Privacy Policy

Aegis Mobile Global Privacy Policy 

Effective Date: January 20, 2026
Version: 1.0 

1. Introduction 

Aegis Mobile LLC ('Aegis Mobile', ‘Aegis’, 'we', 'us', or 'our') respects the privacy of our business partners, clients, and the individuals whose information we process. This Global Privacy Policy describes how we collect, use, share, and protect personal information across our platforms and services. It aligns with the principles of the EU–U.S. Data Privacy Framework (DPF), its UK and Swiss extensions, the General Data Protection Regulation (GDPR), Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”), the Australia’s Privacy Act 1988 and the Australian Privacy Principles (APPs), and applicable U.S. state privacy laws including the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). 

2. Who We Are 

Aegis Mobile LLC is headquartered at 8605 Westwood Center Drive, Suite 506, Vienna VA 22182, USA. We provide vetting, compliance, monitoring and business intelligence services for messaging and communication programs across multiple platforms. 

3. Role as Data Processor 

Aegis Mobile acts solely as a data processor (and, where applicable, a “service provider” under California law) on behalf of its business customers. All personal data processed by Aegis Mobile is provided by, or collected at the direction of, business customers who act as the data controllers (or “businesses” under CCPA/CPRA). 

Aegis Mobile does not determine the purposes or means of processing personal data and does not process personal data for its own independent purposes. All processing activities are governed by applicable customer agreements and the Aegis Mobile Data Processing Agreement (“DPA”). 

4. Scope of This Policy 

This policy applies to all Aegis Mobile products and services, including AI3MS, PMP, Constellation, and related APIs. It covers the processing of personal and business contact information associated with organizations and their representatives. 

5. Information Processed on Behalf of Customers 

Aegis Mobile processes information solely on behalf of its business customers and at their direction in connection with providing vetting, compliance, and monitoring services. Aegis Mobile does not independently collect personal information from individuals. 

The categories of information processed may include business-related personal data submitted by customers, such as organization names, contact names, business titles, email addresses, phone numbers, and related identifiers required for verification and vetting purposes. 

In the course of providing services, Aegis Mobile may also process technical and operational data, including log files, IP addresses, and system metadata, where such data is generated through customer use of the platform and processed solely for security, integrity, and operational purposes. 

Media files or materials (such as logos, images, or documents) submitted by customers for analysis may incidentally contain personal data. Such data is processed strictly in accordance with customer instructions and applicable agreements. 

Aegis Mobile does not use processed information for marketing, advertising, profiling, or any independent commercial purpose. 

6. Cookies and Tracking Technologies 

The Aegis Mobile public website uses cookies and similar technologies for security, site functionality, and limited analytics purposes.   In particular, Aegis Mobile uses Google Analytics to measure page views, site usage, and aggregate visitor statistics. 

Google Analytics cookies are used solely to understand how visitors interact with the website and to improve site performance. Aegis Mobile does not use Google Analytics for advertising, remarketing, user profiling, or cross-site behavioral targeting and does not engage in direct marketing to individuals. 

Where required by applicable law, analytics cookies are deployed only after obtaining user consent through a cookie consent mechanism. Visitors may manage cookie preferences through browser settings or available consent tools. 

7. How We Use Information 

We process data to provide vetting, compliance, verification and business intelligence services; operate and secure our platforms; communicate with business contacts; perform analytics; and comply with legal obligations. 

8. Legal Bases for Processing (GDPR Alignment) 

Where the GDPR or UK Data Protection Act applies, Aegis Mobile relies on the following legal bases for processing: (a) performance of a contract, (b) legitimate interest in verifying and ensuring compliance in telecommunications and messaging programs, (c) compliance with legal obligations, and (d) consent, where required. 

9. Data Sharing and Onward Transfers 

We share limited personal and business contact information with service providers and partners who assist in providing our services, including cloud hosting, authentication, and data verification providers (e.g., Microsoft Azure, Stytch). We may also share data with carriers or aggregators as permitted by contract. Cross-border data transfers are made in accordance with the Data Privacy Framework or other lawful transfer mechanisms such as Standard Contractual Clauses. 

10. Data Retention and Storage 

Aegis Mobile retains personal data only for the duration necessary to provide services under applicable customer agreements and in accordance with the retention schedules set forth in the DPA. Retention periods vary by data category and purpose and may be extended where required by law, regulatory obligations, or legal holds. 

Upon termination of services or upon customer instruction, personal data is returned or securely deleted in accordance with the DPA. 

11. Data Security 

Aegis Mobile implements appropriate technical and organizational measures to protect data against unauthorized access, disclosure, alteration, or destruction. All data is encrypted at rest (AES-256) and in transit (TLS 1.2 or higher). Access is restricted by role-based controls, and internal systems are managed through Microsoft Entra and Intune. Annual penetration testing and continuous monitoring further ensure system security. 

12. Individual Rights (GDPR, UK GDPR & Global) 

Where the GDPR, UK GDPR, or similar data protection laws apply, individuals whose personal data is processed by Aegis Mobile on behalf of a customer may have the right to request access to, correction of, or deletion of their personal data, or to restrict or object to certain processing activities. 

