🐳 Save an additional 10% off - use promo code ILOVEWHALES 🎉

Privacy Policy

Last updated: March 6, 2025

So Close LLC (“Only eSIM,” “we,” “us,” or “our”) is committed to protecting your privacy and personal information. This Privacy Policy explains what information we collect when you use our website and eSIM services (“Services”), how we use and share that information, and your rights regarding your information. By using our Services, you agree to the practices described in this Policy. If you do not agree, please discontinue use of the Services.

If you have any questions or requests about your personal data, you can always contact us at [email protected].

Information We Collect

We only collect the personal data that is necessary to provide our Services and operate our business. This includes:

  • Account Information: When you create an account, we collect your name and email address. You can sign up either by providing an email and password or by using Google Single Sign-On (SSO). If you choose Google SSO, we receive personal info from your Google account (such as your name and email) to set up your Only eSIM account. We require this information to create and manage your user account.
  • Payment and Billing Information: If you purchase an eSIM data plan, we (through our payment processor) collect payment details. This may include your credit or debit card information and billing details needed to process the transaction. Only eSIM does not store your full payment card numbers on our servers. Payment information is handled securely by our third-party payment processor (Stripe) and stored on their systems. We retain records of your transactions (e.g. the date, amount, and plan purchased) for accounting and customer support.
  • Communications: If you contact us (for example, via email or support requests), we will collect the information you provide in those communications. This may include your contact details and the content of your messages. We use this data to respond to you and resolve any issues.
  • Automatically Collected Data (Usage and Device Information): Like many online services, we automatically collect certain information when you interact with our website or app. This data does not usually identify you by name, but may include device and usage details such as:
    • Device/Browser Information: Your device type, operating system, browser type, IP address, and device identifiers.
    • Usage Data: Details about how you use our website/app – for example, pages or screens you view, features you use, time spent, clicks, and the date/time of your visits. This information helps us troubleshoot issues, analyze usage trends, and improve our Services.
    • Location Information: We may infer your general location from your IP address (e.g. country or city) to customize the Service (such as showing pricing in the correct currency) and for fraud prevention. We do not collect precise GPS location from your device.
  • Cookies and Tracking Technologies: We use cookies and similar technologies to provide and personalize our Services, analyze usage, and deliver relevant advertising. Cookies are small text files placed on your browser or device when you visit our site. Some cookies are essential for the site to function (e.g. to keep you logged in), and others are used for analytics and advertising. In particular, we utilize a few third-party services that may set cookies in your browser or use other tracking tech when you use Only eSIM:
    • Stripe: We use Stripe to process payments. Stripe may set cookies or similar identifiers on our checkout page to enable secure payment processing and fraud detection. These are necessary for completing purchases.
    • Vercel Analytics: Our website is hosted on Vercel, which provides analytics on website performance and traffic. Vercel Analytics may collect anonymized information about page loads and user interactions to help us understand how the site is used.
    • PostHog: We use PostHog (an analytics platform) to track user interactions within our site/app. This helps us see aggregated usage patterns (like which features are most used) so we can improve the user experience. PostHog may set a cookie or use your browser’s local storage to remember a unique ID for your device.
    • Cloudflare: We use Cloudflare for website security and performance (for example, to protect against DDoS attacks and cache content globally). Cloudflare may place a cookie (_cfduid or similar) to identify trusted devices and ensure our site loads quickly and securely.
    • Meta Pixel (Facebook Pixel): We use the Meta Pixel to help measure the effectiveness of our advertising and to reach people who have visited our site with relevant ads on Facebook/Instagram. This tracking technology, provided by Meta (Facebook), collects information about your actions on our site (such as pages viewed) and links it to Facebook cookies/identifiers. We use this data only to create anonymized audiences and ad performance reports for our own marketing – we do not receive personal information from Facebook about you. (See Cookies & Choices below on how you can opt out of targeted ads.)

Note: Where required by law (for example, if you are in the EU), we will only use non-essential cookies (analytics or advertising cookies like PostHog and Meta Pixel) with your consent. You can manage your cookie preferences through our website’s cookie banner (if available) or your browser settings.

