Privacy Policy

Fortress Technologies ("we", "us", "our", or "Fortress Technologies") is committed to protecting your privacy in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website at fortresstechnologies.org and purchase our privacy-focused products and services.

Important Service Distinction

Our Privacy Mission

1. Information We Collect

1.1 Information You Provide

We collect personal information that you voluntarily provide when you:

Make a Purchase: When you purchase our privacy phones or optional eSIM products, we collect:

• Contact Information: name, email address, phone number
• Shipping Information: delivery address (street, city, state, postcode, country)
• Billing Information: billing address (if different from shipping)
• Company name (optional)
• Order details: phone model purchased, quantities, configuration options selected

Contact Us: When you submit a contact form or email us, we collect:

• Your name and email address
• Subject of your inquiry
• Message content

1.2 Payment Information

We offer multiple payment methods to accommodate different privacy preferences:

Digital Payments

We do not directly collect or store credit card information. All digital payment processing is handled by our secure payment processor, Stripe, Inc. ("Stripe"). When you make a digital payment:

• Credit card payments are processed directly through Stripe's secure servers
• We receive only a confirmation of successful payment and order details
• No financial information is stored on our systems

Cash Payments

For customers who prioritize complete financial privacy, we accept cash payments. When you select cash payment:

• No financial data collection: We do not collect or store any banking or credit card information
• Invoice generation: We create invoices using only your contact information and order details
• Record keeping: Transaction records are maintained using the contact information you provide for tax compliance purposes
• Privacy protection: Cash payment records contain no financial institution data or payment method details
• Legal compliance: Records are kept securely for the minimum period required by Australian tax law (7 years)

1.3 Automatically Collected Information

We collect minimal technical information:

• Local Storage: We use your browser's local storage to maintain your shopping cart contents. This data is stored only on your device and is not transmitted to our servers unless you proceed to checkout.
• Server Logs: Basic server logs may record your IP address, browser type, and access times for security and operational purposes.

Note: We do not use cookies for tracking, analytics, or advertising purposes. We do not use Google Analytics, Facebook Pixel, or any similar tracking technologies.

1.4 Telecommunications Data Handling Disclaimer

No Commercial Telecommunications Relationship: We purchase eSIM data starter packs in bulk at our cost to include as accessories with our phones. We derive no revenue, commission, or commercial benefit from the telecommunications services. All telecommunications data is handled exclusively by third-party telecommunications providers under their own privacy policies and regulatory obligations.

eSIM Activation Data Limitation: We provide only the initial eSIM activation credentials (QR code and instructions). Once you activate the eSIM, all subsequent data handling occurs directly between you and the telecommunications provider.

2. How We Use Your Information

We use your personal information only for the following purposes:

• Order Fulfillment: To process and deliver your orders for lawful products
• Communication: To send order confirmations, shipping updates, and respond to inquiries
• Legal Compliance: To comply with applicable laws, including tax and consumer protection laws
• Security: To prevent fraud, protect against malicious activity, and ensure our products are not being purchased for unlawful purposes
• Customer Service: To provide support and handle any issues with your orders
• Law Enforcement: To cooperate with legitimate law enforcement requests as required by law

We do not use your information for:

• Marketing purposes (unless you explicitly opt-in)
• Creating user profiles or behavioral tracking
• Any telecommunications service operations or analysis
• Monitoring or analyzing telecommunications service usage

2.1 Automated Email Communications

We use SendGrid (Twilio) exclusively for automated transactional emails:

• Order Confirmations Only: Automated emails are sent solely to confirm successful purchases
• No Marketing Emails: We do not send promotional, marketing, or newsletter emails
• No Email Tracking: We have disabled all email tracking features including open tracking and click tracking
• Minimal Data Processing: Only your email address, order number, purchased items, and order total are processed for email delivery
• No Data Storage: We do not store any additional personal data in SendGrid beyond what is required for immediate email delivery
• Transactional Purpose: These emails are essential for order completion and cannot be unsubscribed from as they are required for business transactions

2.2 Cash Payment Communications

For customers who select cash payment (COD) at checkout:

• We will send an invoice with pickup instructions to your preferred contact method
• If you provide only an email address, all correspondence will be sent via email
• If you indicate Signal as your preferred communication method, we will contact you through Signal messenger
• Upon payment completion, a receipt will be sent via the same communication channel
• We respect your communication preferences and will not contact you through alternative methods unless explicitly requested

