Privacy Policy

1. Plain-language summary

The legally binding version of this Policy is everything below. This summary is not a substitute. We wrote it so you can understand the basics in plain English:

• We're not a phone company. Cliq Mobile is an independent resource site and a seller of unlocked phones. We do not provide Lifeline or any other phone service.
• We collect only what we need. For email subscribers: your email address, your ZIP code, optional qualifying-program selections, and technical signals from your browser. For shop customers: shipping address, email, order details. We do not collect phone numbers, Social Security numbers, health information, date of birth, or the dollar amount of your income.
• We never sell your personal information in the traditional sense. We do earn commissions when you click through to Lifeline providers we list, and the California Consumer Privacy Act treats some cookie-based interactions as a "sale" or "share." You can opt out any time.
• You can unsubscribe, update your preferences, or request deletion at any time — details below.
• We use vendors for hosting (Railway, Cloudflare), database and email infrastructure (Supabase, Resend), payment processing (Stripe), analytics (Google Analytics), and advertising. They see only what they need to do their job.

2. Who we are

This website — www.gocliqmobile.com, including all subdomains — is operated by Cliq Communications LLC, doing business as Cliq Mobile, a Florida limited liability company. We are the "data controller" for purposes of the European General Data Protection Regulation and the "business" for purposes of the California Consumer Privacy Act as amended by the California Privacy Rights Act (collectively, "CCPA").

Mailing address: 620 S Le Jeune Rd, Coral Gables, FL 33134.
Contact email: [email protected].
Privacy email: [email protected].

What we do. Cliq Mobile is an independent consumer resource site. We (i) publish editorial comparisons and reviews of third-party Lifeline providers, (ii) sell unlocked mobile phones through our online shop, and (iii) earn affiliate commissions from some of the providers we list. We are not a Lifeline service provider and we do not provide wireless telecommunications service. To receive Lifeline service, you must enroll directly with an Eligible Telecommunications Carrier ("ETC") authorized by the Federal Communications Commission. See our Affiliate Disclosure and About page for more.

No government affiliation. Cliq Mobile is not affiliated with, endorsed by, or sponsored by the FCC, the Universal Service Administrative Company ("USAC"), the U.S. government, or any state government or state-level assistance program. Information about federal programs (including Lifeline) is provided for your convenience; you should verify program rules, eligibility, and application processes with the administering authority.

3. Information we collect

We collect personal information in three ways: (a) directly from you, (b) automatically through your browser and device, and (c) from third parties in limited circumstances described below.

3.1 Information you give us directly

• Email capture / newsletter signup: your email address; a U.S. ZIP code; optional qualifying-program selections (e.g., SNAP, Medicaid, SSI, Veterans Pension); optional age bracket (under 65 or 65+); consent timestamp and the exact consent language shown at the time of signup.
• California LifeLine renewal-reminder signup: in addition to the above, your California LifeLine signup month and year (used to calculate projected renewal dates).
• Online shop purchases: name, shipping address, email address, order items, and order history. You enter payment-card details directly with our third-party payment processor; we do not receive or store full payment- card information (see §7).
• Contact-form inquiries: your name, email address, and the content of your message.
• Subject-access or deletion requests: the information required to verify your identity and fulfill your request.

3.2 Information collected automatically

• Device and browser signals: IP address, user agent, operating system, browser type and version, device type, screen size, and language preference.
• Usage data: pages visited, time on page, referring URL, search queries (site search), clicks on affiliate and product links, submission events for capture widgets.
• Approximate location: coarse geolocation derived from your IP address (for state-level personalization, not precise location).
• UTM / campaign parameters appended to our inbound URLs, where present.
• Cookies and similar technologies. See §8.

3.3 Information from third parties

• Analytics providers (e.g., Google Analytics) provide aggregated reporting on site traffic.
• Payment processor (Stripe) confirms payment status, but does not disclose full card numbers to us.
• Affiliate networks report conversions on applications you submit to partnered Lifeline providers (not the content of those applications).
• Shipping carriers provide delivery status.
• Email deliverability vendors (Resend) provide delivery, bounce, and engagement signals on our transactional and marketing emails.

3.4 Sensitive personal information (and what we do with it)

Under the CCPA, "sensitive personal information" includes precise geolocation, certain health information, racial or ethnic origin, religious beliefs, account credentials, and other categories. We do not intentionally collect sensitive personal information. We do not use any information we collect to infer characteristics about you (e.g., religion, health conditions, political views, or protected classifications).

One edge case: a user's voluntary selection of a qualifying benefit program (such as Medicaid or Veterans Pension) may, in some interpretations, be characterized as adjacent to sensitive information. We process these selections solely for the purpose for which you provided them (matching you to an appropriate Lifeline provider) and do not use them to infer or disclose additional characteristics.