How We Use Your Information

We use the collected information for various legitimate business purposes, in alignment with providing you the Service, our contractual obligations to you, our legal duties, or with your consent. Specifically, Only eSIM uses personal information for the following purposes:

  • To Provide the Service and Manage Your Account: We process your personal data to create and maintain your Only eSIM account, allow you to log in, and enable you to purchase and use eSIM plans. For example, your name and email are used to register your account and authenticate you at login, including via Google SSO. We also use your information to fulfill and manage your orders – e.g. delivering your eSIM QR code or activation details, processing your payment via Stripe, and confirming your purchases.
  • To Communicate with You: We use your contact information to send administrative or transactional communications relevant to the Service. This includes emails to confirm your purchases, alert you about important updates or changes to our terms or policies, send password reset links, or notify you of service-related issues (such as network outages or changes in data plan coverage). These messages are necessary to keep you informed about the Services you have requested.
  • Customer Support: If you reach out with questions, feedback, or issues, we will use your information to respond to and resolve your inquiries. For example, we may use your email and support history to troubleshoot a problem or answer questions about how to use Only eSIM. This is part of our contractual service to you.
  • Improve and Personalize Our Services: We analyze usage data (which is largely aggregated or pseudonymous) to understand how our users interact with our website and app. This helps us debug technical problems, monitor performance, and make informed decisions about new features or improvements. For instance, we might look at PostHog analytics to see if a new tutorial page is helpful based on how many people proceed to purchase after viewing it. We may also use cookies to remember your preferences (like language or currency) to personalize your experience on future visits.
  • Marketing and Promotions (with your permission): We may use your email address to send you promotional communications about new eSIM plans, special offers, newsletters, or other news about Only eSIM. We will only send you marketing emails if you have signed up for them or otherwise consented, and you can opt out at any time (see Your Choices below). We might also use tools like the Meta Pixel to show you Only eSIM ads on other platforms if you have visited our site – this is to deliver relevant advertisements about our Services to interested users. All such marketing activities are done in accordance with applicable law and your opt-out preferences. For example, we may continue to send you marketing emails for up to 1 year after your last eSIM purchase unless you unsubscribe sooner, in line with industry practice.
  • Security and Fraud Prevention: We use data (especially usage and device information) to protect our Services and our users. This includes monitoring for fraudulent transactions or unauthorized access, debugging and fixing errors, and safeguarding the Service against illegal or malicious activities. For example, IP addresses may be used to detect suspicious login attempts, and Cloudflare security data helps us block malicious traffic. If necessary, we will use and share relevant personal information to investigate and take action against fraud, abuse, or violations of our Terms of Service.
  • Legal Compliance: We may process and retain your information as needed to comply with applicable laws, regulations, and legal obligations. For instance, we keep transaction records to meet financial reporting and tax requirements, and if we receive a lawful subpoena or request from law enforcement, we might need to provide information as required by law. Notably, certain countries require eSIM providers to register users or share user data with local telecom authorities. If you purchase an eSIM for use in a country that mandates identification (e.g., for security or regulatory reasons), we may be required to collect additional personal information (such as a copy of an ID) and disclose some of your data to the local carrier or government upon request. We will only do so when legally compelled or necessary to provide the Service in that jurisdiction.
  • Enforcing Terms and Policies / Preventing Harm: We may use your data as necessary to enforce our agreements and policies, or to prevent imminent harm. This includes using data to investigate potential violations of our Terms of Service, or to prevent fraud, spam, or abuse. If needed (for example, to resolve a dispute or collect owed fees), we might use your information in connection with legal action. We may also process or disclose information if we believe it’s necessary to protect the rights, property, or safety of our users, the public, or Only eSIM, consistent with applicable law.

We will not use your personal information for purposes that are incompatible with those above without obtaining your consent. Where we rely on your consent to process data (for example, for sending marketing emails or using certain cookies), you have the right to withdraw consent at any time, and we will stop that processing going forward (see Your Rights below). Please note that withdrawing consent will not affect the lawfulness of any processing already occurred.

