Privacy Policy

Aegis Mobile Global Privacy Policy 

 Effective Date: June 18, 2026 

 Version: 1.1 

1. Introduction 

Aegis Mobile LLC ('Aegis Mobile', 'Aegis', 'we', 'us', or 'our') respects the privacy of our business partners, clients, and the individuals whose information we process. This Global Privacy Policy describes how we collect, use, share, and protect personal information across our platforms and services. It aligns with the principles of the EU–U.S. Data Privacy Framework (DPF), its UK and Swiss extensions, the General Data Protection Regulation (GDPR), Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”), the Australia’s Privacy Act 1988 and the Australian Privacy Principles (APPs), and applicable U.S. state privacy laws including the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). 

2. Who We Are 

Aegis Mobile LLC is headquartered at 8605 Westwood Center Drive, Suite 506, Vienna VA 22182, USA. We provide vetting, compliance, monitoring and business intelligence services for messaging and communication programs across multiple platforms. 

3. Role as Data Processor 

Aegis Mobile primarily acts as a data processor (and, where applicable, a “service provider” under California law) on behalf of its business customers. Personal data processed through Aegis Mobile products and services is generally provided by, or collected at the direction of, business customers who act as the data controllers (or “businesses” under CCPA/CPRA). In certain circumstances, including operation of the Aegis Mobile website, customer support portal, customer account administration, security monitoring, and related business operations, Aegis Mobile may act as a data controller (or “business” under applicable U.S. privacy laws) with respect to information collected and processed for those purposes. Processing activities conducted on behalf of customers are governed by applicable customer agreements and the Aegis Mobile Data Processing Agreement (“DPA”). 

4. Scope of This Policy 

This policy applies to all Aegis Mobile products and services, including AI3MS, PMP, Constellation, and related APIs. It covers the processing of personal and business contact information associated with organizations and their representatives. 

5. Information Processed on Behalf of Customers 

Aegis Mobile processes information on behalf of its business customers and at their direction in connection with providing vetting, compliance, and monitoring services. The categories of information processed may include business-related personal data submitted by customers, such as organization names, contact names, business titles, email addresses, phone numbers, and related identifiers required for verification and vetting purposes. 

In the course of providing services, Aegis Mobile may also process technical and operational data, including log files, IP addresses, and system metadata, where such data is generated through customer use of the platform and processed solely for security, integrity, and operational purposes. 

 Media files or materials (such as logos, images, or documents) submitted by customers for analysis may incidentally contain personal data. Such data is processed strictly in accordance with customer instructions and applicable agreements. 

Aegis Mobile does not use processed information for marketing, advertising, profiling, or any independent commercial purpose. 

Information processed through Aegis Mobile products and services is handled in accordance with customer instructions and applicable agreements. 

Information collected directly by Aegis Mobile through its website, customer support portal, customer account administration functions, or related business operations is addressed separately in this policy 

     5.A. A Customer Support Portal 

Aegis Mobile provides customer support services through an online support portal.      Individuals may create support accounts, submit support requests, communicate with Aegis Mobile personnel, and upload files or attachments in connection with obtaining technical support and customer service. 

Information collected through the support portal may include names, business contact information, email addresses, account credentials, support ticket content, communications, uploaded files, technical diagnostic information, IP addresses, browser information, authentication records, and related system metadata. 

Aegis Mobile processes such information for the purpose of providing customer support, troubleshooting technical issues, administering support accounts, maintaining platform security, improving service quality, and fulfilling contractual and legal obligations. 

With respect to support portal information, Aegis Mobile generally acts as a data controller (or “business” under applicable U.S. privacy laws). 

6. Cookies and Tracking Technologies 

The Aegis Mobile public website uses cookies and similar technologies for security, site

functionality, and limited analytics purposes. In particular, Aegis Mobile uses Google

Analytics to measure page views, site usage, and aggregate visitor statistics.

Google Analytics cookies are used solely to understand how visitors interact with the

website and to improve site performance. Aegis Mobile does not use Google Analytics for

advertising, remarketing, user profiling, or cross-site behavioral targeting and does not

engage in direct marketing to individuals.

Aegis Mobile may also utilize cookies and similar technologies through its customer support portal to support authentication, session management, security, and support functionality. Such technologies are used solely for operational and security purposes unless otherwise disclosed.