2.3 Optional eSIM Products - Distribution Service

Our Role as Distributor: For optional eSIM products you may purchase:

• We process only the retail transaction (phone purchase with included eSIM starter pack)
• We arrange bulk purchase of eSIM activation credentials to include with phones
• We provide activation credentials (QR code and instructions) with your phone delivery
• We derive no revenue, profit, or commercial benefit from the telecommunications services
• Once you receive activation credentials, our involvement ends entirely

Customer Activation Responsibility: You must activate the eSIM directly with the telecommunications provider. We do not:

• Activate, configure, or manage any telecommunications services on your behalf
• Monitor, track, or have access to telecommunications service usage
• Provide customer service or technical support for telecommunications functionality
• Process telecommunications service billing, account management, or service modifications

All Subsequent Telecommunications Interactions Are Direct: Once you activate the eSIM, you become a direct customer of the telecommunications provider under their privacy policy and terms of service. We have no access to, involvement in, or responsibility for their data handling practices.

3. Information Sharing and Disclosure

We share your personal information only in the following circumstances:

3.1 Service Providers

• Stripe: For credit/debit card payment processing and invoice generation. Stripe processes payments in accordance with PCI-DSS standards and their own privacy policy (https://stripe.com/au/legal/privacy-center)
• BTCPay Server: For Bitcoin cryptocurrency payment processing. We operate our own self-hosted BTCPay Server instance to process Bitcoin payments while maintaining your privacy. BTCPay Server does not share your payment information with third parties, and we collect only the minimum information necessary for order fulfillment (order details, customer email, and shipping information). Bitcoin transactions are processed on the Bitcoin blockchain, which is a public ledger, but your personal information is not recorded on the blockchain. Learn more athttps://btcpayserver.org/privacy/
• SendGrid (Twilio): For automated order confirmation emails only. We have disabled all email tracking features (open/click tracking) to protect your privacy. SendGrid only processes the minimum data necessary for email delivery: your email address, order details, and delivery status. We do not collect or store any additional personal data through SendGrid beyond what is required for transactional email delivery (https://www.twilio.com/en-us/legal/privacy)
• Formspree: For processing contact form submissions (https://formspree.io/legal/privacy-policy)
• Shipping Partners: We share necessary delivery information with our shipping partners to fulfill your orders

3.2 Optional eSIM Products - Privacy-First Distribution

For optional eSIM products you purchase, we act as a privacy-conscious distributor:

What we share with eSIM providers:

• Only the minimum technical information necessary to generate eSIM activation credentials for our bulk purchase program
• No personal customer information beyond what's required for credential generation (typically just device compatibility requirements)
• We do not register customers with telecommunications providers or establish relationships on their behalf
• We do not create customer accounts or ongoing service relationships

What we do NOT share:

• Your personal contact information, shipping address, or payment details
• Your intended use, location, or purpose for the eSIM
• Your other purchase history, preferences, or personal data
• Any information that would create a customer relationship with the telecommunications provider

No Commercial Telecommunications Relationship: We purchase eSIM data starter packs in bulk as accessories to include with our phones. There is no revenue sharing, commission structure, or ongoing commercial telecommunications relationship.

Important Customer Privacy Protection: When you activate the included eSIM, you establish a direct relationship with the telecommunications provider under their privacy policy. We are not involved in this relationship and have no access to telecommunications usage data or customer interactions.

3.3 Legal Requirements

We may disclose information if required by law, court order, or government regulation, or if necessary to protect our rights or the safety of others.

Telecommunications Regulatory Distinction: Any legal requests related to telecommunications services, data interception, or network monitoring must be directed to the actual telecommunications service provider, not to us as the retail vendor.

3.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the successor entity.

4. International Data Transfers

Your personal information may be transferred to and processed in countries other than Australia, including:

• United States (for Stripe payment processing and Formspree contact forms)
• Countries where our shipping partners operate
• Countries where eSIM credential generation may occur (handled by third-party telecommunications providers)

We take reasonable steps to ensure that any overseas recipients handle your personal information in accordance with Australian privacy standards. By providing your information, you consent to these transfers.

