Privacy Policy

Effective date: 3 July 2025

Telna, Inc. is a company registered in the Province of Ontario and performing eSIM services (“Services” or “eSIM Services”) under the brand Boost Mobile owned by DISH Wireless L.L.C. (“Boost Mobile”). The Services include the purchase of eSIMs on the Boost Mobile-branded website boostesim.com (the “Website”) and/or the Boost Mobile-branded application Boostesim (“the App”).

Telna recognizes the importance of your privacy. This Privacy Policy describes how Telna, as the primary Data Controller, collects, uses, shares, and protects your personal information, also known as personal data, through the Services. This Privacy Policy also tells you about your rights and choices with respect to your personal information, and how you can reach us to get answers to your questions.

By using the Services, or otherwise by using or visiting the Website, the App, any product, software, tool, data feed, related to the Services provided by Telna under the Boost Mobile brand, you understand and agree to the terms of this Privacy Policy.

This Privacy Policy explains how we collect, use, disclose, retain, and protect your personal information. Please read this Privacy Policy carefully.

Table of contents

1. Applicability of this Privacy Policy
2. How We Collect, Disclose, and Use Personal Information
3. Information We Collect
4. Data Retention
5. How We Use Information
6. How We Share Personal Information
7. Your Rights
8. Data Transfer & International Data Transfer
9. Security
10. Changes to This Policy
11. Children
12. Contact Information
13. Additional Information for California Residents

1. Applicability of this Privacy Policy

This Privacy Policy applies to users of the Services globally.

This Privacy Policy describes how we collect and use data of all Service users globally, unless they use a service covered by a separate privacy notice. This Privacy Policy specifically applies to:

• End Users: Individuals who use and interact directly with the Services for their personal use.

2. How we collect, disclose, and use personal information

We collect information about you in a variety of ways depending on how you interact with us and our Services, including:

• Directly from you when you provide it to us, such as when you register for an account, sign up to receive communications from us, place an order, make a purchase, or contact us by phone, email, or otherwise.
• Automatically, using cookies, server logs, and other similar technologies when you interact with us through our Services and/or through emails, where permitted by law or where you consent.
• From other sources, including, for example, our affiliates, business partners, service providers, online social media networks, and other third parties, or from publicly available sources.

Telna, in providing eSIM Services through the Website or the App, classifies data and information systems in accordance with legal requirements, sensitivity, and business criticality to ensure that information is given the appropriate level of protection. The “data controller” is Telna, which determines the purposes and means of the data processing taking place. The “data processor” is any entity acting on behalf, and under the instructions, of a controller in processing personal information. In certain limited circumstances, DISH Wireless L.L.C. may act as a Data Processor on behalf of Telna, specifically when providing basic customer service through its CXO agents.

Telna as a data controller

Telna assumes the role of data controller when it determines the purposes and means of processing personal data for the provision of eSIM Services. As a data controller, Telna is responsible for ensuring that personal data is processed in compliance with applicable data protection laws. Activities under Telna's data controller capacity include:

• Direct Sign-ups: Telna is the data controller when users sign up directly with the service. This applies to
  • B2C Context: End users who register directly for eSIM's Services.
• Key activities:
  • Service Delivery: Using data to provide Services.
  • Fraud Prevention: Monitoring and detecting fraudulent transactions and activities.
  • Legal Compliance: Adhering to applicable financial, legal, and regulatory obligations.
  • Service Enhancement: Developing and improving products and services based on data analysis.

3. Information we collect

The following provides examples of the type of information that we collect in a variety of contexts and how we use that information.

