Privacy Policy & GDPR
Last updated: [DATE] · Placeholder — review with counsel before launch.
1. Data controller
The controller is [LEGAL ENTITY NAME] OÜ, registry code [REG CODE], [ADDRESS], Estonia. Data protection contact: [DPO / PRIVACY EMAIL].
2. What we collect
Account data (email, optional name, password hash or Google ID), order data (plans purchased, eSIM identifiers such as ICCID, activation records), referral relationships, and basic technical logs. We do not store card numbers — payments are handled by our payment processor.
3. Why (legal bases)
To provide the service and fulfil orders (contract); to secure accounts and prevent fraud (legitimate interest); to send service messages (contract) and, only with consent, marketing; and to comply with legal/accounting obligations (legal obligation).
4. Sharing
We share the minimum necessary with our eSIM connectivity partner/aggregator (to provision your profile) and our payment processor. We do not sell personal data.
5. Retention
Account data is kept while your account is active. Order and billing records may be retained as required by law (e.g. accounting). On deletion we remove your account and associated order history, subject to legal retention.
6. Your rights
Under GDPR you have the right to access, rectify, erase, restrict, port and object. You can exercise erasure yourself at any time via Account → Delete account, or contact us. You may also lodge a complaint with your local supervisory authority (in Estonia, the AKI).
7. International transfers
Where data is processed outside the EEA (e.g. a global partner), we rely on appropriate safeguards such as Standard Contractual Clauses.
8. Cookies
We use only strictly necessary cookies (a single httpOnly session cookie for authentication). We do not use advertising cookies by default.
9. Changes
We will post updates here with a new date.