Cookies & Tracking Choices

As noted, Only eSIM and our partners use cookies and similar technologies to collect information. We want to be transparent about how you can control these tools:

  • Browser Settings: Most web browsers automatically accept cookies, but you can usually modify your browser settings to decline or remove cookies if you prefer. You can also clear cookies at any time through your browser. Please be aware that if you disable cookies entirely, some parts of our site may not function properly – for example, you might not be able to complete a purchase or stay logged in. We only use cookies that are necessary or that you have allowed, and you’re free to block or delete them, bearing in mind this may impact Service usability.
  • Analytics Opt-Out: For analytics cookies like PostHog or Vercel Analytics, you can use browser tools or plugins to block these specific scripts if you wish. We do not currently use Google Analytics, but if we did, you could opt out using Google’s opt-out tools. PostHog provides hosting options that honor “Do Not Track” if your browser is set that way, and we respect global privacy signals to the extent required by law.
  • Advertising Opt-Out: If you do not want us to use Meta Pixel or similar technologies for targeted advertising, you have a few options. When you first visit our site, you can decline marketing cookies (where applicable). Even after accepting, you can clear your cookies to remove the identifier. Additionally, you can adjust your ad preferences directly on platforms like Facebook to prevent the use of data from external websites for targeting. Another resource is the industry opt-out site AboutAds.info (for U.S.-based advertising choices), which can help opt you out of interest-based ads from participating companies. Please note that even if you opt out of targeted ads, you may still see generic ads for Only eSIM, but they would not be tailored to you.
  • Do Not Track Signals: “Do Not Track” (DNT) is a setting in some web browsers that signals a preference not to be tracked across websites. Currently, there is no universal standard for how to interpret DNT signals. As a result, our site does not respond to DNT browser headers. However, as noted above, you can control tracking through other means (cookie settings, etc.), and we limit tracking to what is described in this Policy.

How We Share Your Information

Only eSIM understands the importance of keeping your personal data private. We do not sell your personal information to third parties, and we do not share it with others for their own independent marketing or advertising purposes. We only disclose your data in the following circumstances:

  • Service Providers (Processors): We share personal data with trusted third-party service providers who help us run our operations and provide the Services to you. These companies operate under contracts that limit their use of your data to the specified services we’ve hired them for, and they are not permitted to use your data for any other purposes. Key service providers include:
    • Payment Processing: As noted, we use Stripe to handle payments. When you make a purchase, your payment details are transmitted to Stripe. Stripe processes your payment and is obligated to keep your information secure and confidential.
    • Analytics: We use third-party analytics tools (PostHog, Vercel Analytics) to gather usage information. These tools act on our behalf to analyze data about your interactions with our site/app, which helps us improve the Service. The analytics data generally does not identify you personally and is subject to strict controls.
    • Infrastructure and Security: We rely on cloud hosting and security providers (for example, Vercel for hosting and Cloudflare for security) to deliver our website reliably. These providers may process IP addresses and device data as part of providing their services to us (for instance, Cloudflare processing data to filter malicious traffic). They are bound to protect your data and only use it for our stated purposes.
    • Communication Tools: If we use third-party platforms to send emails or provide customer support (such as an email service or helpdesk software), we will share the minimum necessary contact data with those platforms to contact you. For example, if in the future we use an email automation service to send newsletters, your email address and name might be stored with that provider. Any such provider will be required to safeguard your data and only act on our instructions.
  • Affiliates: Currently, Only eSIM is an independent service and does not have corporate affiliates or subsidiaries with whom we share personal data. If in the future we become part of a corporate group, we may share information with our affiliate or parent companies as necessary to provide the Service, but we will ensure any such affiliates honor this Privacy Policy (or provide you with an updated policy).
  • Business Transfers: If Only eSIM undergoes a business transaction such as a merger, acquisition by another company, or sale of all or part of its assets, your personal information may be transferred to the new owner as part of that deal. We would only do this as part of a legitimate business transfer, and the new entity would still be required to protect your personal data in line with this Policy. We will notify you (for example, via email or a notice on our site) of any such change in ownership or control of your personal information, if it occurs.
  • Legal Compliance and Protection: We may disclose your information if we are legally required to do so or if such disclosure is reasonably necessary to comply with a legal obligation, such as a law, regulation, search warrant, subpoena, or court order. We may also share information if we believe in good faith that it’s necessary to: enforce or apply our terms and other agreements; investigate or protect against harm to our rights, property, or safety or that of our users or the public; or detect, prevent, or address fraud and security issues. This could include sharing information with law enforcement or government agencies in response to lawful requests. For example, as mentioned earlier, if a local regulator in a country where you are using an eSIM requires us to provide certain subscriber information, we may need to comply to continue providing service in that region.
  • With Your Consent: In cases where you explicitly consent or request that we share your information with a third party, we will do so. For instance, if you were to participate in a co-branded promotion and consent to sharing your information with our partner, or if you ask us to integrate with a third-party service that requires sharing your data, we would share based on your direction. We will make sure you understand what information will be shared and with whom, before obtaining your consent.

