Regulatory deep-dive · Personal
Plain-English consumer protection - built in, not bolted on.
Every consumer-facing rule that applies to a UK mobile network - Ofcom GCs, the ICO, the CMA, the Online Safety Act, the Ombudsman scheme. What it asks of us, what we do, and the rights you always keep as a Boundless customer.
No overage · no mid-contract rises · no premium-rate billing Vulnerable-customer policy live
Your rights with Boundless
The short version, no asterisks.
Plain-English protections, baked into the product - not buried in clause 14.3 of a 40-page contract.
Cooling-off
14 days from delivery to walk away with a full refund - no questions, no restocking fee.
Switch out
One-Touch Switch supported for residential. Your new provider does the work; we don't object.
999/112
Always free, always uninterrupted - even if your line is barred or out of credit.
End-of-contract notice
We'll tell you at 60, 30 and 10 days before your contract ends, with the price you'd pay if you stay.
No mid-contract price rises
The price on the contract is the price you pay for the term. No CPI/RPI tricks.
Hard caps, never overage
When you hit your limit we throttle - we never bill you extra without you asking us to.
Plain-English bill
One number, one currency, no premium-rate items because we don't bill them.
Independent ADR
After 8 weeks (or earlier deadlock) you can escalate free to Ombudsman Services: Communications.
Vulnerable-customer policy
Tell us you're in a vulnerable circumstance and we adjust the SLA, the comms cadence and the bill format.
Who watches us, on your behalf
21 regulators, one transparent posture.
Click any card for the rules they enforce, our position, and the risks we've already mitigated.
Risks we've already mapped
Including the ones nobody likes to talk about.
Charge-backs, bill-shock, SIM-swap, child safety, vulnerable customers, mid-contract surprises. Each has a mitigation already actioned in the platform.
| Risk | Category | Likelihood | Impact | Mitigation | Status |
|---|---|---|---|---|---|
Card charge-backs / disputed payments Layer 22 money-path guard · /app/audit | Financial | medium | medium | Stripe Radar + 3DS2 SCA on every card auth · B2B accounts use PO/invoice with signed acceptance log · friendly-fraud rebuttal pack auto-assembled from the audit chain (delivery receipt, login trail, usage record). | Mapped |
Bill shock / unexpected overage Layer 22 · plan policy in /app/wallet-ledger | Reputational | low | high | No overage by design - every plan is a hard cap that throttles, never bills extra. Pre-paid wholesale on the carrier side means we cannot be surprise-billed by Mobifon either. | Mapped |
Service outage / SLA breach Layer 8 health probes · abel_pentest_runs | Operational | low | high | Multi-IMSI failover (live), partner SLA pass-through to Mobifon NOC, automated service-credit issuance from CDR gap detection. | Mapped |
Roaming surprise charges Layer 12 sovereignty router | Financial | low | medium | Allied-roaming only (FVEY + EU/EEA), pre-paid roaming bundles, geo-fence push alerts before threshold, hard cap stops session at limit. | Mapped |
SS7 / Diameter abuse on inbound signalling Layer 4 signalling · /app/abel/overview | Security | medium | high | Live edge inspection of signalling (twin in demo, partner-side in prod), STIR/SHAKEN A-attestation on all originated calls, GSMA FS.11/FS.19 baseline. | Mapped |
SIM-swap / port-out fraud Layer 14 step-up · Layer 23 chain | Security | medium | high | Admin-gated port-out + step-up auth + 24h cool-off on business lines · device attestation required to re-bind SIM · all attempts logged to the hash-chained audit. | Mapped |
Lawful-intercept demands Layer 25 forensic replay | Legal | low | high | ETSI LI compliant interface, single named liaison (li-liaison@boundless.tel), every warrant request signed and recorded to the audit chain - no off-the-record taps possible. | Mapped |
