Privacy Policy

1. Introduction

eSIM Hero is committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

2. Information We Collect

2.1 Personal Information

We may collect the following types of personal information:

• Name and contact information (email address, phone number)
• Billing and payment information
• Device information (IMEI, device model) for eSIM activation
• Usage data and service preferences
• Customer support communications

2.2 Automatically Collected Information

• IP address and location data
• Browser type and version
• Operating system information
• Website usage analytics
• Cookies and similar tracking technologies

2.3 Third-Party Information

We may receive information about you from third-party payment processors, fraud prevention services, and analytics providers as necessary to provide our services.

3. How We Use Your Information

We use your information for the following purposes:

• Provide and maintain our eSIM services
• Process orders and payments
• Activate and provision eSIM profiles
• Provide customer support and technical assistance
• Send service-related notifications and updates
• Prevent fraud and ensure platform security
• Improve our services and user experience
• Comply with legal obligations and resolve disputes
• Send marketing communications (with your consent)

4. Legal Basis for Processing

Under the UK GDPR, we process your personal data based on:

• Contract: To fulfill our service obligations to you
• Legitimate Interest: To improve our services and prevent fraud
• Consent: For marketing communications and non-essential cookies
• Legal Obligation: To comply with applicable laws and regulations

5. Information Sharing and Disclosure

We may share your information with:

• Mobile network operators to provision eSIM services
• Payment processors for transaction processing
• Cloud service providers for data storage and processing
• Analytics providers to improve our services
• Legal authorities when required by law

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

• SSL/TLS encryption for data transmission
• Secure data centers with access controls
• Regular security audits and vulnerability assessments
• Employee training on data protection
• Incident response procedures

7. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

• Account information: Until account deletion or 3 years of inactivity
• Transaction records: 7 years for tax and legal compliance
• Support communications: 2 years after case closure
• Marketing data: Until you opt out or object to processing

8. Your Rights

Under UK data protection law, you have the following rights:

• Access: Request copies of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your personal data
• Restriction: Limit how we process your data
• Portability: Receive your data in a portable format
• Object: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent for consent-based processing

To exercise these rights, contact us at hi@esimhero.io. We will respond within one month of receiving your request.

9. Cookies and Tracking

We use cookies and similar technologies to:

• Remember your preferences and settings
• Analyze website traffic and usage patterns
• Provide personalized content and advertisements
• Enhance security and prevent fraud

You can control cookies through your browser settings. However, disabling certain cookies may affect website functionality.

10. International Data Transfers

Your data may be transferred to and processed in countries outside the UK/EEA. We ensure appropriate safeguards are in place, including:

• Adequacy decisions by the UK authorities
• Standard Contractual Clauses (SCCs)
• Binding Corporate Rules (BCRs)
• Certification schemes and codes of conduct

11. Children's Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on our website and updating the "last updated" date. Your continued use of our services after such changes constitutes acceptance of the updated policy.

13. Contact Information

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been violated.