Context	Types of Data	Primary Purpose for Collection and Use of Data
Account Registration	We collect your name and contact information, including email, when you create an account. We also collect information relating to the actions that you perform while logged into your account.	We have a legitimate interest in providing account-related functionalities to our users. Accounts can be used for easy checkout and to save your preferences and transaction history. We may also process this information to fulfill our contract with you.
Biometric information	Biometric identifiers from photo IDs and selfies.	We process biometric information with your explicit consent in order to confirm your identity through the eKYC process where required by law.
Necessary Online Tracking Technologies	We use cookies and clear GIFs. “Cookies” are small pieces of information that a website sends to a computer’s hard drive while a website is viewed. Clear GIFs refer to pixels that are loaded by your browser when you access a website. These tracking technologies may collect information about your browser type, operating system, Internet Protocol (IP) address (a number that is automatically assigned to a computer when the internet is used), domain name, click-activity, referring website, and/or a date/time stamp for visitors.	We have a legitimate interest in making our website operate efficiently.
Non-Essential Tracking Technologies	We may place tracking technologies on our website (e.g., cookies or pixels) that collect analytics, record how you interact with our website, or allow us to participate in behavior-based advertising. These technologies may collect information about your browser type, operating system, Internet Protocol (IP) address (a number that is automatically assigned to a computer when the internet is used), domain name, click-activity, referring website, and/or a date/time stamp for visitors. We or a third party might also collect information over time and across different websites in order to serve advertisements on our website or other websites.	Where required by law, we base the use of third-party cookies upon consent.
Demographic Information	We collect personal information, such as your age or location.	We have a legitimate interest in understanding our users and providing tailored services.
Feedback/Support	If you provide us feedback or contact us for support, we will collect your name and email address, as well as any other content that you send to us, in order to reply.	We have a legitimate interest in receiving, and acting upon, your feedback or issues.
Mobile Devices	We collect information from your mobile device such as unique identifying information broadcast from your device when visiting our website.	We have a legitimate interest in identifying unique visitors and monitoring visits to our website.
Order Placement	We collect your name, billing address, shipping address, email address, phone number, and payment card number when you place an order.	We use your information to perform our contract to provide you with our Services.
Partner Promotion	We collect information that you provide as part of a co-branded promotion with another company.	We have a legitimate interest in fulfilling our promotions.
Surveys	When you participate in a survey, we collect information that you provide through the survey. If the survey is provided by a third party service provider, the third party’s privacy policy applies to the collection, use, and disclosure of your information.	We have a legitimate interest in understanding your opinions and collecting information relevant to our organization.

4. Data Retention

We retain your personal information only based upon the specific retention period below, to fulfill the purposes outlined in this Privacy Policy, including meeting any legal, accounting, or reporting requirements, unless a longer retention period is required or permitted by law. When determining the appropriate retention period, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure, the purposes for which we collected the information and whether we can achieve those purposes through other means, as well as applicable legal requirements.

• Account Registration Information: Retained for the duration of your account’s existence plus an additional 5 years post account deletion to comply with legal obligations, resolve disputes, and enforce our agreements.
• Financial Data: Retained for 7 years following the completion of the transaction to comply with tax and accounting laws.
• Biometric Information: Retained only for the duration necessary to fulfill the specific purposes it was collected for, such as identity verification through the eKYC process, and then securely deleted or anonymized. Biometric data would not be stored for longer than 1 year unless required for regulatory compliance.
• Order Placement Information: Retained for 6 years to comply with legal and regulatory requirements related to commerce, customer support, and warranty provisions.
• Feedback/Support Data: Retained for 1 year after the last interaction to ensure we have sufficient history to reference in case of recurring issues or follow-up support is needed.
• Non-Essential Tracking Technologies Data: Data collected via cookies and similar technologies will be retained for a period not exceeding 13 months from the date of collection.

Upon expiry of the retention periods, personal information is securely deleted or anonymized so it can no longer be associated with an individual.

5. How We Use Personal Information

In addition to the purposes and uses described above, we use information in the following ways:

• To identify you when you visit our websites.
• To provide products and services or process returns.
• To improve our services and product offerings.
• To streamline the checkout process.
• To conduct analytics.
• To communicate with you, such as responding to and following up on your requests, inquiries, issues, or feedback.
• To send marketing and promotional materials, including information about our products, services, sales, or promotions, or those of our business partners.
• To detect and protect against malicious, deceptive, fraudulent, or illegal activity, including violations of our policies and terms, security incidents, and harm to the rights, property, or safety of our company, users, employees, or others.
• To debug, identify, and repair errors that impair the intended functionality of our website and services.
• To comply with our legal or regulatory obligations, establish or exercise our rights, and defend against legal claims.
• For internal administrative purposes, as well as to manage our relationships.
• For such other purposes as you may consent to from time to time.

Although the sections above describe our primary purposes for collecting your information, we often have more than one purpose. For example, if you complete an online purchase, we collect your information to perform our contract with you, and we also have a legitimate interest in retaining your information after your transaction is complete to quickly and easily respond to any questions about your order. As a result, our collection and processing of your information is based on your consent, our need to perform a contract, our legal obligations, and/or our legitimate interest in conducting our business.