Where required by applicable law, analytics cookies are deployed only after obtaining user consent through a cookie consent mechanism. Visitors may manage cookie preferences through browser settings or available consent tools.

7. How We Use Information 

We process data to provide vetting, compliance, verification and business intelligence services; operate and secure our platforms; communicate with business contacts; perform analytics; and comply with legal obligations. 

8. Legal Bases for Processing (GDPR Alignment) 

Where the GDPR or UK Data Protection Act applies, Aegis Mobile relies on the following legal bases for processing: (a) performance of a contract, (b) legitimate interest in verifying and ensuring compliance in telecommunications and messaging programs, (c) compliance with legal obligations, and (d) consent, where required. 

9. Data Sharing and Onward Transfers 

We share limited personal and business contact information with service providers and partners who assist in providing our services, including cloud hosting, authentication, customer support, communications, and data verification providers (e.g., Microsoft Azure, Stytch, Zendesk). We may also share data with carriers or aggregators as permitted by contract. Cross-border data transfers are made in accordance with the Data Privacy Framework or other lawful transfer mechanisms such as Standard Contractual Clauses. 

Aegis Mobile uses Zendesk, Inc. to provide customer support and ticket management services. Information submitted through the customer support portal, including account information, support requests, communications, attachments, and related technical information, may be processed by Zendesk on Aegis Mobile’s behalf pursuant to contractual data protection and confidentiality obligations. 

10. Data Retention and Storage 

Aegis Mobile retains personal data only for the duration necessary to provide services under applicable customer agreements and in accordance with the retention schedules set forth in the DPA. Retention periods vary by data category and purpose and may be extended where required by law, regulatory obligations, or legal holds. 

Customer support records, support tickets, communications, diagnostic information, and associated attachments may be retained for operational, security, audit, compliance, and service improvement purposes in accordance with applicable retention requirements and legitimate business needs. 

Upon termination of services or upon customer instruction, personal data is returned or securely deleted in accordance with the DPA. 

11. Data Security 

Aegis Mobile implements appropriate technical and organizational measures to protect data against unauthorized access, disclosure, alteration, or destruction. All data is encrypted at rest (AES-256) and in transit (TLS 1.2 or higher). Access is restricted by role-based controls, and internal systems are managed through Microsoft Entra and Intune. Annual penetration testing and continuous monitoring further ensure system security 

12. Individual Rights (GDPR, UK GDPR & Global) 

Where the GDPR, UK GDPR, or similar data protection laws apply, individuals whose personal data is processed by Aegis Mobile on behalf of a customer may have the right to request access to, correction of, or deletion of their personal data, or to restrict or object to certain processing activities. 

For information processed by Aegis Mobile on behalf of its customers, requests relating to data subject rights should generally be directed to the relevant data controller. Where permitted by law and contract, Aegis Mobile will assist its customers in responding to such requests in accordance with the DPA. 

Individuals in the European Economic Area or the United Kingdom also have the right to lodge a complaint with their local supervisory authority. 

Provision of personal data is determined by the data controller and may be required for participation in messaging or communications programs. Aegis Mobile does not engage in automated decision-making or profiling with legal or similarly significant effects on individuals. 

For information collected and processed directly by Aegis Mobile, including customer support portal information and website-related information, individuals may submit privacy requests directly to Aegis Mobile using the contact information provided in this policy. 

13. California Privacy Rights (CCPA/CPRA Alignment) 

Aegis Mobile generally acts as a service provider under the CCPA and CPRA when processing personal information on behalf of its business customers. In certain circumstances, including operation of the Aegis Mobile website, customer support portal, customer account administration, and related business operations, Aegis Mobile may act as a business with respect to information collected directly for those purposes. 

Consumer rights requests should be submitted to the relevant business. Where required, Aegis Mobile will assist its customers in fulfilling such requests in accordance with the DPA. For information collected and processed directly by Aegis Mobile, including customer support portal information and website-related information, individuals may submit privacy requests directly to Aegis Mobile using the contact information provided in this policy. . 

14. Canada (PIPEDA) Notice 

Aegis Mobile processes personal information relating to Canadian residents solely on behalf of its business customers, who remain responsible for compliance with Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”). 

