Compliance- Trust Center

Security, compliance and governance — transparently delivered. Access certifications, policies, and compliance documentation in one centralized portal.

iconOverview

Trust posture summary

UPDATED MARCH 2026

GoLite Mobile operates a governance-first security and compliance programme across all products, infrastructure, and data operations. Our Trust Center provides verified, transparent access to the certifications, policies, and technical controls that underpin our platform.

All documentation is managed through a controlled access model. Public documents are freely available. Restricted materials require identity verification and a signed NDA where applicable.

Active Certifications5
Compliance Frameworks8
Regions CoveredUK · EU · USA · India
Last AuditFeb 2026

doc Certifications

Active certifications and current compliance status of GoLite's key frameworks.

ISO 27001

ISO 27001

✓ Active

Information Security Management System Validates controls protecting the confidentiality, integrity, and availability of information assets.

SOC 2 Type II

SOC 2 Type II

✓ Active

Security, Availability, and Confidentiality trust service criteria independently audited and verified across all platform operations.

GDPR / UK GDPR

GDPR / UK GDPR

✓ Compliant

Full compliance with EU and UK GDPR. Includes DPAs, SCCs, and full data subject rights support.

Cyber Essentials Plus

Cyber Essentials Plus

✓ Certified

UK government-backed scheme validating technical controls against common cyber attack vectors.

ISO 42001 — AI

ISO 42001 — AI

⟳ In Progress

AI Management System standard alignment.Covering human oversight, explainability, and responsible AI deployment practices.

CCPA Compliance

CCPA Compliance

⟳ In Progress

California Consumer Privacy Act compliance programme. Technical controls and consumer rights workflows underimplementation.

🧑‍💻Identity
🔑Verify
🛡️Authorise
🔒Encrypt
📡Monitor
🔄Respond

Zero Trust Architecture — Never Trust, Always Verify

🔐 Security

Architecture, controls, and technical measures

Security

Security

Architecture, controls, and technical measures

Identity & Authentication

Identity & Authentication

MFA · SSO · Zero Trust access

Access Control

Access Control

RBAC · Least privilege · Privileged access management

Monitoring & Incident Response

Monitoring & Incident Response

24/7 SOC · SIEM · Incident playbooks

Encryption & Data Protection

Encryption & Data Protection

AES-256 · TLS 1.3 · Key management

docPrivacy

GDPR Compliant

Data protection principles and user rights

Lawfulness & Transparency

Lawfulness & Transparency

All personal data is processed lawfully, fairly, and transparently. Customers are informed of data use at point of collection.

Purpose Limitation

Purpose Limitation

Data is collected for specified, explicit purposes and never processed in a manner incompatible with those purposes.

Data Minimisation

Data Minimisation

We collect only the data that is strictly necessary. No excessive collection. Regular data inventory reviews are conducted.

Storage Limitation

Storage Limitation

Personal data is not retained longer than necessary. Defined retention periods apply to all data categories.

Your Data Rights
Request Your Data

Request Your Data

Subject Access Request (SAR)

Correct Your Data

Correct Your Data

Right to rectification

Delete Your Data

Delete Your Data

Right to erasure (Right to be Forgotten)

Data Portability

Data Portability

Receive your data in a structured, machine-readable format

Object to Processing

Object to Processing

Right to restrict or object to certain processing

docAI Governance

ISO 42001 In Progress

Responsible AI framework — ISO 42001 alignment.

Human-in-Command

Human-in-Command

All AI-assisted decisions affecting customers or compliance are reviewed and approved by accountable human operators.

Explainability

Explainability

AI recommendations and automated decisions are logged with explainable rationale, accessible on request.

Policy Enforcement

Policy Enforcement

AI usage is governed by a formal policy framework aligned with ISO 42001 and our internal governance board.

Fairness & Bias

Fairness & Bias

Models are regularly audited for discriminatory outputs. Bias detection is embedded in our model evaluation pipeline.

AI Disclosure

AI Disclosure

Customers are informed when AI or automated systems are used in decisions that materially affect them.

Data Minimisation

Data Minimisation

AI models are trained and operated with the minimum data necessary. No unnecessary retention for model training.

⚖️ Risk & Compliance

Active controls and regulatory alignment

Telecom Regulatory Compliance

Telecom Regulatory Compliance

Ofcom (UK), FCC (USA), TRAI (India) — ongoing regulatory monitoring and reporting

Active
Anti-Bribery & Corruption

Anti-Bribery & Corruption

UK Bribery Act 2010 and US FCPA compliance. Annual training and third-partyscreening.

Active
Sanctions & Export Controls

Sanctions & Export Controls

OFAC, HMT, and EU sanctions screening. No services provided to sanctioned entities or territories.

Active
PCI DSS (Payments)

PCI DSS (Payments)

Payment Card Industry Data Security Standard compliance for all card processing operations.

Certified
Business Continuity & DR

Business Continuity & DR

Documented BCP and Disaster Recovery plans. Annual tabletop exercises and quarterly failover testing.

Under Review
ESG & Sustainability Reporting

ESG & Sustainability Reporting

Annual sustainability report. Carbon offset programme and Blue Economy commitment tracking.

Annual Report

📜 Policies

Internal governance policies, available for public review.

Information Security Policy

Information Security Policy

v3.1Mar 2026
Privacy & Data Protection Policy

Privacy & Data Protection Policy

v4.0Feb 2026
Acceptable Use Policy

Acceptable Use Policy

v2.3Jan 2026
AI Ethics & Governance Policy

AI Ethics & Governance Policy

v1.2Mar 2026
Anti-Bribery & Anti-Corruption Policy

Anti-Bribery & Anti-Corruption Policy

v2.0Nov 2025
Sanctions & Export Control Policy

Sanctions & Export Control Policy

v1.4Oct 2025
Business Continuity & Disaster Recovery Policy

Business Continuity & Disaster Recovery Policy

v2.1Sep 2025
Vulnerability Disclosure Policy

Vulnerability Disclosure Policy

v1.0Aug 2025
doc

Compliance Documents

Public and restricted access documentation

DOCUMENT NAME
CATEGORY
ACCESS
LAST UPDATED
ACTION
doc

Privacy Policy

Customer-facing privacy notice

Privacy
accessPublic
Mar 2026
doc

Terms of Service

Customer agreement

Legal
accessPublic
Feb 2026
doc

Cookie Policy

Web and app cookie notice

Privacy
accessPublic
Feb 2026
doc

Data Processing Agreement (DPA)

Partner data agreement template

Privacy
accessRestricted
Mar 2026
doc

SOC 2 Type II Report

Security audit report (qualified partners)

Certification
accessNDA Required
Jan 2026
doc

ISO 27001 Certificate

Certification evidence

Certification
accessPublic
Nov 2025
doc

Penetration Test Summary

Executive summary — latest pentest

Security
accessNDA Required
Dec 2025
doc

Business Continuity Plan Summary

BCP executive summary

Risk
accessRestricted
Sep 2025
doc

AI Ethics & Governance Policy

Public policy document

AI
accessPublic
Mar 2026
doc

Subprocessor List

Approved third-party processors

Privacy
accessPublic
Feb 2026
doc

Cyber Essentials Plus Certificate

UK government certification

Certification
accessPublic
Oct 2025
doc

Annual Sustainability Report

ESG & blue economy report

ESG
accessPublic
Jan 2026