local, state, or federal requirements.

Disclosing information pursuant to your request, direction, or instruction.

5. Our Obligations and Your Rights Related to CPNI

As a telecommunications provider, PhoneBox collects Customer Proprietary Network Information (CPNI), which receives special legal protection under federal law.

CPNI includes:

Information about the quantity, technical configuration, type, destination, location, and amount of use of your telecommunications services.

Billing information related to telecommunications services.

Call detail records (CDRs) showing phone numbers you call and receive calls from, along with date, time, and duration.

Data usage patterns and technical service configuration.

Network performance information related to your specific service.

CPNI does not include:

Your name, address, and listed phone number.

Text message content.

Data usage content (i.e., specific internet browsing content).

Subscriber list information.

Marketing and promotional preferences.

Customer support interaction records.

Confidentiality of CPNI

Under federal telecommunications law, PhoneBox must treat CPNI confidentially and cannot share it without your consent except in specific circumstances, including:

To protect our rights and property or prevent fraudulent or unlawful use.

For billing, collection, and providing Services to you.

To provide emergency information to law enforcement where permitted.

As otherwise required by law.

We will not disclose CPNI to you until you have provided your password or other permissible authentication measures.

Your Rights Related to CPNI

You have the right to restrict our use of CPNI for marketing purposes. We may use your CPNI to offer communications-related Services, subject to your right to opt out of the use of CPNI for marketing purposes.

You can submit a CPNI marketing opt-out request by contacting us using the information in How to Contact Us.

6. Marketing Communications, Sweepstakes and Contests

In accordance with our Wireless Customer Agreement, you may consent to receive marketing emails and text messages from us sent to your email address and phone number.

You may choose to limit or revoke consent as follows:

Unsubscribe from email communications by following the unsubscribe link within our emails.

Reply “STOP” to any marketing text message.

Contact us by email or phone using the information in How to Contact Us.

We will process opt-out requests as soon as reasonably possible and within the time periods required by applicable law. Opting out of marketing communications does not affect your Services and does not prevent us from sending non-promotional messages related to your account, transactions, customer support, security, or our ongoing business relationship with you.

If you participate in sweepstakes, contests, or promotions, we may require information such as name, postal address, phone number, and email to administer the promotion, contact winners, and send offers where permitted. Official rules may treat personal information differently than this Privacy Policy; please review the rules for each promotion.

7. How Long We Keep Your Information

We retain different categories of personal information for different time periods based on business needs, legal requirements, and regulatory obligations, unless a specific retention period is mandated or permitted by applicable law.

Our contracts with service providers require that they retain personal information only for the duration necessary to fulfill the purposes described in the contract.

8. How We Protect Your Personal Information

We have implemented administrative, organizational, technical, and physical measures designed to protect your information from unauthorized access or improper use.

No security measures are perfect, and we cannot guarantee your personal information will never be disclosed in a manner inconsistent with this Privacy Policy due to unauthorized or unlawful acts by third parties. If that occurs, we will notify you in accordance with applicable law.

The information we collect is stored on servers located in the United States (“U.S.”). Physical and logical access to databases and servers is restricted to employees, service providers, business partners, and third parties who have a legitimate need to know for the business purposes described in How We Use Your Information. They may only process personal information on our instructions or as agreed in our contracts.

9. Third-Party Applications, Links to Third-Party Sites and User Submissions

When using our Services, you may choose to install, access, or use services offered by third parties. By using, playing, or downloading third-party applications, you agree to be bound by the terms of service for those applications. Third parties may use tracking technologies (cookies, etc.) to collect information and may collect location/geolocation data. We encourage you to review third-party privacy policies.

Our Sites may contain links to third-party websites. This Privacy Policy does not apply to those third parties, and PhoneBox does not control or take responsibility for their content or privacy/security practices.

We may provide places where you can post information, upload content (pictures, video, audio), and post comments or reviews. You are responsible for the content you share. If you disclose personal information on publicly viewable pages, that information may be public and may be collected and used by others. Once you post information, you may not be able to edit or delete it.

10. Information Obtained From Children

Our Services are not intended for children or minors, and we do not knowingly collect information from anyone under eighteen (18) years of age. If you believe your child has provided personal information to us, please contact us using the information in How to Contact Us, and we will work to delete the information in accordance with applicable law.

11. Cookies

When you visit our Sites, we store and retrieve information on your device’s browser in the form of cookies (small data files downloaded when you visit a website), web beacons, tracking pixels, and similar technologies (collectively, “Cookies”). Cookies help websites remember preferences and track how you use the Site.