Aside from the situations above, we do not share, sell, rent, or exchange your personal information with third parties. In particular, we do not provide your personal data to third-party advertising networks or social media companies for their own marketing purposes. Any third-party cookies or tools on our site (like Meta/Facebook Pixel) are there for our use as described, and those third parties do not get to use your data for anything beyond providing their service to us (for example, Facebook only uses Pixel data to create reports for Only eSIM and allow us to target ads to you; they cannot use Only eSIM site data to build their own profiles for other advertisers).

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, as outlined in this Policy, unless a longer retention period is required or permitted by law. This means:

  • Active Account Data: If you have an active Only eSIM account, we will keep your personal information on file for as long as you maintain your account so that we can provide the Service to you. This includes your profile information and purchase history. We will also retain your information while we have an ongoing legitimate business need to do so – for example, to provide you with a requested service or to comply with legal obligations.
  • Inactive Accounts: If you decide to close your account or if your account is inactive for an extended period, we will delete or anonymize the personal information associated with your account, unless we need to keep it for legal reasons. For example, if you delete your Only eSIM account, we will remove your profile and credentials from our live databases. However, we may retain certain minimal information in backup archives or files for a period of time, or longer if required, to comply with laws, prevent fraud, or resolve disputes. We will isolate and protect any such retained data and only use it for those necessary purposes until it’s deleted.
  • Transaction Records: We retain financial transaction records (like invoices, payments, and billing information) for a period required by accounting and tax regulations. Typically, we keep invoice and payment records for 7 years to satisfy U.S. and other jurisdictional legal requirements. This helps us comply with tax audits or financial reporting obligations. During this period, your payment data is securely stored by our payment processor, but we maintain records of the transactions.
  • Usage Data: Analytics data and logs are retained for a reasonable period to allow us to review and improve our services. Generally, we keep web server logs and analytics data for about 12 months. This timeframe allows us to observe year-over-year usage patterns and troubleshoot issues. After that, we either delete the data or aggregate/anonymize it for long-term analysis. Any aggregated data will no longer be linked to any individual user.
  • Communications: If you contacted support or we have other communications with you, we may retain those correspondence records for a period (for example, up to 3 years for support tickets). This helps us have context for any follow-up inquiries and improve our support processes. If such records contain personal data, we treat them with the same security as other personal info and delete them when no longer needed.
  • Marketing Data: If you have opted in to marketing emails, we will retain your email on our mailing list until you unsubscribe or for as long as we run our marketing campaign. If you have not engaged with our emails for a long time or your eSIM plans have been inactive, we may remove you from the list as part of regular cleaning. As mentioned, we generally won’t send marketing to users more than 1 year after their last activity unless they continue to show interest. If you unsubscribe from marketing, we will promptly remove your email from our marketing list (though we may keep a record of your request to ensure we honor it going forward).

When we no longer have a legitimate need or legal reason to retain your personal information, we will securely dispose of it. This may involve deleting it from our systems or anonymizing it so that it can no longer be associated with you. If immediate deletion is not possible (for example, because the data is stored in a secure backup archive), we will isolate the data from any further use until deletion is feasible.

Your Rights and Choices

You have rights regarding your personal information, and Only eSIM is committed to honoring those rights. We believe in being practical and responsive – if you have a privacy request, you can simply email us at [email protected] and we will do our best to help. Below, we outline various privacy rights you have under different laws and how you can exercise them.

General Rights (Access, Correction, Deletion, Restriction)

