// CieloCell — Privacy Policy page (V2 brand) const PrivacyPage = ({ onBack, onNav }) => { const sections = [ { id: 'p1', title: '01. data controller', content: `Cielo Cell AB (org. no. 559579-6912), Målarevägen 24, 227 30 Lund, Sweden, is the data controller responsible for your personal data when you use CieloCell.\n\nCieloCell is a travel eSIM and mobile data application. We collect and use personal data only as necessary to provide the Service, comply with legal obligations, and improve the app experience. We do not sell your personal data.\n\nQuestions? Contact us at hello@cielocell.com.` }, { id: 'p2', title: '02. data we collect', content: `ACCOUNT DATA — When you register: your name, email address, and credentials (or tokens from Apple/Google sign-in).\n\nDEVICE AND TECHNICAL DATA — Device model, OS version, app version, eSIM EID, IP address, and connection type.\n\neSIM AND USAGE DATA — eSIM activation status, data plan details (plan type, country, start and expiry dates), and data consumption records from our network partners.\n\nPAYMENT AND TRANSACTION DATA — Purchase history (plan type, amount, currency, date, transaction ID). Full card details are held by payment processors only — CieloCell never stores raw card numbers.\n\nSUPPORT DATA — Content of messages and attachments you send us when you contact support.\n\nWEBSITE DATA — Standard server log data (IP address, browser type, pages viewed) when you visit cielocell.com.\n\nLOCATION DATA — Approximate location only — the country determined from your IP address or SIM registration — to determine available data plans. We do not collect precise GPS location.` }, { id: 'p3', title: '03. how we use your data', content: `Provide and manage your account and eSIM service → Contract performance (Art. 6(1)(b))\n\nProcess payments and issue refunds → Contract performance / Legal obligation (Art. 6(1)(b)(c))\n\nActivate eSIM profiles and provision data plans → Contract performance (Art. 6(1)(b))\n\nProvide customer support → Contract performance / Legitimate interest (Art. 6(1)(b)(f))\n\nDetect and prevent fraud and abuse → Legitimate interest / Legal obligation (Art. 6(1)(f)(c))\n\nImprove app performance and fix bugs → Legitimate interest, using anonymised/aggregated data (Art. 6(1)(f))\n\nSend service communications (activation confirmations, expiry alerts) → Contract performance (Art. 6(1)(b))\n\nSend optional marketing communications → Consent, opt-in only (Art. 6(1)(a))\n\nComply with legal obligations → Legal obligation (Art. 6(1)(c))` }, { id: 'p4', title: '04. who we share your data with', content: `TELECOM AND eSIM PARTNERS — Your device EID and plan details are shared with our licensed MVNO partner in the country where you activate a plan, to provision your eSIM and deliver mobile data.\n\nPAYMENT PROCESSORS — Apple processes App Store purchases. Google processes Google Play purchases. Stripe processes direct purchases. Each handles payment data under their own security standards.\n\nAUTHENTICATION PROVIDERS — If you sign in with Apple or Google, we receive only your name and email from that service.\n\nCLOUD INFRASTRUCTURE — We host the CieloCell platform on cloud providers (such as AWS or Google Cloud) under binding data processing agreements.\n\nANALYTICS AND CRASH REPORTING — We use analytics and crash-reporting tools to monitor performance and fix issues. Data is pseudonymised or aggregated where possible.\n\nCUSTOMER SUPPORT TOOLS — We use a support platform to manage inquiries. Staff access only data needed to resolve your issue.\n\nLEGAL AND COMPLIANCE — We may disclose data to law enforcement, courts, or regulators when required by law. We disclose only the minimum data necessary.\n\nBUSINESS TRANSFERS — In a merger, acquisition, or asset sale, your data may transfer to the successor entity with prior notice and equivalent data protection standards.` }, { id: 'p5', title: '05. international data transfers', content: `Cielo Cell AB is based in Sweden (EU). Some service providers operate outside the EU/EEA. We ensure appropriate safeguards are in place:\n\n• EU Standard Contractual Clauses (SCCs) — European Commission Decision 2021/914\n• UK International Data Transfer Agreements (IDTAs) where applicable\n• Transfers to countries with an EU adequacy decision\n\nRequest a copy of applicable safeguards: hello@cielocell.com` }, { id: 'p6', title: '06. how long we keep your data', content: `Account data → Account duration + 7 years after closure → Legal/tax obligation\n\nTransaction records → 7 years → Swedish Bookkeeping Act (BFL)\n\neSIM and usage data → 12 months from date of use → Contract/legal obligation\n\nSupport communications → 3 years from last interaction → Legitimate interest\n\nCrash and analytics data → Indefinite in anonymised form → Legitimate interest\n\nMarketing consent records → Until withdrawal + 3 years → Compliance\n\nAfter the applicable period, data is securely deleted or irreversibly anonymised.