Because Aegis Mobile acts solely as a data processor, requests relating to data subject rights should generally be directed to the relevant data controller. Where permitted by law and contract, Aegis Mobile will assist its customers in responding to such requests in accordance with the DPA. 

Individuals in the European Economic Area or the United Kingdom also have the right to lodge a complaint with their local supervisory authority. 

Provision of personal data is determined by the data controller and may be required for participation in messaging or communications programs. Aegis Mobile does not engage in automated decision-making or profiling with legal or similarly significant effects on individuals. 

13. California Privacy Rights (CCPA/CPRA Alignment) 

Aegis Mobile acts solely as a service provider under the CCPA and CPRA and processes personal information only on behalf of its business customers. Aegis Mobile does not sell or share personal information and does not use personal information for purposes other than providing contracted services. 

Consumer rights requests should be submitted to the relevant business. Where required, Aegis Mobile will assist its customers in fulfilling such requests in accordance with the DPA. 

14. Canada (PIPEDA) Notice 

Aegis Mobile processes personal information relating to Canadian residents solely on behalf of its business customers, who remain responsible for compliance with Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”). 

Aegis Mobile acts as a service provider / data processor and does not independently collect, use, or disclose personal information for its own purposes. Any personal information processed by Aegis Mobile is provided by, or submitted at the direction of, a customer acting as the data controller. 

Individuals seeking access to or correction of their personal information should contact the relevant organization that submitted the information. Where required, Aegis Mobile will assist its customers in responding to such requests in accordance with contractual obligations. 

Personal information processed by Aegis Mobile may be transferred to and processed in the United States or other jurisdictions. Such transfers are subject to contractual safeguards designed to provide a level of protection comparable to that required under Canadian law. 

Questions regarding privacy practices may be directed to privacy@aegismobile.com.  Individuals also have the right to raise concerns with the Office of the Privacy Commissioner of Canada. 

15. Australia (Privacy Act 1988) Notice 

Aegis Mobile processes personal information relating to Australian residents solely on behalf of its business customers, in accordance with contractual instructions. Aegis Mobile acts as a data processor and does not independently determine the purposes or means of processing personal information. 

Any personal information processed by Aegis Mobile is provided by, or submitted at the direction of, a customer that is responsible for compliance with Australia’s Privacy Act 1988 and the Australian Privacy Principles (APPs).  

Personal information may be transferred to and processed in the United States or other jurisdictions as part of the provision of services. Such transfers are subject to contractual and technical safeguards designed to protect personal information in a manner consistent with the APPs. 

Requests for access to or correction of personal information should be directed to the relevant customer. Where required by law or contract, Aegis Mobile will assist its customers in responding to such requests. 

Privacy-related inquiries may be directed to privacy@aegismobile.com.  Individuals may also raise concerns with the Office of the Australian Information Commissioner. 

16. Children’s Privacy 

Aegis Mobile services are intended exclusively for business and regulatory use. Aegis Mobile does not knowingly process personal data relating to children and does not market services to individuals. Where personal data relating to minors is submitted by a data controller, such processing occurs solely at the controller’s direction and responsibility. 

17. International Data Transfers (Data Privacy Framework) 

Aegis Mobile processes personal data in the United States and other jurisdictions at the direction of its customers. Where personal data originating from the European Union, United Kingdom, or Switzerland is transferred to the United States, such transfers are conducted pursuant to lawful transfer mechanisms, including: 

• the European Commission’s Standard Contractual Clauses (Module 2 – Controller to Processor); 
• the UK ICO Addendum to the SCCs; and 
• supplementary technical and organizational measures as described in our DPA. 

Aegis Mobile is preparing for certification under the EU–U.S. Data Privacy Framework, the UK Extension, and the Swiss–U.S. DPF. Until such certification is completed, Aegis Mobile does not rely on the DPF as a transfer mechanism. 

    17.1 Independent Recourse Mechanism (IRM) 

Upon completion of Data Privacy Framework certification, Aegis Mobile will designate an approved Independent Recourse Mechanism and update this policy accordingly. Until such time, inquiries regarding cross-border processing should be directed to the relevant data controller. 

18. Third-Party Processors and Service Providers 

We engage trusted third parties to support our operations, including cloud infrastructure, authentication, and secure communications. All third parties are bound by contractual obligations to handle data securely and in accordance with applicable privacy requirements. 

19. Contact Information 

For any questions or concerns regarding this policy or our privacy practices, please contact us at: Email: privacy@aegismobile.com Mail: Aegis Mobile LLC, 8605 Westwood Center Drive, Suite 506, Vienna VA 22182, USA 

20. Information Security Management and ISO 27001 Alignment 

Aegis Mobile maintains an Information Security Management System (ISMS) consistent with the principles of ISO/IEC 27001. 

Our ISMS supports the confidentiality, integrity, and availability of all data processed within our systems through risk-based controls, continuous monitoring, and regular management review. 

We apply a culture of continual improvement to our security practices, conduct periodic internal and external assessments, and ensure all staff receive ongoing security and privacy training. 

21. Policy Updates and Review 

This policy is reviewed periodically and updated as necessary. Where changes materially affect processing activities, customers will be notified through appropriate channels. Continued use of Aegis Mobile services after the effective date of an updated policy constitutes acknowledgment of the revised terms where permitted by applicable law.