4. Information we do not collect

By policy, we do not collect any of the following, and you should not submit them to us:

• Telephone numbers. We do not ask for or accept phone numbers on any signup form. This is a deliberate choice to avoid the Telephone Consumer Protection Act ("TCPA") and FCC rules applicable to phone-number- based outreach, including the 2024 one-to-one consent rule (47 CFR § 64.1200(a)(10)).
• Social Security numbers or the last four digits thereof.
• Financial account numbers beyond what our payment processor requires for a given transaction.
• Full payment-card data. Card details go directly from your browser to our payment processor.
• Date of birth (we collect age bracket only, and only optionally).
• Dollar amount of household income (we present "income-based" as a yes/no selection).
• Health information, medical records, prescription details, or insurance claims data.
• Full home address for email-only subscribers (we collect ZIP code only). Shipping address is collected for shop purchases because it is necessary to ship the product.
• Biometric identifiers such as fingerprints, voiceprints, or facial geometry.
• Children's data. See §11.

5. How we use information

We use personal information only for purposes you would reasonably expect from a resource site and phone retailer:

• To deliver the content you signed up for (provider comparisons, state-specific guides, California LifeLine renewal reminders).
• To verify email ownership through a double opt-in confirmation workflow before sending marketing email.
• To fulfill shop orders (processing, shipping, returns, and related customer service).
• To personalize content by state (state-level provider lists, state-specific eligibility notes).
• To measure and improve the site (aggregated analytics, A/B testing of copy and layout, spam and fraud prevention).
• To comply with law (tax records for shop transactions, CAN-SPAM record-keeping, FTC endorsement-guide record-keeping, responding to subpoenas and lawful process).
• To detect and prevent abuse (bot signups, coordinated spam, payment fraud).
• To send you transactional emails relating to your account, subscription, or order (these are not marketing emails and cannot be unsubscribed from until the underlying activity completes).

We do not use personal information to train machine-learning models, sell user profiles, or operate any credit-scoring, insurance-underwriting, or employment-decision system.

6. Legal bases for processing (GDPR)

For individuals in the EU, UK, or other jurisdictions requiring a specific legal basis, our processing rests on:

• Consent (Art. 6(1)(a) GDPR) — email-capture signups, optional cookies, and any processing where we ask and you agree.
• Contract (Art. 6(1)(b)) — performance of our shop sales contract with you.
• Legitimate interests (Art. 6(1)(f)) — site operation, security, fraud prevention, measurement of the effectiveness of our content, and limited cookie-based analytics, provided these interests are not overridden by your fundamental rights.
• Legal obligation (Art. 6(1)(c)) — tax, record-keeping, and responding to lawful government requests.

7. How we share information

We do not sell personal information for money in the traditional sense. We share limited information with the following categories of third parties, for the purposes described. A current list of material service providers appears at the end of this section.

7.1 Service providers ("processors")

These vendors process personal information on our behalf and are bound by contractual confidentiality obligations and, where applicable, CCPA-compliant service-provider or GDPR data-processing terms.

• Hosting and content delivery: Railway (application hosting) and Cloudflare (CDN and DDoS protection).
• Database and backend: Supabase (PostgreSQL hosting, authentication, scheduled jobs).
• Email delivery: Resend (transactional and marketing email sending, delivery and engagement analytics).
• Payment processing: Stripe (card-not-present transactions for shop purchases). Stripe collects card data directly; we receive only a transaction reference and basic order metadata.
• Shipping carriers: USPS, UPS, FedEx, or others as needed to deliver shop orders.
• Analytics: Google Analytics 4 (aggregated site-usage statistics). We do not share personal information with Google other than pseudonymous identifiers and event data.
• Customer-relationship management and forms: HubSpot (to the extent we use HubSpot-hosted forms on non-primary pages).

7.2 Affiliate providers ("third parties")

When you click an affiliate link to a Lifeline provider we list, that provider receives standard referral data: a referral identifier, the source page, a timestamp, and potentially a tracking cookie to attribute any subsequent conversion. We do not send them your email address, ZIP code, qualifying-program selections, or other profile data — you provide those directly to them if you choose to complete an application on their site.

Examples of Lifeline-provider affiliate relationships include, without limitation: Assurance Wireless, SafeLink Wireless, TruConnect, AirTalk Wireless, TAG Mobile, Gen Mobile, Life Wireless, and Cintex Wireless. The full list may change; see our Affiliate Disclosure for the current list.

7.3 Legal, compliance, and safety

We may disclose personal information when we reasonably believe it is necessary to:

• Comply with applicable law, legal process, subpoena, or lawful government request;
• Enforce our Terms of Service or other applicable agreements;
• Investigate, prevent, or address fraud, abuse, or threats to the safety or rights of any person; or
• Defend ourselves in a legal proceeding.

