Compliance- Trust Center

Security, compliance and governance β€” transparently delivered. Access certifications, policies, and compliance documentation in one centralized portal.

πŸ“Š Overview

UPDATED MARCH 2026

GoLite Mobile operates a governance-first security and compliance program aligned with international standards. Our Trust Center provides real-time access to all certifications, policies, and regulatory documentation. All documentation is managed through a continuous-review model. Public documents are freely accessible; restricted documentation requires notification and a signed NDA where applicable.

Active Certifications5
Compliance Frameworks8
Regions CoveredUK Β· EU Β· USA Β· India
Last AuditFeb 2026

πŸ… Certifications

Active certifications and current compliance status of GoLite's key frameworks.

πŸ“œActive

ISO 27001

Information Security Management System certification, validating our enterprise-grade security controls and digital risk governance framework.

πŸ›‘οΈActive

SOC 2 Type II

Security, Availability, and Confidentiality trust service criteria independently audited and verified across all platform operations.

🌐Active

GDPR / UK GDPR

Full compliance with EU and UK General Data Protection Regulations across all data processing activities and digital touchpoints.

πŸ”Active

Cyber Essentials Plus

UK government-backed scheme protecting against the most common cyber threats, independently verified at the Plus level.

πŸ€–In Progress

ISO 42001 β€” AI

AI management system standard governing responsible development and deployment of artificial intelligence systems within GoLite operations.

πŸ“ŠActive

CCPA Compliance

California Consumer Privacy Act compliance programme, supporting data rights for all applicable US-based customers and end users.

πŸ” Security

Architecture, controls, and operational security. GoLite Mobile.

πŸ§‘β€πŸ’»Identity
πŸ”‘Access
πŸ“‘Monitoring
πŸ”’Encryption
🌐Network
πŸ”‘Endpoint
πŸ§‘β€πŸ’»

Identity & Authentication

MFA Β· SSO Β· Zero Trust access

Multi-factor authentication is enforced across all systems. SSO with Zero Trust network access controls access to all internal and partner-facing platforms.

πŸ”‘

Access Control

RBAC Β· Principle of least privilege Β· Privileged access management

Role-based access control restricts system access by job function. All privileged accounts are subject to enhanced monitoring and regular recertification.

πŸ“‘

Monitoring & Incident Response

24/7 SOC Β· SIEM Β· Incident management

A 24/7 Security Operations Centre monitors all systems in real time. Documented incident response procedures ensure rapid detection, containment, and communication.

πŸ”’

Encryption & Data Protection

TLS Β· AES-256 Β· Key management

All data is encrypted in transit via TLS 1.2+ and at rest via AES-256. Encryption key management follows NIST guidelines with annual key rotation.

πŸ”’ Privacy

GDPR Compliant

GoLite Mobile processes and protects data with rights.

πŸ“–

Lawfulness & Transparency

All personal data is collected and processed on a defined lawful basis. GoLite Mobile maintains a public-facing record of processing activities and privacy notices.

🎯

Purpose Limitation

Data collected for a specified purpose is never repurposed without a new lawful basis. Processing is strictly limited to defined and documented operational objectives.

πŸ“‰

Data Minimisation

GoLite Mobile collects only the personal data strictly necessary for each processing purpose. Excess data fields are eliminated at the point of collection design.

πŸ’Ύ

Storage Limitation

Retention schedules are applied to all data categories. Personal data is automatically purged or anonymised at the end of its defined retention window.

πŸ“₯

Request Your Data

Submit a Subject Access Request and receive a full export of all personal data held by GoLite Mobile within 30 days.

✏️

Correct Your Data

Request correction of inaccurate or incomplete personal data held on your account at any time.

πŸ—‘οΈ

Delete Your Data

Exercise your right to erasure. GoLite Mobile will action verified deletion requests within 30 days, subject to legal retention obligations.

πŸ”„

Data Portability

Receive your personal data in a structured, machine-readable format for transfer to another service provider of your choice.

