Legal

Privacy Policy & GDPR

Last updated: [DATE] · Placeholder — review with counsel before launch.

1. Data controller

The controller is [LEGAL ENTITY NAME] OÜ, registry code [REG CODE], [ADDRESS], Estonia. Data protection contact: [DPO / PRIVACY EMAIL].

2. What we collect

Account data (email, optional name, password hash or Google ID), order data (plans purchased, eSIM identifiers such as ICCID, activation records), referral relationships, and basic technical logs. We do not store card numbers — payments are handled by our payment processor.

3. Why (legal bases)

To provide the service and fulfil orders (contract); to secure accounts and prevent fraud (legitimate interest); to send service messages (contract) and, only with consent, marketing; and to comply with legal/accounting obligations (legal obligation).

4. Sharing

We share the minimum necessary with our eSIM connectivity partner/aggregator (to provision your profile) and our payment processor. We do not sell personal data.

5. Retention

Account data is kept while your account is active. Order and billing records may be retained as required by law (e.g. accounting). On deletion we remove your account and associated order history, subject to legal retention.

6. Your rights

Under GDPR you have the right to access, rectify, erase, restrict, port and object. You can exercise erasure yourself at any time via Account → Delete account, or contact us. You may also lodge a complaint with your local supervisory authority (in Estonia, the AKI).

7. International transfers

Where data is processed outside the EEA (e.g. a global partner), we rely on appropriate safeguards such as Standard Contractual Clauses.

8. Cookies

We use only strictly necessary cookies (a single httpOnly session cookie for authentication). We do not use advertising cookies by default.

9. Changes

We will post updates here with a new date.