Every legal, regulatory and governance document Boundless publishes - in one place.

The contract between you and Boundless when you take a Boundless mobile or wallet product as an individual. Plain-English, with hard caps, no overage charges, no mid-contract surprise rises, and a 14-day cooling-off period.

What you can and can't do on the Boundless network. Covers fraud, spam, network abuse, prohibited content, and the steps we take when something goes wrong - with proportionate, transparent enforcement.

How unlimited plans actually work, and how roaming inside the EU/UK works. We tell you the thresholds upfront and we throttle rather than charge if you ever cross them.

Your statutory 14-day cooling-off right, how to leave Boundless cleanly, and how Switching (the Ofcom One-Touch Switch process) works for mobile.

How and when we bill, exactly what your bill will say, and why we don't do mid-contract CPI/RPI rises. Aligned with Ofcom's April 2024 transparency rules.

How to complain, how quickly we'll respond, and your right to escalate to an independent ombudsman (CISAS) after eight weeks or sooner if we deadlock.

How we treat customers in vulnerable circumstances - adjusted SLAs, alternative comms formats, dedicated point of contact, and zero pressure to take additional services.

Our commitment to WCAG 2.2 AA on every customer-facing surface, alternative bill formats (large print, audio, Braille on request), and the contact route for accessibility issues.

The terms governing the Boundless Advocate Programme - how referrals are attributed, how credit is calculated, the tier multiplier, the wallet ledger and payout mechanics, and the limits on representations advocates may make about Boundless.

Master agreement for organisations buying any Boundless service. Modular: you accept the MSA once, then add Service Schedules per product (Mobile, IoT, SD-WAN, etc.). Includes liability caps, change control, exit assistance and audit rights.

Uptime targets, mean-time-to-respond, mean-time-to-restore, the credit regime when we miss them, and the carve-outs (planned maintenance, force majeure).

What personal data we collect, why we collect it, who we share it with, how long we keep it, and the rights you have under UK GDPR. Article 13/14-compliant.

Every cookie and similar storage technology we set, what it does, how long it lasts, and how you can change your mind at any time from the cookie settings link in the footer.

The Article 28 controller-to-processor agreement that applies whenever Boundless processes personal data on a business customer's behalf - sub-processors, transfers, audits, and breach notification.

Article 13/14 notice for the Boundless 2.0 Concierge Application wizard. Explains what we collect, why, our lawful basis, who sees it, retention, and your rights.

How we comply with UK lawful interception and communications-data requests under the Investigatory Powers Act, and the strict warrant-or-nothing rule we apply to every request.

How we manage congestion, what we do and don't throttle, and our commitment to the open-internet principles required of every UK and EEA telecoms provider.

How security researchers can report vulnerabilities to us safely, what we'll do with the report, and the safe-harbour we provide for good-faith research.

Statutory company information - registered office, company number, VAT number, ICO registration, directors and regulated permissions.

The steps we take across our operations and supply chain to identify and prevent modern slavery - supplier due diligence, training, and reporting routes.

Zero-tolerance position on bribery, with rules on gifts, hospitality, facilitation payments, political donations and third-party due diligence.

How we screen customers, suppliers and counterparties against UK, EU, US and UN sanctions lists, and our position on dual-use telecoms exports.

How anyone - employee, contractor or supplier - can raise a concern in confidence, what we'll do with it, and the protections we provide against retaliation.

What we expect from every supplier - labour, safety, security, environment, ethics, data - and our right to audit.

Composition, role, decision rights and meeting cadence of the Boundless board, plus the committees it has delegated authority to.

How the Risk & Compliance Committee oversees regulatory, operational and financial risk across Boundless, and how it escalates to the board.

How the Security & Resilience Committee oversees TSA-aligned security duties, NIS2 obligations, incident response and the Abel control surface.

How the Audit Committee oversees external audit, internal audit, financial reporting and whistleblowing investigations.

How directors, officers and staff identify, declare and manage actual or perceived conflicts of interest.

The top-level information security policy required by ISO 27001 - owned by the board, mandatory for everyone, and the parent of every subordinate security control.

How Boundless plans for, exercises against and recovers from disruption - RPO/RTO targets per service, alternate sites, and the BCP testing cycle.

How we detect, contain, eradicate, recover from and learn from security incidents - and the regulator-notification clocks we run against (NIS2 24h/72h, ICO 72h, Ofcom).

How we identify and verify customers (and beneficial owners), screen against PEP and sanctions lists, monitor transactions, and report suspicious activity. Applies to wallet, token and B2B onboarding.

The values, behaviours and prohibitions that govern how everyone at Boundless makes decisions - from frontline care to product design.