Telecommunications Data Transfer Disclaimer: We have no control over or involvement in international data transfers that may occur as part of telecommunications services provided by third-party providers. Such transfers are governed by the telecommunications provider's privacy policies and applicable regulations.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

• All data transmissions are encrypted using HTTPS/TLS protocols
• Payment information is handled exclusively by PCI-DSS compliant payment processors
• Access to personal information is restricted to authorized personnel only
• We regularly review and update our security measures

However, no method of electronic transmission or storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

Telecommunications Security Disclaimer: We have no control over or responsibility for the security measures implemented by third-party telecommunications providers. Their security practices are governed by their own policies and applicable telecommunications regulations.

6. Data Retention

We retain your personal information only for as long as necessary to:

• Fulfill your orders and provide customer service
• Comply with legal obligations (e.g., tax records must be kept for 7 years)
• Resolve disputes and enforce our agreements

Shopping cart data stored in your browser's local storage is controlled by you and can be cleared at any time through your browser settings.

Included eSIM Data Starter Pack Records: We retain only retail transaction records (purchase confirmation, shipping details, eSIM activation credentials provided) as required for business and tax compliance. We do not retain any telecommunications service usage data, customer service records, or ongoing telecommunications service information.

Telecommunications Data Retention Disclaimer: Any data retention related to eSIM telecommunications services is handled exclusively by esimba/Keepgo under their own policies and applicable telecommunications regulations. We have no involvement in, access to, or responsibility for telecommunications data retention practices.

7. Your Rights

Under the Australian Privacy Principles, you have the right to:

• Access: Request access to the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Anonymity: Where practicable, interact with us anonymously or using a pseudonym
• Complaints: Lodge a complaint about our privacy practices

Important Limitation: These rights apply only to personal information we collect and handle in our capacity as a retail vendor of privacy phones. For any rights regarding the included eSIM data starter pack or telecommunications service data, you must contact Keepgo or the relevant telecommunications provider directly as we have no access to or involvement in telecommunications service data handling.

To exercise these rights regarding our retail operations, please contact us using the details in Section 13.

8. Children's Privacy

Our products and services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website with a new "Last Updated" date. Your continued use of our website after such changes constitutes acceptance of the updated policy.

10. Privacy Features of Our Products

Our privacy-focused products are designed to minimize data collection and maximize your control:

• No User Tracking: We don't monitor or track how you use our products after purchase
• Local Control: All data remains on your device unless you explicitly choose to share it
• Privacy by Design: Every software component is selected for minimal data collection
• Transparent Software: Mix of open-source and vetted privacy-respecting apps built on hardened operating systems
• Documentation Available: Request information about any included software at any time

Software Transparency: We're committed to complete transparency about the software on our devices. While not all applications are open-source, each is carefully selected based on:

• Strong privacy policies and minimal data collection
• Regular security updates and active development
• Encryption and security best practices
• Alignment with our privacy-first philosophy

Contact us at contact@fortresstechnologies.org to request documentation for any software component. We'll provide developer documentation for third-party apps or our development documentation for any proprietary apps we've created.

11. Device Wipe Features & Data Protection

11.1 Data Handling for Wipe Features

Our device wipe features operate entirely on your device and do not transmit data to our servers:

• Local Operation: All wipe triggers and conditions are processed locally on your device
• No Remote Access: We cannot remotely access, monitor, or control wipe features
• No Data Retention: We do not store copies of your device data, encryption keys, or recovery information
• User Configuration: All wipe settings are configured entirely by you based on your security needs

11.2 Legitimate Security Applications

These features support lawful privacy protection needs including:

• Protection against corporate espionage and trade secret theft
• Safeguarding patient records and healthcare confidentiality
• Protecting journalistic sources and sensitive communications
• Preventing identity theft and financial fraud from stolen devices
• Securing attorney-client privilege and legal confidentiality

11.3 Law Enforcement Cooperation

We fully cooperate with legitimate law enforcement requests while supporting your right to privacy:

• Legal Compliance: We comply with all lawful requests from Australian and international law enforcement
• Technical Limitations: We cannot recover data after wipe activation due to cryptographic security design
• No Backdoors: Our devices contain no backdoors or remote access capabilities for data recovery
• User Responsibility: Users must comply with all legal obligations regarding data preservation and disclosure

11.4 Data Recovery Impossibility

Important: By design, we cannot assist with data recovery after wipe activation:

• Cryptographic wiping makes data recovery technically impossible
• We maintain no encryption keys, backups, or recovery mechanisms
• Third-party data recovery services cannot restore wiped data
• Users are solely responsible for maintaining external backups

User Responsibility: You acknowledge that wipe activation is entirely your responsibility based on settings you configure. We provide comprehensive setup instructions and clearly explain all triggers and conditions.