You can disable some types of Cookies by turning them off in your browser settings. Because we respect your privacy, and to comply with state-level privacy laws, you can choose not to allow some types of Cookies. Blocking some Cookies may impact your experience.

For more information about Cookies we use and how to manage settings, use the “Do Not Sell or Share My Personal Information” link at the bottom of our website (where available) and/or adjust browser controls. You may also enable the Global Privacy Control (GPC) signal on a compatible browser.

11.1 Types of Cookies

First-party Cookies are set by PhoneBox and are commonly required for functionality and security.

Third-party Cookies are set by partners and service providers to provide analytics and serve relevant advertising/marketing. Third-party Cookies may be governed by each third party’s privacy policy.

11.2 Cookie Classifications

We may use:

Strictly Necessary Cookies

Necessary for the Sites to function and cannot be switched off. Usually set in response to actions such as setting privacy preferences, logging in, or filling out forms. These do not store personal information and are always active.

Functional Cookies

Enable enhanced functionality and personalization. If you do not allow these, some services may not function properly. Like Strictly Necessary Cookies, Functional Cookies do not store personal information.

Performance Cookies

Allow us to count visits and traffic sources to measure and improve performance. If you do not allow these, we may not know when you visited our Sites or be able to monitor performance effectively.

Targeting Cookies

Set by advertising partners or social media services. They can track your browser across websites and are used to build a profile of your interests, show relevant ads, and enable social sharing tools. If you do not allow these, you may see less targeted advertising and some social tools may not work.

You can opt out of certain targeted advertising by using industry tools such as those provided by the Digital Advertising Alliance (DAA) and Network Advertising Initiative (NAI), or by using our website controls (including “Do Not Sell or Share,” where applicable).

11.3 Do Not Track

Some browsers transmit a “Do Not Track” signal. We do not currently respond to “Do Not Track” signals because no uniform industry standard has been adopted.

11.4 Global Privacy Control

Our Sites support Global Privacy Control (GPC) where required by applicable law. GPC is a browser-based opt-out preference signal that communicates your request to opt out from the “sale” or “sharing” of personal information or processing for “targeted advertising.” You can learn how to set up GPC through your browser or extensions that support it.

12. International Transfers

PhoneBox is based in the U.S., and information we and our service providers collect is governed by U.S. law, which may differ from laws where you are located. We do not intend to offer Services to residents of countries other than the U.S. Your access to and use of our Sites constitutes your consent to transfer, processing, use, sharing, and storage of your information in the U.S. and in other countries where our service providers may process data, consistent with this Privacy Policy.

13. State-Specific Privacy Disclosures

If you are a California resident, refer to California Privacy Rights below.

This section applies to residents of certain U.S. states that have enacted comprehensive privacy laws (for example: Colorado, Connecticut, Delaware, Illinois, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, Nevada, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, Virginia). This list is non-exhaustive and may expand.

Depending on your state, you may have rights such as:

Right to confirm whether we process personal information and obtain certain details (including categories/list of third parties disclosed to).

Right to access personal information in a portable and readily usable format.

Right to delete personal information.

Right to correct personal information.

Right to opt out of “sale” of personal information or processing for “targeted advertising.”

Not all states provide the same rights (for example, appeals or correction rights vary), but we will try to assist with valid requests as required by law. We do not discriminate against you for exercising applicable rights.

13.1 How to Make a Request

You may exercise rights (subject to exceptions) by:

Calling us at 1-855-886-0505; or

Emailing us at regulatory@phoneboxmobile.com

To opt out of sale/sharing for targeted advertising where required, you may also use the “Do Not Sell or Share My Personal Information” link at the bottom of our Site (where available) or use GPC.

Some rights may be inapplicable to our practices (for example, contesting profiling in furtherance of decisions that produce legal or similarly significant effects). Unless we notify you separately, we do not process personal information for profiling in furtherance of such decisions.

13.2 Types of Requests & Verification

You may exercise your right to opt out of “sale” of personal information or processing for targeted advertising by using the “Do Not Sell or Share My Personal Information” link (where available), by enabling GPC, or by contacting us via phone/email.

Timing: We will respond to opt-out requests within fifteen (15) business days of receipt where required by law.

