MyMCI is the official e-care application of Mobile Communication Company of Iran (MCI / Hamrah-e Aval). The application allows prepaid and postpaid subscribers to access mobile services online, including account management, bill payment, package purchase, wallet services, service activation, support requests, and other digital customer-care services. At MCI, we respect the privacy of our users and are committed to protecting their personal data. This Privacy Policy explains what information we collect, how we use it, how we protect it, and under what circumstances it may be shared.

By using the MyMCI application, you acknowledge that you have read and understood this Privacy Policy.

1. Scope of This Privacy Policy

This Privacy Policy applies to the MyMCI mobile application and features provided through the application. This Privacy Policy does not apply to third-party websites, applications, payment gateways, or services that may be linked to or integrated with MyMCI, unless they are directly operated by MCI.

2. Information We Collect

We may collect and process the following categories of information when you register, log in, or use MyMCI services.

2.1 Account and Subscriber Information

We may collect information required to identify and manage your subscriber account, including:

• Mobile number
• Subscriber type, such as prepaid or postpaid
• Customer identity information, where required for authentication or legal purposes
• Account status and service profile
• SIM-related service information
• Registered user preferences

2.2 Service Usage Information

When you use the application, we may collect information about your activities within MyMCI, including:

• Services viewed, activated, purchased, or deactivated
• Internet, voice, SMS, and value-added service package requests
• Bill inquiries and payment history
• Wallet transactions, top-ups, and related financial activity
• Customer support requests and complaint history
• Application events and service logs

2.3 Device and Technical Information

To ensure security, improve performance, and troubleshoot technical issues, we may collect technical information such as:

• Device ID or similar device identifiers
• Device model and manufacturer
• Operating system type and version
• Application version
• IP address
• Date and time of activity
• Network and connection information
• Error logs, crash reports, and diagnostic data

2.4 Marketing and Analytics Information

We use Firebase services, including Google Analytics for Firebase and Firebase Cloud Messaging, to understand how users interact with the MyMCI application, improve service quality, measure application performance, and send service-related or promotional notifications.

Depending on your device, operating system, app settings, and the services you use, we may collect and process the following information:

• App interaction data, such as screens viewed, buttons clicked, features used, service flows completed, and in-app events
• App performance and diagnostic information, such as app version, device type, operating system version, crash-related data, error events, and technical logs
• Analytics identifiers, such as app-instance ID, Firebase installation ID, or similar identifiers used to distinguish an app installation
• Device and advertising identifiers, such as Android Advertising ID or similar platform identifiers, where available and permitted by your device settings
• Push notification identifiers, such as Firebase Cloud Messaging registration tokens or push notification IDs
• Notification interaction data, such as whether a notification was delivered, opened, or used to access a service
• Campaign and marketing interaction data, such as responses to offers, promotions, service recommendations, or in-app campaigns

We use this information for the following purposes:

• To analyze and improve the functionality, reliability, and user experience of the MyMCI application
• To understand which services and features are used most frequently
• To detect technical issues and improve application performance
• To send important service-related notifications, such as billing reminders, package expiry alerts, payment confirmations, security notices, and service updates
• To send promotional notifications, offers, campaigns, and personalized service recommendations, where permitted
• To measure the effectiveness of campaigns and communications
• To help prevent misuse, fraud, or unauthorized access to the application

2.5 Payment Information

For payment-related services, MyMCI may process transaction information such as payment amount, transaction status, payment reference number, wallet balance, and transaction history. MyMCI does not store sensitive bank card information such as full card numbers, CVV2, second passwords, or other confidential banking credentials. Payment transactions are processed through authorized payment service providers or banking gateways or in-app wallet.

3.6 Permissions and Optional Data

Depending on the features you use, the application may request access to certain device permissions, such as notifications, location, or contacts.

These permissions are used only for the related service or feature. You may manage application permissions through your device settings. Some features may not function properly if required permissions are disabled.