Aegis Mobile acts as a service provider / data processor and does not independently collect, use, or disclose personal information for its own purposes. Any personal information processed by Aegis Mobile is provided by, or submitted at the direction of, a customer acting as the data controller. 

Individuals seeking access to or correction of their personal information should contact the relevant organization that submitted the information. Where required, Aegis Mobile will assist its customers in responding to such requests in accordance with contractual obligations. 

Personal information processed by Aegis Mobile may be transferred to and processed in the United States or other jurisdictions. Such transfers are subject to contractual safeguards designed to provide a level of protection comparable to that required under Canadian law. 

Questions regarding privacy practices may be directed to privacy@aegismobile.com. Individuals also have the right to raise concerns with the Office of the Privacy Commissioner of Canada. 

15. Australia (Privacy Act 1988) Notice 

Aegis Mobile processes personal information relating to Australian residents solely on behalf of its business customers, in accordance with contractual instructions. Aegis Mobile acts as a data processor and does not independently determine the purposes or means of processing personal information. 

Any personal information processed by Aegis Mobile is provided by, or submitted at the direction of, a customer that is responsible for compliance with Australia’s Privacy Act 1988 and the Australian Privacy Principles (APPs). 

Personal information may be transferred to and processed in the United States or other jurisdictions as part of the provision of services. Such transfers are subject to contractual and technical safeguards designed to protect personal information in a manner consistent with the APPs. 

Requests for access to or correction of personal information should be directed to the relevant customer. Where required by law or contract, Aegis Mobile will assist its customers in responding to such requests. 

Privacy-related inquiries may be directed to privacy@aegismobile.com. Individuals may also raise concerns with the Office of the Australian Information Commissioner. 

16. Children’s Privacy 

Aegis Mobile services are intended exclusively for business and regulatory use. Aegis Mobile does not knowingly process personal data relating to children and does not market services to individuals. Where personal data relating to minors is submitted by a data controller, such processing occurs solely at the controller’s direction and responsibility. 

17. International Data Transfers (Data Privacy Framework) 

Aegis Mobile processes personal data in the United States and other jurisdictions at the direction of its customers. Where personal data originating from the European Union, United Kingdom, or Switzerland is transferred to the United States, such transfers are conducted pursuant to lawful transfer mechanisms, including: 

• the European Commission’s Standard Contractual Clauses (Module 2 – Controller to Processor); 
• the UK ICO Addendum to the SCCs; and 
• supplementary technical and organizational measures as described in our DPA. 

Aegis Mobile is preparing for certification under the EU–U.S. Data Privacy Framework, the UK Extension, and the Swiss–U.S. DPF. Until such certification is completed, Aegis Mobile does not rely on the DPF as a transfer mechanism. 

    17.1 Independent Recourse Mechanism (IRM) 

Upon completion of Data Privacy Framework certification, Aegis Mobile will designate an approved Independent Recourse Mechanism and update this policy accordingly. Until such time, inquiries regarding cross-border processing should be directed to the relevant data controller. 

18. Third-Party Processors and Service Providers 

We engage trusted third parties to support our operations, including cloud infrastructure, authentication, customer support, secure communications, and related business functions. Such providers may include Microsoft Azure, Stytch, Zendesk, and other service providers engaged to support the delivery, security, and administration of Aegis Mobile services. All third parties are bound by contractual obligations to handle data securely and in accordance with applicable privacy requirements. 

19. Contact Information 

For any questions or concerns regarding this policy or our privacy practices, please contact us at: Email: privacy@aegismobile.com Mail: Aegis Mobile LLC, 8605 Westwood Center Drive, Suite 506, Vienna VA 22182, USA 

20. Information Security Management and ISO 27001 Alignment 

Aegis Mobile maintains an Information Security Management System (ISMS) consistent with the principles of ISO/IEC 27001. 

Our ISMS supports the confidentiality, integrity, and availability of all data processed within our systems through risk-based controls, continuous monitoring, and regular management review. 

We apply a culture of continual improvement to our security practices, conduct periodic internal and external assessments, and ensure all staff receive ongoing security and privacy training. 

21. Policy Updates and Review 

This policy is reviewed periodically and updated as necessary. Where changes materially affect processing activities, customers will be notified through appropriate channels. Continued use of Aegis Mobile services after the effective date of an updated policy constitutes acknowledgment of the revised terms where permitted by applicable law.