LetsESIM
This document is available in English only. The English version is the authoritative and legally binding version.

Privacy Policy

Last updated: March 7, 2026

1. Who We Are

LetsESIM is a digital eSIM plan service operated by an independent developer (the "Data Controller"). For any privacy-related enquiries, please contact us at [email protected].

2. What Data We Collect

We collect the minimum data necessary to provide our services:

  • Account data: Your email address, used for account creation, eSIM delivery, and service-related communications.
  • Transaction data: Order details, plan purchased, and transaction references (not full payment card details — these are handled entirely by our payment processor).
  • Usage data: eSIM activation status and data consumption as reported by the underlying network provider, used solely for order management and support.
  • Technical data: IP address, browser type, and device type, collected automatically via server logs and used for security and service improvement purposes.

We do not collect payment card numbers, CVV codes, or bank account details.

3. How We Use Your Data

We use your personal data for the following purposes:

  • To process and fulfil your eSIM order (legal basis: contract performance)
  • To deliver your eSIM QR code and installation instructions to your email (contract performance)
  • To respond to support enquiries and resolve issues (contract performance / legitimate interest)
  • To detect and prevent fraudulent transactions (legitimate interest)
  • To comply with legal obligations, such as tax record-keeping (legal obligation)
  • To send transactional service communications related to your orders (contract performance)

We do not send marketing emails without your explicit consent. We do not sell your data to third parties.

4. Data Sharing

We share your data with the following categories of third parties, solely as necessary to provide our services:

  • Payment processor: To securely handle payment transactions. The processor operates under its own privacy policy and complies with PCI DSS standards.
  • eSIM network provider: Your email and order details are passed to our upstream eSIM provisioning provider to generate and deliver your eSIM profile.
  • Cloud infrastructure: We use Cloudflare for hosting and content delivery. Cloudflare may process request metadata as part of its service.

We do not share your personal data with advertising networks, data brokers, or any third party for purposes unrelated to your order.

5. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes described in this policy:

  • Order and transaction records: retained for 7 years for tax and legal compliance purposes.
  • Support correspondence: retained for 3 years from the date of the last interaction.
  • Technical logs (IP addresses etc.): retained for up to 90 days.

6. Your Rights (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights regarding your personal data:

  • Right of access: You may request a copy of the personal data we hold about you.
  • Right to rectification: You may request correction of inaccurate data.
  • Right to erasure: You may request deletion of your data, subject to legal retention obligations.
  • Right to restriction: You may request that we limit processing of your data.
  • Right to portability: You may request your data in a structured, machine-readable format.
  • Right to object: You may object to processing based on legitimate interests.

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority if you believe your rights have been infringed.

7. Cookies and Tracking

Our website uses only strictly necessary cookies (e.g., session management). We do not use tracking cookies, advertising cookies, or third-party analytics that collect personally identifiable information. You can control cookies through your browser settings.

8. International Transfers

Our infrastructure is hosted on Cloudflare, which may process data in multiple regions worldwide. Where data is transferred outside the EEA or UK, we ensure appropriate safeguards are in place, including Standard Contractual Clauses where applicable.

9. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. All data in transit is encrypted via TLS/HTTPS.

10. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a minor, please contact us immediately at [email protected].

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be indicated by updating the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

12. Contact

For any privacy-related questions or to exercise your rights, contact us at: [email protected]