3. How We Use Your Information

We may use your information for the following purposes:

• To register, authenticate, and manage your MyMCI account
• To provide mobile communication and e-care services
• To display account information, bills, balances, packages, and service status
• To process payments, wallet transactions, top-ups, and purchases
• To provide customer support and respond to service requests
• To troubleshoot errors and improve application performance
• To protect user accounts, systems, and networks against fraud, misuse, and unauthorized access
• To comply with legal, regulatory, judicial, and governmental requirements
• To improve user experience and develop new services
• To send service-related notifications, alerts, and updates
• To provide offers, promotions, and marketing communications, where permitted
• To perform internal reporting, analytics, and business planning

4. Sharing and Disclosure of Information

MCI does not sell users’ personal information. We may share information only where necessary and in accordance with applicable laws, including in the following cases:

4.1 With Authorized Service Providers

We may share information with trusted service providers who support the operation of MyMCI, such as payment processors, analytics providers, customer support systems, and technical maintenance partners. These providers are required to use the information only for the services they provide to MCI and to protect it appropriately.

4.2 With Payment and Banking Partners

For payment, wallet, recharge, and billing services, relevant transaction information may be shared with authorized payment gateways, banks, or financial service providers.

4.3 With Regulatory, Judicial, or Governmental Authorities

We may disclose information when required by applicable laws, regulations, court orders, judicial authorities, competent governmental bodies, or regulatory obligations related to telecommunications services.

4.4 For Security and Fraud Prevention

We may share or use information where necessary to detect, prevent, or investigate fraud, cyber incidents, unauthorized access, misuse of services, or threats to network and information security.

4.5 Corporate Transactions

If MCI undergoes a merger, restructuring, transfer of services, or similar corporate transaction, relevant information may be transferred as part of that process, subject to appropriate confidentiality and security safeguards.

5. Data Security

We use administrative, technical, and physical safeguards to protect user information against unauthorized access, loss, misuse, alteration, or disclosure. These safeguards may include:

• Secure servers and controlled access environments
• Encryption and secure communication protocols
• Access control and authentication mechanisms
• Monitoring and logging of system activity
• Security testing and vulnerability management
• Internal policies for handling personal data
• Physical security controls for infrastructure and data centers

Although we take reasonable measures to protect user information, no electronic transmission, application, or storage system can be guaranteed to be completely secure.

6. Data Retention

We retain personal information only for as long as necessary to provide services, meet operational needs, resolve disputes, maintain security, and comply with legal, regulatory, accounting, or telecommunications obligations.

Retention periods may vary depending on the type of information, the nature of the service, and applicable legal requirements.

When information is no longer required, we will delete, anonymize, or securely store it in accordance with our internal policies and applicable requirements.

7. User Choices and Rights

Depending on applicable laws and service requirements, users may have certain choices regarding their information, including:

• Viewing and updating account information through the application
• Managing notification preferences
• Managing device permissions through mobile operating system settings
• Opting out of certain marketing communications where such option is available

8. Notifications and Marketing Communications

MyMCI may send service-related messages, including security alerts, payment confirmations, billing reminders, package expiry notices, and service updates. We may also send promotional messages, offers, and marketing communications based on your preferences and applicable rules. You may be able to manage some notification settings through your device settings.

9. Children’s Privacy

MyMCI is intended for use by MCI subscribers and authorized users of mobile services. The application is not designed for children who are not legally permitted to use telecommunications services or manage subscriber accounts.

10. Third-Party Services and Links

MyMCI may include links or integrations with third-party services, such as payment gateways, app stores, authentication services, or external support tools. These third-party services may have their own privacy policies and terms of use. MCI is not responsible for the privacy practices of third parties that are not operated or controlled by MCI.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, technology, legal obligations, or business operations. When we make significant changes, we may notify users through the application, website, SMS, or other appropriate communication channels. The updated version will be effective from the date stated at the top of this Privacy Policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal information, you may contact us through:

• Mobile Communication Company of Iran (MCI / Hamrah-e Aval)
• Customer Support: +98-9990
• Email: digital@mci.ir
• Website: https://my.mci.ir/app/

13. Acknowledgment

By using the MyMCI application, you confirm that you have read and understood this Privacy Policy and agree to the collection and use of your information as described in this document.