esimro

Privacy Policy

How we collect, use, and protect your personal data. Your privacy is our priority.

📅 Last Updated: March 2026✅ Legally Reviewed
01

What We Collect

We collect only what is necessary to provide our service:

  • Email address (for order delivery and account management)
  • Payment information (processed by Stripe — we never store card details)
  • Device type (for compatibility verification)
  • eSIM usage data (activation status, country, plan duration)
  • IP address and approximate location (for fraud prevention)
02

How We Use Your Data

Your data is used exclusively for:

  • Delivering your eSIM QR code via email
  • Processing payments and issuing receipts
  • Providing customer support
  • Sending order confirmations and critical service notifications
  • Fraud prevention and security monitoring
03

Data Storage & Security

All data is stored on secure, encrypted servers hosted by Vercel (EU/US regions). We do not sell, rent, or share your personal data with third parties for marketing purposes. Access to personal data is restricted to authorised personnel only and protected by role-based access controls.

04

Cookies

We use two categories of cookies:

  • Essential cookies: Required for session management, checkout, and security — cannot be disabled
  • Analytics cookies: Anonymous usage data to improve the service — optional, and can be accepted or declined via our cookie consent banner. See our Cookie Policy for full details.
05

Third-Party Services

We work with the following trusted third-party services:

  • Stripe: Payment processing (Stripe's privacy policy applies to payment data)
  • Vercel: Website hosting and edge network
  • Transactional email provider: For delivering QR codes and receipts

We do not use third-party advertising networks or data brokers.

06

Your Rights

Under GDPR and applicable privacy laws, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Object to processing or request restriction
  • Data portability — receive your data in a machine-readable format

To exercise any of these rights, email privacy@esimro.org with your request.

07

Data Retention

We retain account data for 2 years after your last activity, or until you request deletion — whichever comes first. Transaction records may be retained for up to 7 years for legal and accounting compliance. After the retention period, all personal data is permanently deleted from our systems.

08

Children's Privacy

esimro is not intended for users under the age of 18. We do not knowingly collect personal information from children. If you believe a minor has provided us with personal data, please contact privacy@esimro.org and we will delete the information promptly.

09

Contact

For privacy-related inquiries, data access requests, or to exercise your rights, contact our Data Protection Officer at privacy@esimro.org. We aim to respond to all privacy requests within 30 days.