6. How We Share Personal Information

In addition to the specific situations discussed elsewhere in this Privacy Policy, we may disclose personal information in the following situations:

• Affiliates and Acquisitions: We may share information with our corporate affiliates (e.g., parent company, sister companies, subsidiaries, joint ventures, or other companies under common control). If another company acquires, or plans to acquire, our company, business, or assets, we will share information with that company, including at the negotiation stage.
• Other Disclosures Without Your Consent: We may disclose information in response to subpoenas, warrants, or court orders, or in connection with any legal process, or to comply with relevant laws. We may also share your information to establish or exercise our rights, defend against a legal claim, investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of persons or property, violations of our policies, or to comply with your request for the shipment of products or the provision of services by a third-party intermediary.
• Partner Promotion: We may offer promotions with third-party partners. If you decide to enter a promotion sponsored by a third-party partner, the information you provide will be shared with us and with them. Their use of your information is not governed by this privacy policy.
• Service Providers: We may share your information with service providers who help us administer our website, provide services for the effective functioning of our business, offer technical support, process payments, and assist in fulfilling orders.
• Other Disclosures With Your Consent: We may disclose your information to other third parties when we have your consent or direction to do so.

7. Your Rights

Depending on your location and subject to applicable law, you may have the following rights:

• Access Your Data: The right to request that we disclose the personal information we collect, use, or disclose about you, and information about our data practices. In certain limited circumstances, you may also request to receive access to your personal information in a portable, machine-readable format.
• Verify and Seek Rectification: The right to request that we correct inaccurate personal information that we maintain about you. We rely on you to update and correct your personal information. Our website allows you to modify or delete your account profile. If our website does not permit you to update or correct certain information, you can contact us to request that your information be modified. Note that we may keep historical information in our backup files as permitted by law.
• Have Your Personal Information Deleted or Otherwise Removed: The right to request that we delete personal information that we have collected about you.
• Withdraw Your Consent at Any Time: The right to withdraw consent where you have previously given consent to the processing of your personal information.
• Object to Processing of Your Personal Information: The right to object to the processing of your personal information if the processing is carried out on a legal basis other than consent.
• Online Tracking: We do not currently recognize the “Do Not Track” signal.

Please note that not all of the rights described above are absolute and they do not apply in all circumstances. In some cases, we may limit or deny your request because the law permits or requires us to do so, or if we are unable to adequately verify your identity. We will not discriminate against individuals who exercise their privacy rights under applicable law.

To submit a request to exercise any of the rights described above, or to appeal a determination we made related to a data subject rights request, please contact us using the information below or via our Contact Us page. Note that, as required by law, we will require you to prove your identity. Depending on your request, we may ask for information such as your name, the last item you purchased from us, or the date of your last purchase from us. We may also ask you to provide a signed declaration confirming your identity. Following a request, we will use reasonable efforts to supply, correct, or delete personal information about you in our files.

In some circumstances, you may designate an authorized agent to submit requests to exercise certain privacy rights on your behalf. If you are an authorized agent submitting a request on behalf of an individual, you must attach a copy of a signed document indicating that you are authorized to act on another person’s behalf.

When Does Telna Continue to Process Data After It Has Received a Deletion Request or Objection to the Processing?

In certain circumstances, Telna may be required by law to retain and process your personal data even after a deletion request or objection to the processing. For instance, Telna is required to retain certain personal information to satisfy legal obligations under Know Your Customer (KYC) and payment transaction details.

8. Data Transfer & International Data Transfer

The Service is owned by Telna and may be accessed in Europe and abroad. As a result, your information may be processed in a foreign country where privacy laws may be less stringent than the laws in your country. Nonetheless, where possible, we take steps to treat personal information using the same privacy principles that apply under the law of the country in which we first received your information. By submitting your personal information to us, you agree to the transfer, storage, and processing of your information in a country other than your country of residence, including, but not necessarily limited to, the United States. If you would like more information concerning our attempts to apply the privacy principles applicable in one jurisdiction to data when it goes to another jurisdiction, you can contact us using the information below.

9. Security

We follow generally accepted industry standards to help protect your personal information. No method of transmission over the internet, mobile technology, or method of electronic storage is completely secure. Therefore, while we strive to maintain physical, electronic, and procedural safeguards to protect the confidentiality of the information we collect online, we cannot guarantee its absolute security.

Service users remain responsible for keeping their passwords and credentials secure. If you believe that your interaction with us is no longer secure, please immediately notify us of the problem by contacting us on the Customer Support tab or send a message to support@telna.com.

