Privacy Policy | eSIMium

Last updated: 12/5/2025

1. Introduction

eSIMium ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our eSIM services and website.

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access or use our services.

2. Information We Collect

We collect information that you provide directly to us, as well as information automatically collected when you use our services:

2.1 Personal Information

Account Information: Full name, email address, password, phone number
Payment Information: Credit card details, billing address (processed securely through Stripe, our PCI-DSS compliant payment processor)
Profile Data: Travel preferences, country selections, language preferences

2.2 Usage and Technical Information

eSIM Usage Data: Activation status, data consumption, network connection details
Device Information: Device type, operating system, IMEI number, device identifier
Log Data: IP address, browser type, access times, pages viewed, referring URLs
Cookies and Tracking: Session cookies, analytics cookies, preference cookies

3. How We Use Your Information

We process your personal information for the following purposes:

Service Delivery: Provision, activate, and manage your eSIM services and account
Payment Processing: Process transactions, prevent fraud, and maintain financial records
Communication: Send service updates, order confirmations, technical notices, and customer support responses
Service Improvement: Analyze usage patterns, improve functionality, and develop new features
Legal Compliance: Comply with applicable laws, regulations, and legal processes
Security: Detect, prevent, and address technical issues, fraud, and security violations

3.1 Legal Basis for Processing (GDPR)

We process your personal data based on:

Contract Performance: To fulfill our contractual obligations to provide eSIM services
Legitimate Interests: To improve our services, prevent fraud, and ensure security
Legal Obligations: To comply with applicable laws and regulations
Consent: Where you have given explicit consent for specific processing activities

4. Information Sharing and Disclosure

We may share your information with the following third parties:

4.1 Service Providers

Payment Processors: Stripe for secure payment processing
eSIM Providers: Mobile network operators and eSIM platform providers (eSIMGo)
Email Services: Resend for transactional email delivery
Cloud Infrastructure: Hosting and database services (Vercel, Supabase, Neon)
Analytics: Service usage and performance monitoring tools
Customer Support: Live chat and support ticket management systems

4.2 Legal Requirements

We may disclose your information if required to:

Comply with legal obligations, court orders, or government requests
Enforce our Terms of Service and other agreements
Protect the rights, property, or safety of eSIMium, our users, or others
Investigate and prevent fraud, security issues, or illegal activities

4.3 Business Transfers

In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change via email or prominent notice on our website.

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5. Data Security

We implement industry-standard security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction:

Encryption: TLS/SSL encryption for data in transit; AES-256 encryption for data at rest
Secure Payment Processing: PCI-DSS compliant payment processing through Stripe
Access Controls: Role-based access controls and multi-factor authentication for administrative access
Security Monitoring: Regular security audits, vulnerability assessments, and intrusion detection
Data Minimization: Collection and retention of only necessary personal information

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

6. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

6.1 General Rights

Access: Request access to the personal information we hold about you
Correction: Request correction of inaccurate or incomplete personal information
Deletion: Request deletion of your personal information (subject to legal retention requirements)
Objection: Object to the processing of your personal information
Restriction: Request restriction of processing your personal information
Data Portability: Receive your personal information in a structured, machine-readable format
Withdraw Consent: Withdraw consent for processing activities based on consent

6.2 California Privacy Rights (CCPA)

California residents have additional rights including:

Right to know what personal information is collected, used, shared, or sold
Right to delete personal information held by businesses
Right to opt-out of the sale of personal information (we do not sell your data)
Right to non-discrimination for exercising privacy rights

6.3 European Privacy Rights (GDPR)

EU/EEA residents have rights under the General Data Protection Regulation including those listed above.

To exercise any of these rights, please contact us at privacy@esimium.com. We will respond to your request within 30 days.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience:

7.1 Types of Cookies

Essential Cookies: Required for website functionality, authentication, and security
Performance Cookies: Collect anonymous information about site usage and performance
Functional Cookies: Remember your preferences and settings
Analytics Cookies: Help us understand how visitors interact with our website

7.2 Managing Cookies

You can control cookies through your browser settings. Disabling certain cookies may affect website functionality. For more information, visit aboutcookies.org.

8. International Data Transfers

Your information may be transferred to, stored, and processed in countries other than your country of residence, including the United States and European Union. These countries may have data protection laws that differ from those of your country.

When we transfer personal information internationally, we ensure appropriate safeguards are in place, including:

Standard Contractual Clauses approved by the European Commission
Data Processing Agreements with service providers
Adequacy decisions by relevant data protection authorities

9. Data Retention

We retain your personal information for as long as necessary to:

Provide our services and maintain your account
Comply with legal, tax, and accounting obligations
Resolve disputes and enforce our agreements
Prevent fraud and ensure security

Typical retention periods:

Account Information: Retained while your account is active plus 5 years after closure
Transaction Records: Retained for 7 years for tax and accounting purposes
Usage Data: Aggregated and anonymized after 2 years
Marketing Consents: Retained until you withdraw consent

10. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@esimium.com, and we will delete such information.

11. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of these third-party sites. We encourage you to review the privacy policies of any third-party sites you visit.

12. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

Posting the updated policy on our website with a new "Last Updated" date
Sending an email notification to your registered email address
Displaying a prominent notice on our website or service

Your continued use of our services after the effective date of the updated privacy policy constitutes your acceptance of the changes.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: privacy@esimium.com

General Support: support@esimium.com

Data Protection Officer: dpo@esimium.com

We will respond to your inquiry within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.