12. Refunds & Returns Policy

12.1 Refund Eligibility

Subject to your rights under the Australian Consumer Law, refunds may only be considered for devices that:

• Remain in their original sold configuration with all pre-installed software intact and unmodified
• Have not been factory reset, wiped, or had their data cleared
• Have not had any applications installed, removed, or modified
• Have not been updated or had their operating system altered in any way
• Are returned within 14 days of delivery in original packaging with all accessories
• Show no signs of physical damage, wear, or misuse

12.2 Non-Refundable Circumstances

No refunds will be provided if:

• The device has been used, configured, or personalized in any way
• Any wipe feature (emergency or scheduled) has been activated
• The device software has been modified, updated, or altered
• You have changed your mind after using or configuring the device
• The device has been damaged through misuse or normal wear
• More than 14 days have passed since delivery

12.3 Optional eSIM Products

eSIM products are sold separately with various data tiers available:

• eSIM data starter pack is non-refundable once you receive activation credentials with your phone
• Unused eSIM packages remain eligible for complete device return within 14 days if activation credentials have not been redeemed
• Once you activate the eSIM with the telecommunications provider, the data service becomes active and is governed by the telecommunications provider's terms

Important: Once an eSIM is activated with the telecommunications provider, all service-related matters (including any data usage disputes) are between you and that provider. We cannot process refunds for telecommunications service issues as we derive no revenue from telecommunications services.

12.4 Australian Consumer Law Rights

This refunds policy operates alongside your non-excludable rights under the Australian Consumer Law. If a product has a major failure, you remain entitled to a replacement or refund regardless of the device's current state, provided the failure is not due to misuse.

12.5 Return Process

To request a return, contact us at contact@fortresstechnologies.org within 14 days of delivery. We will assess the device's eligibility and provide return instructions if applicable. All returns are subject to inspection to verify the device remains in its original sold state.

12.6 Privacy Implications of Returns

When processing returns, we collect minimal information necessary to verify device eligibility:

• Device serial number and configuration verification
• Software state assessment to confirm original configuration
• Return shipping information for logistics purposes
• Refund processing details (linked to original payment method)

Data Protection: Any personal data created during device use remains your responsibility. We cannot access, recover, or verify the deletion of personal data you may have added to the device.

13. Contact Information

If you have questions about this Privacy Policy, wish to access or correct your personal information, or have a privacy complaint, please contact us:

For Telecommunications Service Privacy Matters: Contact esimba/Keepgo directly for all matters related to eSIM telecommunications services. We cannot address privacy concerns related to telecommunications services as we are the distributor, not the service provider, and have no access to telecommunications service data beyond initial provisioning.

14. Regulatory Compliance & Disclaimers

14.1 Australian Privacy Act Compliance

This Privacy Policy is designed to comply with the Australian Privacy Act 1988 and the Australian Privacy Principles in our capacity as a retail vendor. We are not subject to telecommunications-specific privacy regulations as we do not operate telecommunications services.

14.2 Telecommunications Privacy Disclaimer

Important: We are not regulated under telecommunications privacy laws as we do not operate as a carrier or carriage service provider. Any privacy obligations related to telecommunications services are the responsibility of the actual telecommunications providers (such as Keepgo) under applicable telecommunications regulations.

14.3 Cross-Border Privacy

Our retail operations comply with Australian privacy laws. Any privacy protections or obligations related to cross-border telecommunications services are governed by the policies and regulatory compliance of the telecommunications providers.

15. Acknowledgment

By using our website and services, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your personal information as described herein in our capacity as a retail vendor of privacy phones with included accessories only. You understand that optional eSIM telecommunications services are provided by esimba/Keepgo under separate privacy policies and terms of service, with us acting as the distribution partner.