  • Access and Portability: You have the right to request access to the personal data we hold about you. This means you can ask us to confirm if we’re processing your information and to provide you with a copy of that information, often called a “data subject access request.” We will provide you with the data in a common format. If you need it in a structured, machine-readable format (and technically feasible), for instance to port to another service, let us know and we will accommodate if possible (this is known as the right to data portability).
  • Correction (Rectification): If any of your personal information is inaccurate or incomplete, you have the right to request that we correct or update it. For example, if you change your email address, or realize that we have your name spelled wrong, you can ask us to fix it. The easiest way to do this is to log into your account settings and update your profile. If you need assistance (or see data that you can’t change yourself), just email support and we will rectify the error.
  • Deletion (Erasure): You have the right to request deletion of your personal data. This is sometimes called the “right to be forgotten.” If you want to close your Only eSIM account and have us delete the personal information we have about you, you can contact us to do so. We will delete your data from our active systems and cease further processing of it, subject to certain exceptions allowed by law. For example, we might retain information needed for legal compliance or to exercise or defend legal claims (see Data Retention above). If we cannot delete everything due to a legal requirement, we will inform you and securely isolate the data we must keep.
  • Restriction: You have the right to ask us to restrict processing of your data in certain circumstances. For instance, if you contest the accuracy of data, or you object to our processing (see below) and we are evaluating your request, you can request that we limit our use of the data until the issue is resolved. When processing is restricted, we will still store your data but not use it for the moment. We’ll let you know if the restriction is lifted.
  • Objection to Processing: In some cases, you have the right to object to our processing of your personal information. You can object at any time to our use of your data for direct marketing – if you do, we will stop using your data for marketing purposes. If we are processing your data based on a legitimate interest, you can object if you believe your rights and interests outweigh ours. We will consider your objection and respond in accordance with applicable law. For example, you might object to us using certain analytics data; if your rights outweigh our business interests in that case, we will stop or anonymize that processing.
  • Withdraw Consent: Where we rely on your consent to process data, you have the right to withdraw that consent at any time. This typically applies to optional things like marketing emails or non-essential cookies. For example, you can unsubscribe from our marketing emails (withdraw consent to marketing) by clicking the “unsubscribe” link in any promotional email or by contacting us. If you withdraw consent for a specific cookie or tracker, you can do so via our cookie settings or your browser as described above. Note that withdrawing consent does not affect the legality of any processing we did before your withdrawal, and it doesn’t affect processing that doesn’t rely on consent (for example, we might still process data needed to fulfill a contract or comply with law).
  • Non-Discrimination: We will never discriminate or retaliate against you for exercising any of these rights. For example, if you ask to see your data or have it deleted, we will not deny you services, charge you different prices, or provide a lesser quality of service because of your request. The Service you receive from Only eSIM will remain the same before and after exercising your rights, except to the extent that deleting or restricting your data makes it impossible for us to provide something (e.g. if you delete your account data, you will no longer be able to log in – which is an expected consequence, not a punishment).
  • How to Exercise Your Rights: The simplest way is to email us at [email protected] with your request. Please indicate what right you want to exercise and provide us enough information to verify your identity (we need to make sure we’re providing data to the right person or deleting the correct account). For example, emailing from the address associated with your Only eSIM account and specifying your request (like “I’d like a copy of my data” or “Please delete my account”) is usually sufficient. We may ask for additional verification information if necessary, especially for sensitive requests like data access or deletion, to ensure security. We will respond to your request as soon as we can, and in any case within the timeframe required by law (typically within 30 days for most jurisdictions). If we need more time, we’ll let you know why and keep you updated.

Now, depending on where you live, you may have some additional rights or information available to you under specific privacy laws like the GDPR (for users in the European Economic Area) or the California Consumer Privacy Act. We address those below.

Rights of EU/EEA (and UK) Users – GDPR Compliance

If you are located in the European Economic Area (EEA) or a jurisdiction with similar laws (such as the United Kingdom or Switzerland), the General Data Protection Regulation (GDPR) and related laws provide you the following rights (in addition to those listed above):

  • Right to Access: Confirm whether we are processing your personal data and obtain access to the data (this is the access right discussed above, now codified in GDPR Article 15).
  • Right to Rectification: Have inaccuracies in your personal data corrected (GDPR Article 16).
  • Right to Erasure: Have your personal data deleted, under certain conditions (GDPR Article 17). For example, you can request erasure when the data is no longer necessary for the purposes it was collected, or if you withdraw consent and we have no other legal basis, or if you object to processing and we have no overriding interest, etc.
  • Right to Restrict Processing: Temporarily limit our processing of your data under specific scenarios (GDPR Article 18), such as while a data accuracy or objection issue is being resolved.
  • Right to Data Portability: Receive your personal data in a structured, commonly used, and machine-readable format, and have the right to transmit that data to another controller (GDPR Article 20), where technically feasible. This right applies to data you provided to us which we process by automated means and based on your consent or a contract (e.g., your account info).
  • Right to Object: Object to certain processing of your personal data (GDPR Article 21). You have an absolute right to object to processing for direct marketing at any time. You may also object to any processing based on legitimate interests; we will then assess whether we have compelling grounds to continue (if not, we will stop processing). As a reminder, Only eSIM does not process data for purposes of third-party marketing, and any legitimate-interest processing we do (like basic analytics) is performed in a privacy-preserving manner.
  • Right not to be subject to Automated Decisions: Only eSIM does not make any legal or similarly significant decisions about you using purely automated means (no profiling that produces legal effects, etc.). If we ever do, you would have rights related to such automated decision-making (GDPR Article 22).