10. Changes to This Policy

We reserve the right to change the terms of this Privacy Policy at any time. If there are material changes to this statement or how we will use your personal information, we will notify you by prominently posting a notice of such changes here or on our home page, or by sending you an email. We encourage you to review this policy whenever you visit one of our websites or applications. Our privacy policy includes an “effective” and “last updated” date. The effective date refers to the date that the current version took effect. The last updated date refers to the date that the current version was last substantively modified.

11. Children

Our Services are not intended for children under the age of 13 and we do not knowingly collect personal information from unemancipated minors under age 16, without parental consent. Children under the age of 13 should not provide their personal information to us.

12. Contact Information

If you have any questions, comments, appeals, or complaints concerning our privacy practices, or if you need to access this Privacy Policy in an alternative format due to having a disability, please contact us at the appropriate address below. We will attempt to respond to your requests and provide you with additional privacy-related information.

support@telna.com

If you are not satisfied with our response, and are in the European Union or United Kingdom, you may have a right to lodge a complaint with your local supervisory authority.

13. Additional Information for California Residents

California law requires us to disclose the following additional information related to our privacy practices. If you are a California resident, the following privacy disclosures apply to you in addition to the rest of the Privacy Policy.

• California Shine the Light: If you would like more information concerning the categories of personal information (if any) we share with third parties or affiliates for those parties to use for direct marketing, please submit a written request to us using the information in the Contact Information section above.
• Notice of Collection: The table below describes the categories of personal information we collect, disclose for a business purpose, “sell” and/or “share” (as those terms are defined by California law). Please note, in addition to the recipients identified below, we may disclose any of the categories of personal information we collect with government entities, as may be needed to comply with law or prevent illegal activity. We do not “sell” your personal information for money. As discussed elsewhere in the Privacy Policy, we use cookies and similar tracking technologies for purposes of targeted advertising. For more information, please see the Cookies and Other Technologies section of the Privacy Policy. For details regarding how we use personal information, please see the Information We Collect section of the Privacy Policy.

Category of Personal Information	Category of Recipients
Disclosures for a Business Purpose	Sharing for Cross-Context Behavioral Advertising
Identifiers – this may include real name, alias, postal address, unique personal identifier, online identifier, email address, account name, or other similar identifiers.	Affiliates or subsidiaries, Business partners, Data analytics providers, Internet service providers, Joint marketing partners, Operating systems and platforms, Other Service Providers, Payment processors and financial institutions, Professional services organizations (including auditors and law firms), Social networks, Advertising networks
Government Issued Identification – this may include social security number, driver’s license number, state issued identification number, or passport number.	Network operators (where eKYC is required), Professional services organizations (including auditors and law firms)
Financial Information – this may include bank account number, credit card number, debit card number, and other financial information.	Operating systems and platforms, Payment processors and financial institutions, Professional services organizations (including auditors and law firms)
Characteristics of protected classifications – this may include age, sex, race, ethnicity, physical, or mental handicap, etc.	Network operators (where eKYC is required), Professional services organizations (including auditors and law firms)
Commercial information – this may include information about products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	Affiliates or subsidiaries, Business partners, Data analytics providers, Internet service providers, Joint marketing partners, Operating systems and platforms, Other Service Providers, Payment processors and financial institutions, Professional services organizations (including auditors and law firms), Social networks
Internet or other electronic network activity information – this may include browsing history, search history, and information regarding an individual’s interaction with an internet website, application, or advertisement.	Data analytics providers, Advertising networks
Professional or employment-related information	Affiliates or subsidiaries, Business partners, Operating systems and platforms, Other Service Providers, Professional services organizations (including auditors and law firms)
Non-public education information (as defined in the Family Educational Rights and Privacy Act)	Affiliates or subsidiaries, Business partners, Operating systems and platforms, Other Service Providers, Professional services organizations (including auditors and law firms)

Category of Personal Information	Category of Recipients
Additional categories of personal information described in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) – this may include signature, physical characteristics, or description, insurance policy number.	Network operators (where eKYC is required), Professional services organizations (including auditors and law firms)

California Sensitive Information Disclosure: We collect the following categories of sensitive personal information (as defined under California law): biometric information, geolocation, social security number or other government issued ID information, account log-in, payment information. This information is collected to process transactions, comply with laws, manage our business, or provide you with services. Note that we do not use such information for any purposes that are not identified within the California Privacy Rights Act Section 1798.121.