Subprocessor failure (Mobifon, Stripe, Supabase, Cloudflare) Layer 26 continuous compliance export | Operational | low | high | DPIA on file for every subprocessor · documented exit plan with data-export format · Mobifon multi-IMSI fallback · Stripe → fallback to Direct Debit / invoice. | Mapped |
GDPR DSAR / right-to-erasure overload Layer 11 lawful-basis · /app/audit | Regulatory | low | medium | Automated DSAR endpoint with 24h SLA timer · proof-of-deletion signed and chain-anchored · per-record lawful-basis tag means scope is unambiguous. | Mapped |
NIS2 24h incident-reporting clock Layer 26 · exportComplianceBundle | Regulatory | low | high | Auto-emitted incident pipeline within 60 minutes of detection - well inside the 24h legal window - with signed evidence bundle ready for the regulator. | Mapped |
Vulnerable customer harm (B2C only) Consumer policy · Ofcom GC C5 | Reputational | low | high | Vulnerable-customer flag on profile · automatic exemption from any price-rise notice clock · mandatory 999/112 call-through even on barred SIMs · plain-English bills only. | Mapped |
Online Safety Act child-safety duties (B2C only) Family pack · Ofcom kid-mode policy | Regulatory | low | high | Family-pack kid-mode is a SIM-level filter (carrier-grade, parent-overridable) - we are connectivity, not a hosted service, so user-generated-content duties do not attach. | Mapped |
Mid-contract price rises (B2C only) Ofcom GC C1.4 · pricing-promise PDF | Regulatory | low | medium | We do not do CPI/RPI-linked rises. Price for the term is the price on the contract. Any change requires fresh consent + 30-day exit right. | Mapped |
Consumer credit / BNPL exposure (avoided) FCA CONC App 1 · contract structure | Regulatory | low | high | We do NOT offer regulated credit. Monthly rolling, pre-paid wholesale, no deferred payment > 12 months → outside CONC scope · no FCA permission required. | Mapped |
Premium-rate billing (avoided) PSA scope · billing policy | Regulatory | low | medium | We do not bill third-party premium services. PSA Code of Practice does not apply. Inbound premium-rate calls are routed but not collected on our bill. | Mapped |
Financial-promotion breach on $BNDL marketing FSMA s.21 · /token gate · audit chain | Regulatory | low | high | Every token-related communication is signed off by an FCA-authorised person under FSMA s.21 before publication. Investor-categorisation gate on /token (high-net-worth, sophisticated, or restricted-investor self-cert). No celebrity endorsements. 24h cooling-off on first investment. Signed copy + categorisation evidence chained to Layer 23. | Mapped |
$BNDL recategorised as security / CIS / cryptoasset Legal opinion · token.functions · HMRC CRYPTO22050 | Legal | low | high | Standing legal opinion on file: $BNDL is a fractional ordinary-equity instrument, not a unit in a collective investment scheme (no pooling for return), not a cryptoasset under MLR Reg. 14A (no DLT-as-medium-of-exchange), and not a transferable security on a secondary market pre-IPO. Treasury cash-backed; CGT-only tax treatment confirmed against HMRC CRYPTO22050 / share-pool rules. | Mapped |
Wallet balances cross the e-money definition PSR Sched 1 §2(k) · Stripe e-money licence · wallet_ledger | Regulatory | low | high | Wallet is internal scrip: redeemable 1:1 against Boundless services (limited-network exemption, PSR 2017 Sched 1 Pt 2 §2(k)) plus an explicit £10k per-user cap. Cash-out is processed through Stripe Connect - Stripe is the licensed e-money issuer, we are an agent. Balance ledger is append-only and reconciled per ledger entry. | Mapped |
Advocate-payout abuse for layering / money-laundering Stripe Connect KYC · MLR 2017 Reg 28 · referral_payouts trigger | Legal | low | high | Every payout name-matched to bank account by Stripe Connect KYC, sanctions-screened on each disbursement, capped at £1k per advocate per month without enhanced due diligence. Single named MLRO (mlro@boundless.tel). All payout state changes auto-audited via handle_payout_status_change trigger. | Mapped |