If you are in the EEA/UK, you also have the right to lodge a complaint with your country’s Data Protection Authority (DPA) if you believe we have infringed your privacy rights. We kindly request that you contact us first so we can address your concerns, but you are entitled to contact a supervisory authority directly. You can find contact details for DPAs in Europe here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. For the UK, you can reach the Information Commissioner’s Office (ICO), and for Switzerland, see https://www.edoeb.admin.ch/edoeb/en/home.html.

Legal Bases for Processing: In GDPR terms, Only eSIM acts as the “data controller” of your personal information. We process personal data under the following legal bases:

  • Performance of a Contract: Most of our data processing is to provide you with the Services you requested – this is considered contractual necessity under Article 6(1)(b) GDPR. For example, when we use your email and password to log you in, or your payment info to complete a purchase, it’s to fulfill our contract with you.
  • Legitimate Interests: We process some data for our legitimate business interests (Article 6(1)(f)), such as improving and securing our services, understanding how users use our site, preventing fraud, and marketing our own services to you. We always balance our interests against your rights and expectations. For instance, using basic analytics to improve the website is something we believe has minimal privacy impact (especially without personal identifiers) and is in our legitimate interest.
  • Consent: For certain activities, we rely on your consent (Article 6(1)(a)). This includes sending you promotional emails (if you subscribed) and using non-essential cookies like the Meta Pixel for advertising. Where we rely on consent, you can withdraw it at any time as noted above.
  • Legal Obligation: Sometimes we need to process data to comply with a legal obligation (Article 6(1)(c)). For example, retaining financial records for tax, or providing information to law enforcement when required by law.
  • Vital Interests/Public Task: These bases are unlikely to apply in our context, except in very unusual situations (e.g., if processing is necessary to protect someone’s life or for public interest tasks, which we do not anticipate doing in the normal course of business).

If you have any questions about your rights or how we handle your data under GDPR, please contact us at [email protected]. We are a small team but we take compliance seriously and will work with you to address any concerns.

California Privacy Rights (CCPA/CPRA)

If you are a resident of California, you are protected by the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). Under California law, California residents have specific rights regarding their personal information. In this section, “personal information” has the meaning given in the CCPA/CPRA (which is very broad and includes any information that identifies or is reasonably capable of identifying you).

Categories of Personal Information Collected: In the past 12 months, Only eSIM has collected (from users or their devices) the following categories of personal information, as defined by CCPA:

  • Identifiers – e.g. real name, email address, account login credentials (such as your email/password), and possibly your IP address.
  • Customer Records Information – e.g. payment information (credit card details) and billing address if you provide one (we typically only collect minimal billing info necessary for payment through Stripe).
  • Commercial Information – e.g. records of products or services purchased, such as the eSIM plans you bought, dates and amounts of transactions.
  • Internet or Other Electronic Network Activity – e.g. browsing history, usage data, and interactions on our website/application (as described under “Automatically Collected Data”). This can include cookies and device identifiers that trace your interaction with our Service.
  • Geolocation Data – e.g. your general location based on IP address (we do not collect precise GPS data, but IP can indicate city/region).
  • Professional or Employment Information – Not collected. Only eSIM does not collect any employment or education information.
  • Sensitive Personal Information – Under CPRA, sensitive info includes things like account login with password, financial card information, precise geolocation, etc. We want to note that while we collect account login details (which could be considered sensitive) and payment card info, we only use these to provide our services (authentication and completing transactions). We do not use sensitive information for purposes that require offering a right to limit use (like using it to infer characteristics about you). We do not collect sensitive identifiers like Social Security numbers or government IDs, nor biometric information, nor precise geolocation, nor racial/ethnic/orientation information, etc.

For each of the above categories of personal information, we collect them from you (the user) or your device directly. The business or commercial purposes for collecting these categories are described in the “How We Use Your Information” section of this Policy (which corresponds to the purposes allowed under CCPA, such as performing services on behalf of the business, maintaining/improving the service, etc.). We may disclose some of these categories to service providers (which are considered “business purposes” disclosures under CCPA) – for example, we share Identifiers and Commercial Info with our payment processor to complete transactions, and Internet Activity with analytics providers to understand usage. We do not disclose personal information to third parties for any purposes that fall outside of those service provisions or legal requirements.