7.4 Business transfers

If Cliq Communications LLC is acquired, merged, sold, or undergoes a similar corporate transaction, personal information may be transferred as part of the deal. Any successor entity will be bound to honor the material terms of this Policy with respect to information transferred, or we will provide notice and an opportunity to opt out consistent with applicable law.

8. Cookies and tracking technologies

We use cookies, pixel tags, local storage, and similar technologies (collectively, "cookies") to (a) remember preferences (for example, a session-level dismissal of our top announcement bar), (b) measure site usage, and (c) facilitate affiliate attribution and (in limited cases) advertising.

Categories of cookies we use:

• Strictly necessary — required to operate basic site functions such as cart persistence and form submission. Cannot be disabled without breaking core functionality.
• Analytics — Google Analytics 4 (pseudonymous).
• Affiliate attribution — third-party cookies set by affiliate programs when you click through to a provider.
• Advertising — we currently run limited display advertising via Google AdSense. Those cookies are controlled by Google and subject to Google's policies.

How to control cookies. You can clear and block cookies through your browser settings. Most browsers offer a "Do Not Track" or Global Privacy Control signal; we honor the Global Privacy Control (GPC) signal as a valid opt-out of "sale" or "sharing" under the CCPA (see §14). Blocking non-essential cookies may cause certain features (including affiliate attribution) to work incorrectly.

9. Data retention

We retain personal information only as long as needed for the purposes described in this Policy, or as required by law. Our current retention periods are:

• Subscriber records: retained for the life of the subscription and for 24 months after unsubscribe, to honor unsubscribe requests (CAN-SPAM requires us to retain a suppression list so we do not re-solicit unsubscribed users), then minimized.
• Consent records (consent text, timestamp, IP, and page URL) are retained for at least four (4) years from date of consent, consistent with FTC, FCC, and state consumer-protection statute-of-limitations periods, then minimized.
• IP addresses: full IP is retained for ninety (90) days after collection for fraud-detection purposes, after which only a salted one-way cryptographic hash (SHA-256) of the IP is retained. The salt is stored separately from the database and rotated at least annually.
• Shop purchase records: retained for seven (7) years for tax and accounting purposes in accordance with IRS and applicable state requirements.
• Unsuccessful signup attempts: discarded or anonymized within thirty (30) days.
• Server access logs: retained for up to ninety (90) days for security and debugging, then rotated.
• Email engagement data (opens, clicks): up to twenty-four (24) months.

After the applicable retention period, we delete, anonymize, or aggregate the information such that it can no longer be associated with you.

10. Security

We maintain administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, use, alteration, or destruction. These include: encryption in transit (TLS 1.2+), encryption at rest for database-level data, role-based access controls limiting employee access to personal information on a need-to-know basis, salted one-way IP hashing after the 90-day window, deliverability-monitoring and complaint-response procedures, and formal agreements with service providers requiring equivalent security practices.

No security program is perfect. We cannot guarantee the absolute security of personal information. If you believe an account or communication from us has been compromised, please contact us at [email protected] immediately.

11. Children's privacy

The Site is not directed to children under thirteen (13), and we do not knowingly collect personal information from anyone under thirteen. Consistent with the Children's Online Privacy Protection Act ("COPPA"), if we learn that we have collected personal information from a child under thirteen without verifiable parental consent, we will delete that information promptly. Parents or guardians who believe their child has provided personal information to us should contact [email protected].

We also do not sell or share for cross-context behavioral advertising the personal information of any user we know to be under sixteen (16), consistent with CCPA § 1798.120(c).

12. International users and data transfers

The Site is operated in the United States. If you are accessing the Site from outside the United States, please be aware that information we collect will be transferred to, processed in, and stored in the United States. By using the Site or providing us with any information, you consent to this transfer, storage, and processing in the United States, which may have data-protection laws different from those of your country of residence.

For transfers of personal data from the European Economic Area, United Kingdom, or Switzerland to the United States, where required, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses with our service providers, or other mechanisms recognized under applicable law.

13. California residents: CCPA / CPRA rights

This section applies to California residents and is provided pursuant to the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 ("CCPA").

13.1 Categories of information collected (past 12 months)

• Identifiers (email address, ZIP code, IP address, online identifiers)
• California customer record information (for shop customers: name, shipping address)
• Commercial information (shop purchase records)
• Internet or network activity (browsing history on our Site, interaction with our emails)
• Geolocation (approximate, derived from IP)
• Inferences drawn from the above (limited to state-level provider recommendations)

We do not knowingly collect any of the following categories: biometric information, professional or employment information, education information, audio/video recordings, or sensitive personal information as defined in CCPA § 1798.140(ae) (except as addressed in §3.4 above).