` }, { id: 'p7', title: '07. account and data deletion', content: `You can delete your account and request erasure of your personal data at any time:\n\n• In the app: Profile → Settings → Delete Account\n• By email: hello@cielocell.com with subject "Delete my account"\n\nWe will process your deletion request within 30 days. Some data (such as transaction records) may be retained for the period required by law. You will receive confirmation when deletion is complete.\n\nAccount deletion is permanent. Any active data plans or credits are forfeited and are non-refundable.` }, { id: 'p8', title: '08. your privacy rights (eu/uk)', content: `Under the GDPR and equivalent laws, you have the following rights. Contact hello@cielocell.com — we respond within 30 days.\n\nAccess (Art. 15): Request a copy of your personal data.\n\nRectification (Art. 16): Request correction of inaccurate data.\n\nErasure (Art. 17): Request deletion of your personal data.\n\nRestriction (Art. 18): Request restriction of processing in certain circumstances.\n\nPortability (Art. 20): Receive your data in a machine-readable format.\n\nObject (Art. 21): Object to processing based on legitimate interests, including marketing.\n\nWithdraw Consent (Art. 7): Withdraw consent at any time.\n\nComplain: Contact the Swedish DPA (IMY) at imy.se, or your local supervisory authority.\n\nTo unsubscribe from marketing, click "Unsubscribe" in any email or contact hello@cielocell.com.` }, { id: 'p9', title: '09. california and us state rights', content: `If you are a California resident, the CCPA/CPRA gives you additional rights.\n\nWHAT WE COLLECT (preceding 12 months):\n• Identifiers: name, email, IP address, device ID\n• Commercial information: purchase history, plan activations\n• Internet/electronic activity: app usage, session data\n• Geolocation: country-level only\n• Inferences: derived from usage for fraud prevention and service improvement\n\nWE DO NOT SELL OR SHARE YOUR PERSONAL INFORMATION for cross-context behavioural advertising.\n\nYOUR CALIFORNIA RIGHTS:\n• Right to Know: categories and pieces of personal information collected\n• Right to Delete: request deletion, subject to legal exceptions\n• Right to Correct: request correction of inaccurate data\n• Right to Non-Discrimination: we will not discriminate for exercising CCPA rights\n\nSubmit requests to hello@cielocell.com from your registered email. We respond within 45 days.\n\nResidents of other US states (Virginia, Colorado, Connecticut, Texas, etc.) with comprehensive privacy laws may have similar rights — contact hello@cielocell.com.` }, { id: 'p10', title: '10. children\'s privacy', content: `CieloCell is not directed to children under 13 (or 16 in the EU/EEA). We do not knowingly collect data from children. If you believe we have, contact hello@cielocell.com and we will delete it promptly. Users must be at least 18 to register.` }, { id: 'p11', title: '11. cookies and tracking', content: `The CieloCell website uses cookies for:\n• Strictly necessary functions (required, cannot be disabled)\n• Analytics: aggregate, anonymised data about site usage (you can opt out via browser settings)\n\nThe CieloCell mobile app does not use tracking cookies. App analytics use pseudonymised or aggregated data only. Where required by law, we obtain consent before placing non-essential cookies.` }, { id: 'p12', title: '12. security', content: `We implement industry-standard security measures:\n• Encryption in transit (TLS 1.2+) and at rest (AES-256)\n• Role-based access controls and least-privilege principles\n• Regular security assessments\n• Incident response with regulator notification within 72 hours of a confirmed breach (GDPR Art. 33)\n• Payment data handled exclusively by PCI DSS-certified processors\n\nTo report a security vulnerability: hello@cielocell.com` }, { id: 'p13', title: '13. app store disclosures', content: `DATA COLLECTED AND LINKED TO YOU:\n• Contact info (name, email)\n• Identifiers (device ID)\n• Purchases (transaction history)\n• Usage data (app interactions, eSIM activation status)\n\nDATA COLLECTED BUT NOT LINKED TO YOU:\n• Crash data (anonymised)\n• Performance diagnostics (aggregated)\n\nDATA NOT COLLECTED:\n• Precise location\n• Contacts, photos, or media\n• Health or fitness data\n• Sensitive personal information\n\nNo data is sold or shared for advertising. Data is encrypted in transit. You can request deletion at any time (see Section 07).` }, { id: 'p14', title: '14. changes to this policy', content: `We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes via in-app notification and, where possible, by email, with at least 14 days' notice before the change takes effect.` }, { id: 'p15', title: '15. contact', content: `Cielo Cell AB — Privacy Team\nMålarevägen 24, 227 30 Lund, Sweden\n\nhello@cielocell.com\n\nEU/EEA: Swedish DPA (IMY) at imy.se · UK: ICO at ico.org.uk · EU ODR: ec.europa.eu/consumers/odr` }, ]; return ; }; Object.assign(window, { PrivacyPage });