Privacy Policy

Last updated: March 1, 2026

This Privacy Policy explains how Stone Phone ("we," "us," or "our") collects, uses, and protects your personal information when you use our subscription service ("Service") and website. By subscribing to the Service, you consent to the practices described in this policy.

1. Information We Collect

Information you provide directly:

• Account information: Name and email address, as provided through Stripe during checkout.
• App selections: The apps you choose at signup and any subsequent change requests.
• Payment information: Credit card or payment method details. These are collected and stored by Stripe, our payment processor — we do not store your payment details on our servers.
• Shipping address: To deliver the device to you.
• Support communications: Any messages you send to us via text, email, or other support channels.

Information collected through the device (MDM):

• Which apps are installed on the device.
• Whether the device is active (powered on and enrolled).
• Device identifiers (serial number, UDID) for device management purposes.
• Operating system version and MDM compliance status.

Information collected through the website:

• Standard web server logs (IP address, browser type, pages visited) collected by our hosting provider, Cloudflare.

2. Information We Do NOT Collect

This is important. Our MDM technology controls which apps and websites are available on the device. It does not give us access to your personal content. We cannot and do not collect, view, or access:

• Your text messages, iMessages, or message content
• Your phone calls or call recordings
• Your photos, videos, or camera roll
• Your email content
• Your browsing history or search queries
• Your GPS location or location history
• Your contacts or address book
• Your notes, calendar entries, or reminders
• Any files, documents, or data stored on the device
• Your passwords, authentication tokens, or biometric data

Think of it like a landlord who controls which appliances are in the apartment but doesn't have a camera inside. We manage the apps — we don't monitor what you do with them.

3. How We Use Your Information

We use the information we collect to:

• Set up and configure your device based on your plan and app selections.
• Process your subscription payments and manage your billing.
• Ship the device to you and process returns.
• Process change requests to your app list.
• Provide customer support.
• Ensure the device remains properly enrolled and configured.
• Send you essential service communications (shipping updates, billing notices, Terms changes).

We do not sell, rent, or share your personal information with third parties for marketing purposes.

4. Third-Party Services

We use the following third-party services to operate the Service:

• Stripe — Payment processing. Stripe collects and stores your payment information under their own privacy policy. See: stripe.com/privacy
• Cloudflare — Website hosting and content delivery. Cloudflare may collect standard web traffic data. See: cloudflare.com/privacypolicy
• Apple MDM / Third-party MDM provider — Device management. Used to enforce app restrictions and device configuration. The MDM provider can see device-level information (installed apps, device status) but not personal content as described in Section 2.
• Email service provider — For transactional emails (order confirmations, shipping notifications). Your email address is shared with our email provider solely for the purpose of delivering service-related messages.

5. Data Retention

• Account information: Retained for the duration of your subscription and for 12 months after cancellation, for billing and dispute resolution purposes.
• Payment records: Retained by Stripe per their data retention policies and as required by law.
• App selection history: Retained for the duration of your subscription to process change requests. Deleted within 30 days of cancellation.
• Device management data: MDM enrollment is removed from the device upon return. Device identifiers are deleted within 30 days of receiving the returned device.
• Support communications: Retained for 12 months after your last interaction for quality and reference purposes.

6. Data Security

We take reasonable measures to protect your personal information, including:

• All data transmitted between you and our services is encrypted using TLS/SSL.
• Payment processing is handled entirely by Stripe, which is PCI DSS Level 1 certified.
• Access to customer data is limited to authorized personnel who need it to operate the Service.
• MDM communications with the device are encrypted.

No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: You may request a copy of the personal information we hold about you.
• Correction: You may request that we correct inaccurate information.
• Deletion: You may request that we delete your personal information, subject to our legal obligations and legitimate business needs.
• Portability: You may request your data in a structured, machine-readable format.
• Opt-out: You may opt out of non-essential communications at any time.

To exercise any of these rights, contact us at the address below. We will respond within 30 days.

8. California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• The right to know what personal information we collect and how it is used.
• The right to request deletion of your personal information.
• The right to non-discrimination for exercising your privacy rights.

We do not sell personal information to third parties as defined by the CCPA.

9. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 18, we will delete it promptly.

10. Cookies and Tracking

Our website does not use cookies for tracking or advertising purposes. Cloudflare may use essential cookies for security and performance purposes (e.g., bot detection, DDoS protection). We do not use analytics tools that track individual users across websites.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email at least 30 days before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision.

12. Contact

If you have questions about this Privacy Policy or want to exercise your data rights, contact us at:

Stone Phone
Email: privacy@stonephone.co