Privacy Policy

This privacy policy explains how ESimTel Limited collects, uses, and protects your personal information when you use our services or visit our website. It outlines the types of data we collect, the reasons we collect it, who we share it with, and your rights regarding your data under the GDPR.

ESimxen Privacy Policy

ESimxen Privacy Policy

Last updated: 09 Sep 2025

Thank you for using ESimxen (“we”, “our”, “us”). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our mobile apps, website, and related services (collectively, the “Services”). By using the Services, you agree to this Policy. If you do not agree, please do not use the Services.

Contents

1) What we collect

We collect information in three ways: (a) provided by you, (b) collected automatically, and (c) from third parties.

  • Information you provide – account email, name (if added or via Apple/Google sign-in), avatar (optional); one-time passcodes; support messages; purchase details (plan, currency, amount, transaction ID). We do not store full payment card numbers.
  • Automatic collection – device model, OS & app version, language, time zone, approximate location via IP, usage analytics, diagnostics & crash logs, push tokens.
  • From third parties – identity providers (Apple/Google) share data you authorize; app stores or payment processors share transaction status; push providers (APNs/FCM) share delivery tokens.

2) How we use your information

  • Create and secure accounts; authenticate (including OTP).
  • Deliver, maintain, and improve the Services.
  • Process purchases, subscriptions, refunds, and receipts.
  • Send service communications (OTPs, critical notices); send optional marketing with your consent.
  • Prevent fraud/abuse; ensure security and integrity.
  • Comply with legal, tax, and accounting obligations; enforce terms.

4) Sharing your information

We do not sell personal information. We share data only with:

  • Service providers (processors): hosting & databases, email/SMS delivery, push notifications (APNs/FCM), analytics/crash reporting (e.g., Firebase), and payment processing (Apple/Google billing; optionally Stripe).
  • Telecom & eSIM partners (if applicable) to activate/manage eSIM plans you purchase.
  • Authorities when required by law, court order, or to protect rights and safety.
  • Business transfers in the event of a merger, acquisition, or asset sale (your data remains protected under this Policy or an equivalent notice).

5) Cookies & similar technologies

Our website and apps may use cookies, local storage, and SDKs for authentication, preferences, analytics, and notifications. You can control cookies in your browser/device settings; some features may not function without them.

6) Push notifications

With your permission, we send OTPs, alerts, and updates via APNs/FCM. You can disable notifications anytime in system settings.

7) Payments

In-app purchases are processed by the Apple App Store / Google Play. If web payments are offered, they may be processed by Stripe. ESimxen does not store full payment card details on its servers.

8) Data retention

We keep personal data only as long as necessary for the purposes described above, including legal/tax requirements. When no longer needed, data is deleted or anonymized.

9) Security

We implement technical and organizational measures (e.g., encryption in transit, access controls, monitoring) to protect your data. No method is 100% secure; please safeguard your account and credentials.

10) International transfers

Your data may be processed outside your country. Where required, we use appropriate safeguards (e.g., Standard Contractual Clauses, DPAs) to protect your information.

11) Your rights

Depending on your location, you may have rights to access, correct, delete, or port your data; object to or restrict processing; and withdraw consent (e.g., marketing) at any time. To submit a request, contact us at [email]. We may ask for verification.

California (CCPA/CPRA): We do not sell or share personal information as defined by CPRA. You may request access, deletion, or correction by emailing us.

12) Children’s privacy

The Services are not directed to children under 13 (or the age required by local law). We do not knowingly collect data from children. If you believe a child has provided data, please contact us to remove it.

13) Third-party links

Our Services may contain links to third-party sites or services. Their privacy practices are governed by their own policies.

14) Changes to this Policy

We may update this Policy from time to time. The “Last updated” date above reflects the latest version. For material changes, we will notify you via the app, website, or email.