Appeals (where required): Residents of certain states may have the right to appeal our decision not to take action on a request. To submit an appeal, email regulatory@phoneboxmobile.com

and include:

First and last name

Type of appeal: access / know / delete / correct

Any reference number we provided (if applicable)

The reason for the appeal

Corrections: You may request corrections by contacting customer support. If you have an online account portal, you may also correct certain details through that portal (if available).

Identity verification: To protect privacy and security, we verify identity before processing requests to access/know/delete/correct. We may require information such as:

first and last name

email address

account number (if applicable)

postal address

phone number

additional authentication for security (as permitted)

Acknowledgment & response timeline:

We will confirm receipt within ten (10) days.

We will respond within forty-five (45) days of receipt.

If necessary, we may extend by an additional forty-five (45) days and will notify you within the first 45 days.

Denials: A request may be denied (for example, if we cannot verify identity). If denied, we will explain why and provide appeal information where required. Appeals should be submitted within sixty (60) days (or as required by applicable law).

Authorized agent: You may designate an authorized agent to submit requests on your behalf. We may require proof of authorization, may require you to verify identity, and/or may require you to confirm the agent’s permission directly.

14. California Privacy Rights

14.1 Types of Information We Collect

We collect information about you when you use our Sites, interact with us online, and through your use of our Services. The data collected depends on how you interact and use the Sites and Services.

14.2 Personal Information Collected About Consumers

In the previous twelve (12) months, we may have collected and processed the following categories of personal information:

Personal information described in Cal. Civ. Code § 1798.80(e) (including identifiers, date of birth, bank account information, credit/debit card information, credit history)

Characteristics of protected classifications (e.g., age, disability, veteran status) (if provided or inferred as allowed)

Commercial information (products/services purchased, obtained, considered; purchasing tendencies)

Geolocation data

Audio/electronic/visual information (including call recordings; photos/videos if applicable)

Customer support interaction information (chat logs, call recordings, monitored channels)

Sensitive personal information (driver’s license/SSN, precise geolocation when enabled, login credentials/passwords, certain demographic information; contents of emails/texts unless PhoneBox is intended recipient)

Inferences drawn from the above

Other information described in Personal Information We Collect

14.3 Purposes of Collecting & Processing Personal Information

In the previous twelve (12) months, we may have collected/processed categories above for purposes including:

Auditing (counting ad impressions, verifying ad positioning/quality, auditing compliance)

Ensuring security and integrity

Debugging and repairing errors

Short-term, transient use

Internal research

Analytics, training, and quality assurance (including use of AI/automated systems where permitted)

Activities to verify, maintain, or improve quality or safety of our Sites and Services

Other purposes described in How We Use Your Information

14.4 Personal Information Sources

We collect personal information:

directly from you

from your use of our Sites and Services

from partners and third parties as described in How We Collect Information

and for purposes described in How We Use Your Information.

14.5 Disclosure of Personal Information

In the past year, we may have disclosed all or substantially all categories listed above to certain entities who provide services to or for us, or on our behalf, as described in How We Disclose/Share Your Information, and for purposes described in How We Use Your Information.

14.6 Retention of Personal Information

We retain personal information consistent with How Long We Keep Your Information. These requirements also apply to service providers.

We may maintain or use de-identified or pseudonymized information derived from personal information. We will not attempt to reidentify de-identified or pseudonymized information unless permitted by law.

14.7 Sale and Sharing of Personal Information

Under the CCPA, “sale” is defined broadly and does not require monetary exchange. Under that definition, in the previous twelve (12) months, a “sale” of the following categories of personal information may have occurred with marketing/analytics providers and other business partners:

Identifiers (name, IP address, postal address, phone number, email)

Commercial information (purchases and usage information)

Internet/electronic network activity (interactions with Sites/ads)

Inferences drawn from the above

Such disclosure may also constitute “sharing” for cross-context behavioral advertising.

We do not sell or share (and have not sold or shared in the previous 12 months) personal information of consumers we know to be under eighteen (18) years of age.

We do not discriminate against you for exercising privacy rights.

14.8 Your California Privacy Rights

Subject to applicable law (including exceptions/limitations), you may have:

Right to know what personal information we collected (categories, sources, purposes, third parties disclosed to, and specific pieces)

Right to access personal information in a portable format

Right to delete personal information

Right to correct personal information

Right to opt out of sale or sharing

Right to limit use/disclosure of sensitive personal information beyond what’s authorized by law (Note: we do not process sensitive personal information in a manner that triggers this right unless we notify you)

14.9 How You Can Correct Your Personal Information

You may correct information by contacting customer support using the contact methods below. If an online account portal is available, you may be able to correct certain details there.