Selling or Sharing of Personal Information: Only eSIM does not sell personal information to third parties. We also do not “share” personal information for cross-context behavioral advertising as defined in the CPRA. In other words, we do not exchange your personal data with third parties for money or for targeted advertising purposes unrelated to Only eSIM. Any information collected by third-party cookies on our site (like Meta Pixel) is used solely to help us with our own advertising and analytics, and is not used by those third parties to build profiles about you for their own use. Because we do not sell or share personal information in this way, we do not provide a “Do Not Sell or Share My Personal Information” opt-out link on our website (since there is nothing to opt out of in this context). You are already opted-out by default due to our business practices. If this ever changes, we will update this Policy and provide the appropriate opt-out mechanisms.

Your California Rights:

  • Right to Know: You have the right to request that we disclose to you the personal information we have collected about you in the 12 months prior to your request, and details about our handling of that information. This includes the specific pieces of information we have about you, as well as the categories of personal information, the categories of sources of that information, the business or commercial purposes for collecting it, and the categories of third parties with whom we disclosed it. Much of this information is provided in this Privacy Policy. To request the information, you can contact us (see Exercising Your California Rights below). We will provide the required information for the period required by law (currently 12 months back, although you can request beyond 12 months as well and we will provide it to the extent required by the CPRA regulations).
  • Right to Deletion: You have the right to request that we delete personal information we collected from you and retained, *subject to certain exceptions*. Upon receiving a verifiable deletion request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. Note that California law allows us to retain information needed, for example, to complete transactions you’ve requested, detect security incidents, comply with legal obligations, or other such purposes. In practice, if you request deletion, it is functionally similar to the “Deletion” right described in the general section above – we will delete your account and data, except that which we must keep for legal or operational reasons.
  • Right to Correct: You have the right to request correction of inaccurate personal information that we maintain about you. If you believe any of your data in our records is incorrect, please let us know and provide the correct information, and we will update it (taking into account the nature of the information and the purposes of processing).
  • Right to Opt-Out of Sale/Sharing: As noted, Only eSIM does not sell or share your personal info in the sense of CCPA/CPRA. If we did, you would have the right to direct us to stop. We reiterate that we have opted all users out of sales/sharing by policy, since we do not engage in those practices. If you still have any concerns or want to double-confirm, you can contact us to inquire or to formally request an opt-out (we will record your preference in case our practices change, but again, by default we do not sell/share data).
  • Right to Limit Use of Sensitive Personal Information: CPRA gives California consumers the right to limit a business’s use or disclosure of “sensitive personal information” if it’s used for purposes beyond what is reasonably expected for providing the requested services. In our case, any sensitive info (like payment info or account login) is only used to provide you the service you asked for, not for inferring characteristics about you or for secondary purposes. Therefore, the right to limit is not directly applicable because we do not use your sensitive data for unrelated purposes. If that ever changes, we will honor your right to limit such use.
  • Right to Non-Discrimination: As mentioned, we will not discriminate against you for exercising any of your CCPA rights. This means we won’t deny you goods or services, charge you different prices, or provide a different level of quality just because you exercised your privacy rights. The CCPA specifically prohibits this, and we wholeheartedly agree with that principle.

Exercising Your California Rights: If you are a California resident and would like to exercise any of the rights above (access/know, delete, correct, etc.), please submit a request to us by emailing [email protected] with the subject line “California Rights Request” (or something similar that lets us know this is a CCPA request). In your request, please indicate which right you seek to exercise and provide your name, contact information, and any details that will help us locate your records (such as the email associated with your Only eSIM account). We will need to verify your identity before processing substantive requests, to ensure we are giving data to (or deleting data of) the proper person. We may do this by asking you to confirm certain information we already have on file, or by other verification methods. For example, we might ask you to reply from the email address on your account and confirm a recent purchase amount or other detail. Any information gathered for verification will only be used for that purpose.

If you would like, you may designate an authorized agent to make requests on your behalf. If you do so, we will need proof that the person or entity acting as agent is authorized by you. This could be a power of attorney document or other signed authorization. We will also still verify either the agent’s identity, or ask them to verify *your* identity directly with us, depending on the nature of the request.