13.2 Business or commercial purposes for collection

We collect and use each category above for the purposes listed in §5 ("How we use information").

13.3 Sources of information

Directly from you (capture-widget signups, contact forms, shop checkout), automatically from your browser (§3.2), and from the limited third parties listed in §3.3.

13.4 "Sale" and "Sharing" under CCPA

We do not sell personal information for money. We do engage in activities that may be characterized as "sharing" (i.e., cross-context behavioral advertising) under CCPA § 1798.140(ah), specifically third-party advertising and affiliate-attribution cookies. California residents may opt out at any time via our Do Not Sell or Share My Personal Information page (see §14).

13.5 Your CCPA rights

You have the right to:

• Know / access the categories of personal information we have collected about you, the categories of sources, the purposes, the categories of recipients, and specific pieces of personal information.
• Delete personal information we have collected about you, subject to statutory exceptions (e.g., retention needed for transactions, fraud prevention, or legal compliance).
• Correct inaccurate personal information we maintain about you.
• Opt out of the "sale" or "sharing" of your personal information (see §14).
• Limit the use or disclosure of sensitive personal information (n/a to Cliq Mobile — we do not use sensitive personal information for purposes that trigger this right, as explained in §3.4).
• Non-discrimination for exercising any of the above rights.

13.6 How to exercise CCPA rights

Submit a request by email to [email protected] with the subject line "CCPA Request" and a description of the right you wish to exercise. You may also submit requests by mail to the address in §2.

We verify requests by matching identifiers you provide to information we already maintain (at minimum, the email address associated with your subscriber or shop record). For more sensitive requests (deletion), we may require you to click a confirmation link sent to that email address. You may use an authorized agent; the agent must provide signed written permission from you.

We respond within forty-five (45) days of receipt of a verifiable request, or notify you and extend once by up to forty-five (45) additional days if reasonably necessary.

13.7 Shine the Light

California Civil Code §§ 1798.83 et seq. permits California residents to request certain information about our disclosures of personal information to third parties for their direct- marketing purposes. We do not disclose personal information to third parties for their direct-marketing purposes; accordingly, any such request will confirm that fact.

14. Do Not Sell or Share My Personal Information

California and certain other state-law residents have the right to opt out of the "sale" or "sharing" of their personal information. To exercise this right:

1. Global Privacy Control. If your browser sends a GPC signal, we will treat it as a valid opt-out for that browser and device.
2. Direct request. Visit our Do Not Sell or Share My Personal Information page and follow the instructions, or email [email protected] with subject "Do Not Sell."

Opting out does not affect transactional communications (including order confirmations or unsubscribe confirmations) or the operation of strictly necessary cookies.

15. Other US state privacy rights

Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Delaware, New Hampshire, New Jersey, and other states with general consumer-privacy statutes may have rights substantially similar to those described in §13 (access, deletion, correction, and opt-out of targeted advertising or profiling in furtherance of decisions that produce legal or similarly significant effects).

To exercise any such state-law right, submit a request by email to [email protected] with the subject line "State Privacy Request" and the state of your residence. We will respond within the time periods required by applicable state law.

Some state laws include a right to appeal our denial of a request. If we deny your request and you believe the denial is incorrect, reply to our denial email within sixty (60) days and we will escalate to a senior reviewer. You may also complain to your state attorney general.

16. EU / UK (GDPR) rights

Individuals protected by the EU or UK General Data Protection Regulation have the right to request access, rectification, erasure, restriction, objection to processing, data portability, and withdrawal of consent at any time (without affecting the lawfulness of processing before withdrawal). You may exercise these rights by emailing [email protected].

You also have the right to lodge a complaint with your local supervisory authority. In the United Kingdom, that is the Information Commissioner's Office (ico.org.uk).

We do not have an EU or UK representative at this time because our EU/UK traffic is not material. If this changes, we will designate a representative as required by Article 27 GDPR.

17. Third-party websites and services

The Site contains links to third-party websites, including Lifeline provider websites we list or promote as affiliate partners. We are not responsible for the privacy practices or content of those sites. We encourage you to review the privacy policy of any third-party site before providing personal information to it.

18. Changes to this Policy

We may update this Policy from time to time. When we make material changes, we will update the "Last updated" date at the top and, where required by law, provide additional notice (for example, to subscribers by email). Your continued use of the Site after the effective date of any update constitutes acceptance of the updated Policy, to the extent permitted by applicable law.

19. How to contact us

Questions about this Policy or about your information:

• Email (privacy-specific): [email protected]
• Email (general): [email protected]
• Mail: Cliq Mobile, Attention: Privacy, 620 S Le Jeune Rd, Coral Gables, FL 33134