14.10 How to Make Consumer Requests, Our Responses & Verification

To protect privacy and maintain security, we verify identity before processing access/know/delete/correct requests. We may request:

first and last name

email address

account number (if applicable)

postal address

phone number

additional authentication as permitted

We will:

confirm receipt within ten (10) days

respond within forty-five (45) days (with a possible additional 45-day extension as permitted)

explain any denial (e.g., inability to verify identity)

You may exercise rights by:

Calling 1-855-886-0505; or

Emailing regulatory@phoneboxmobile.com

You may also opt out of “sale”/“sharing” using the “Do Not Sell or Share My Personal Information” link (where available) or via GPC. We will respond to opt-out requests within fifteen (15) business days where required.

Authorized agents may submit requests with proof of authorization; we may require you to verify identity or confirm permission.

15. How to Contact Us

If you have questions about this Privacy Policy or want to submit a privacy/CPNI/state rights request, contact:

PhoneBox Network Ltd. operating as PhoneBox

Phone: 1-855-886-0505

Email (Regulatory/Privacy): regulatory@phoneboxmobile.com

16. Changes to This Privacy Policy

This Privacy Policy may be updated periodically and without prior notice. When material changes are made, we will post the revised Privacy Policy with an updated revision date and may communicate changes through our usual channels.

Your continued use of our Sites or Services constitutes your agreement to the Privacy Policy then in effect. If you do not agree, discontinue use of our Sites or Services.

17. Additional California Rights

Pursuant to California’s “Shine the Light” law (Cal. Civ. Code § 1798.83), California residents may request, once per calendar year and free of charge, certain information regarding our disclosure (if any) of personally identifiable information to third parties for their direct marketing purposes in the preceding calendar year.

To make a request, contact us at regulatory@phoneboxmobile.com. We may need additional information to process the request.

18. Nevada Residents

Pursuant to NV Rev Stat § 603A, Nevada residents may submit a verified request instructing a business not to sell covered information collected through online services.

While we do not sell covered information in exchange for monetary consideration, we may disclose personal information to third parties in support of business operations. Nevada residents may exercise their right by contacting us at regulatory@phoneboxmobile.com

or calling 1-855-886-0505.

19. Definitions

The following definitions are provided for informational purposes only.

Authorized Agent

An individual legally designated to make privacy requests on behalf of another individual.

Automated Processing

Computer systems (including AI) that analyze information and make decisions or predictions without human involvement.

Business Transactions

Events like mergers, acquisitions, divestitures, bankruptcies, or reorganizations where customer information may transfer.

Call Detail Records (CDRs)

Records showing the phone numbers of calls made/received, along with date, time, and duration.

Cross-Context Behavioral Advertising

Targeting ads based on personal information obtained from activities across different websites/apps/services.

De-identified Information

Data processed to remove identifying elements so it cannot reasonably be linked to an individual.

Device or Equipment

Phones, tablets, wireless accessories, computers, or other devices activated or used with our Services or Sites.

Fraud Detection

Processes and systems used to identify and prevent suspicious or fraudulent activity.

Geolocation / GPS Data

Information about physical location (GPS or network-based such as cell tower/Wi-Fi).

IP Address

A number assigned to a device when it connects to the internet.

Interactive Voice Response (IVR)

A phone system that uses pre-recorded prompts and menus to route calls.

Legal Process

Court orders, subpoenas, warrants, and lawful requests requiring disclosure.

Marketing Lists

Collections of contact information used to send promotional materials.

Mobile Advertising ID (MAID)

A device identifier used for advertising (e.g., Apple IDFA, Android AAID).

Network Infrastructure

Equipment and systems that provide connectivity (including underlying network partners’ infrastructure).

Pseudonymized Information

Data altered so it can’t be linked to an individual without additional information kept separately.

Opt-Out

A choice not to participate in certain data uses such as targeted advertising or marketing.

Personal Information

Information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked with an individual or household.

Processing

Any action performed on personal information (collection, storage, use, disclosure, deletion).

Profiling

Automated processing to evaluate or predict aspects of preferences, behavior, or needs.

Sensitive Personal Information

More protected information (e.g., SSN, driver’s license, precise geolocation, account credentials, certain financial data).

Targeted Advertising

Advertising selected based on inferred interests from personal information.

Web Beacons / Pixel Tags

Small technologies embedded in pages/emails that track engagement.