We aim to respond to all verified consumer requests within 45 days, as required by CCPA. If we need more time (up to an additional 45 days), we will inform you of the reason and extension in writing.

“Shine the Light” Law: California Civil Code § 1798.83 (the "Shine the Light" law) entitles California residents to request information about whether a business has disclosed certain categories of personal information to any third parties for the third parties’ direct marketing purposes in the previous calendar year. Only eSIM does not share personal information with third parties for their own direct marketing purposes (we don’t provide your data to other companies for them to market their products to you). Therefore, the “Shine the Light” requirement of providing a list of such disclosures is not applicable. If you have questions about this, you can still reach out to us at our contact information below.

International Data Transfers

Only eSIM is based in the United States, and our website and systems may be hosted in the U.S. or other countries. If you are accessing our Services from outside the U.S., your personal information will likely be transferred to and processed in the United States or other jurisdictions where our service providers are located. This means your data may be stored on servers in a country different from your home country.

Be aware that the data protection laws of those countries might differ from those in your jurisdiction (and may not be deemed “adequate” by EU standards, for example). However, we take steps to ensure that your personal information is given an equivalent level of protection as it would be under the laws of your country. For instance, when we transfer personal data from the EEA or UK to the U.S., we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission, which contractually obligate the recipient to protect your data. Our service providers that process EU data have also committed to compliance via instruments like SCCs or have other approved transfer mechanisms in place.

By using Only eSIM’s Services, you understand and consent that your information may be transferred to our facilities and those third parties with whom we share it as described in this Policy, including to the United States and other jurisdictions, for the purposes outlined. We will always handle your personal information in accordance with this Policy wherever it is processed. If required by applicable law, we will seek your explicit consent for certain transfers, or ensure that the transfer is necessary for the performance of a contract with you (or in your interest).

If you have questions about international data transfers or require more information about the safeguards we have in place, please contact us.

Data Security

Only eSIM takes the security of your personal information very seriously. We implement technical and organizational measures designed to protect your data from unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit (e.g., TLS encryption for our website), encryption of sensitive data at rest where applicable, firewall and network security controls, and limiting access to personal data to authorized personnel on a need-to-know basis. We also use reputable third-party infrastructure providers that maintain high standards of physical and electronic security.

That said, please remember that no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security. Cyber threats evolve rapidly, and despite our efforts, there is always a possibility of a security breach. We continuously update and test our security measures to mitigate such risks. In the unlikely event of a data breach that affects your personal information, we will notify you and the appropriate authorities as required by law.

You also play an important role in keeping your data secure. We encourage you to use a strong, unique password for your Only eSIM account (if you’re not using Google SSO) and to keep your login credentials confidential. If you suspect any unauthorized access to your account or any security vulnerabilities, please contact us immediately.

Children’s Privacy

Our Services are not intended for children or minors. Only eSIM does not knowingly collect or solicit personal data from anyone under the age of 18. By using our Services, you represent that you are at least 18 years old (or the age of majority in your jurisdiction). If you are under 18, please do not attempt to register for an account or send us any personal information.

In the event we learn that we have collected personal information from a user under 18, we will promptly delete that information. Parents or guardians who believe that Only eSIM might have any information from or about a child under 18 should contact us immediately, and we will take appropriate actions to investigate and address the issue.

(For residents of certain jurisdictions with higher age thresholds: We also do not knowingly offer our Services to children whose age would require parental consent or supervision under local law. For example, under the EU GDPR we would not knowingly process the data of a child under 16 without parental consent, and under U.S. COPPA we do not collect data from children under 13. In all cases, our service is generally aimed at adults such as travelers and is not directed at minors.)

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. If we make material changes, we will notify you by posting the updated Policy on our website and updating the “Last updated” date at the top. In some cases, we may also notify you via email or through an in-app notice of the changes. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

Your continued use of our Services after any update to this Policy will signify your acceptance of the changes, to the extent permitted by law. If you do not agree to the revised terms, you should discontinue use of the Services and may request deletion of your data as described above.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

Only eSIM Support
Email: [email protected]

We are here to help and will respond to your inquiry as soon as reasonably possible. Whether you need help exercising your rights or just want more information about our privacy practices, please don’t hesitate to reach out.

Thank you for trusting Only eSIM with your connectivity needs. We value your privacy and strive to protect your personal information in line with industry best practices and legal requirements.