Gupi Mobile — Connecting Together

Privacy Policy

Last updated: 1 May 2025

Gupi Mobile takes your privacy seriously. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller: Gupi Mobile Ltd. Contact: [email protected]

1. Data We Collect

Account data

Name, email address, and password (stored as a secure hash) when you create an account.

SIM and service data

Your SIM phone number (MSISDN), ICCID, and subscription status provided when you link a SIM. Call Data Records (CDRs) showing duration and destination of calls, SMS, and data usage — used for billing and support.

Payment data

Payment is processed entirely by Stripe. We store only a Stripe customer reference and the last 4 digits of your payment card. We never store full card numbers.

Device and technical data

IP address, browser type, and device identifier collected when you use our web portal or app, for security, fraud prevention, and diagnosing technical issues.

Communications

Records of emails or messages you send to our support team, used to respond to your queries.

2. Why We Process Your Data

We process your personal data on the following legal bases:

  • Contract performance — to provide the mobile service, process payments, manage your account, and handle billing.
  • Legal obligation — to comply with Ofcom regulations, HMRC requirements, and lawful requests from authorities (e.g. emergency services access to network data).
  • Legitimate interests — to prevent fraud, secure our network, send service-related communications, and improve our services.
  • Consent — for marketing emails, where you have opted in. You can withdraw consent at any time.

3. Who We Share Data With

We share data only where necessary:

  • Tata Communications (network partner) — to provision and manage SIM connectivity.
  • Stripe Inc. — to process payments securely.
  • AWS (Amazon Web Services) — for hosting our platform and sending transactional emails via Amazon SES.
  • Legal authorities — when required by law or court order.

We do not sell your personal data to third parties.

4. International Transfers

Some of our service providers (including AWS and Stripe) may process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the ICO.

5. How Long We Keep Your Data

  • Account data: retained for 6 years after account closure (legal/tax compliance).
  • Call Data Records: retained for 12 months.
  • Payment records: retained for 7 years (HMRC requirement).
  • Support communications: retained for 3 years.

6. Your Rights

Under UK GDPR, you have the right to:

  • Access a copy of the personal data we hold about you.
  • Rectify inaccurate data.
  • Erase your data ("right to be forgotten") in certain circumstances.
  • Restrict processing while a dispute is resolved.
  • Data portability — receive your data in a machine-readable format.
  • Object to processing based on legitimate interests.
  • Withdraw consent for marketing at any time.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

7. Cookies

We use cookies to keep you logged in and to analyse how our site is used. See our Cookie Policy for full details.

8. How to Complain

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or call 0303 123 1113.

9. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you by email of any material changes before they take effect.

← Back to Gupi Mobile