Advocate awards reclassified as employment income ITTOIA 2005 s.783A · advocate T&Cs · /app/wallet-ledger | Regulatory | low | medium | T&Cs explicit 'introducer, not employee'. Per-payee structured to fit the £1,000 trading-allowance and the £6k CGT allowance for any token component. Annual statement (CSV + PDF) downloadable from the wallet ledger, mirroring 1099-style reporting for HMRC. Advocate self-certifies tax status at sign-up. | Mapped |
Chargeback / first-party fraud on top-up or withdrawal Stripe Radar · Stripe Connect · Layer 23 | Financial | low | medium | Top-ups go through Stripe Radar with 3DS2 SCA. Withdrawals are KYC-gated by Stripe Connect Express. Boundless never custodies funds end-to-end - Stripe is the regulated money-handler. Chargeback rebuttal pack auto-assembles from Layer 23 audit chain. | Mapped |
PSD2 Strong Customer Authentication failure on movement of funds PSR 2017 Reg 100 · Stripe SCA · Layer 14 | Regulatory | low | medium | All card payments go through Stripe with 3DS2 SCA enforced by default. Step-up auth (biometric or OTP) required on wallet movements >£100. Inherence + possession factors logged to the audit chain. | Mapped |
User-side HMRC reporting on referral or token gains /app/wallet-ledger · HMRC SA guide · CRYPTO22050 | Reputational | low | low | In-app annual statement (PDF + CSV) downloadable from /app/wallet-ledger covering: referral income vs £1k trading allowance, token disposals vs £3k (24/25) / £6k (prior) CGT allowance, and any token-as-income event valued at GBP-spot. Plain-English HMRC-self-assessment guide linked. | Mapped |
If something goes wrong
A clear, fair, free escalation path.
Most issues are resolved on first contact. If they're not, the path is short and the clock is on our side, not yours.
- 1 · Tell ushelp@boundless.tel - first response within 5 working days.
- 2 · EscalateAsk for a Deadlock Letter at any time, or wait 8 weeks.
- 3 · OmbudsmanFree escalation to Ombudsman Services: Communications. Their decision is binding on us, not on you.
- 4 · RegulatorYou can also report to Ofcom or the ICO - we won't object, retaliate, or charge you for it.
Where your money goes
We provide the window. Stripe provides the safe.
Boundless never custodies your cash. Top-ups and withdrawals route through Stripe - a PSD2-licensed, FCA-authorised payment institution. Wallet balances stay inside the limited-network exemption (capped at £10k) and your advocate payouts land in your own FSCS-protected bank account. Plain English, no surprises.
Architecture · money handler
We provide the window. Stripe provides the safe.
Hop 1
Customer / advocate
Cardholder, wallet user, referrer
Sees one screen. Boundless app. Never asked for KYC docs by us - Stripe Connect does that on the payout step.
Custody:none
Hop 2
Stripe (inbound)
Payment Services Provider · FCA-authorised PI · PCI-DSS Level 1
Card auth, 3DS2 SCA, Radar fraud screen, settlement to Boundless merchant account. Stripe is the merchant of record for the payment leg.
Custody:issuer
Hop 3
Boundless ledger
wallet_ledger + advocate_profiles tables
Append-only, hash-chained, RLS-enforced. We hold a NUMBER, not money. Limited-network exemption (PSR Sched 1 §2(k)) keeps balances out of e-money scope.
Custody:none
Hop 4
Mobifon (wholesale)
Network operator · ANCOM regulated
Domestic reverse charge for VAT (Notice 735). Mobifon settles the cellular service to the customer.
Custody:settlement
Hop 5
Stripe Connect (outbound)
Express account · KYC + sanctions + payout rail
Advocate withdrawals. Stripe performs CDD under MLR Reg. 39 reliance. Name-match to bank account, sanctions screen on every disbursement.
Custody:issuer
Hop 6
Advocate bank account
Final settlement
Funds land in the advocate's own FSCS-protected account. Boundless never touches the cash leg.
Custody:settlement
Every regulated hop has a licence and a balance sheet. Boundless sits in the middle as ledger + experience.
Questions for our DPO or compliance team?
Real humans, named contacts, sub-24h response. Nothing about your data is opaque.