🚫

Object to Processing

Object to processing based on legitimate interests or for direct marketing purposes at any time without providing a reason.

βš™οΈ

Right to Restriction

Request restriction of processing while a complaint or accuracy challenge is being resolved by our Data Protection team.

πŸ€– AI Governance

ISO 42001 In Progress

AI ethics, explainability, and responsible deployment β€” GoLite Mobile.

πŸ‘€

Human-in-Command

All consequential AI-assisted decisions are subject to human review. No automated system makes final determinations on customer-affecting outcomes without oversight.

πŸ”

Explainability

AI outputs used in customer-facing contexts are explainable by design. GoLite Mobile documents the logic, inputs, and confidence thresholds for all deployed models.

πŸ“œ

Policy Enforcement

AI deployment is governed by an internal AI Ethics & Governance Policy reviewed quarterly and aligned with the EU AI Act and ISO 42001 framework.

βš–οΈ

Fairness & Bias

All models are evaluated for demographic bias prior to deployment. Bias audits are conducted annually and results are made available in our AI Transparency Report.

πŸ“’

AI Disclosure

Customers are informed whenever AI is used to assist in decisions affecting their account, service, or pricing. Disclosure is embedded at point-of-interaction.

πŸ“‰

Data Minimisation

AI training pipelines are subject to strict data minimisation controls. Synthetic data is preferred where operationally viable to reduce personal data exposure.

βš–οΈ Risk & Compliance

Regulatory risk management and framework coverage.

πŸ“‘

Telecom Regulatory Compliance

Ongoing alignment with regulatory, monitoring and reporting obligations.

Active
🚫

Anti-Bribery & Corruption

UK Bribery Act 2010 and international anti-corruption framework β€” zero-tolerance policy with third-party due diligence.

Active
🌍

Sanctions & Export Controls

OFAC, HM Treasury and EU sanctions screening β€” ongoing monitoring of counterparty sanctions exposure across all markets.

Active
πŸ’³

PCI DSS (Payments)

Payment Card Industry Data Security Standards compliance for all card-present and card-not-present transaction environments.

In Review
πŸ”

Business Continuity & DR

Tested Business Continuity Plan and Disaster Recovery procedures with defined RPO/RTO targets across all critical systems.

Under Review
🌱

ESG & Sustainability Reporting

Annual sustainability report published β€” Carbon offset tracking, governance disclosures, Blue Economy commitments.

Annual Report

πŸ“œ Policies

Internal governance policies, available for public review.

πŸ”

Information Security Policy

v3.1Jan 2026
πŸ”’

Privacy & Data Protection Policy

v2.4Jan 2026
πŸ“˜

Acceptable Use Policy

v1.8Jan 2026
πŸ€–

AI & Governance Policy

v1.2Jan 2026
🚫

Anti-Bribery & Anti-Corruption Policy

v2.0Sep 2025
πŸ”

Business Continuity & Disaster Recovery Policy

v2.1Feb 2026
⚠️

Vulnerability Disclosure Policy

v1.0in draft

πŸ“‚ Compliance Documents

Document / Name
Category
Access
Last Updated
Action

Privacy Policy

golitemobile.com

Privacy
Public
Mar 2026

Terms of Service

golitemobile.com

Legal
Public
Mar 2026

Cookie Policy

golitemobile.com

Privacy
Public
Jan 2026

Data Processing Agreement (DPA)

Partner use

Legal
Restricted
Dec 2025

SOC 2 Type II Report

Security audit

Certification
Restricted
Feb 2026

ISO 27001 Certificate

Information security

Certification
Public
Oct 2025

Penetration Test Summary

Redacted executive report

Security
NDA Required
Dec 2025

Business Continuity Plan

Executive summary only

Risk
Restricted
Feb 2026

AI/CPRA/AI Governance Policy

AI
Public
Jan 2026

Subprocessor List

Privacy
Public
Mar 2026

Cyber Essentials Plus Certificate

Certification
Public
Aug 2025

Annual Sustainability Report

ESG
Public
Jan 2026