Privacy Policy

1. Introduction

eSIM Transfer ("we", "us", or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and protect your information when you use our eSIM management services.

This policy complies with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

3. Personal Data We Collect

3.1 Information You Provide

• Account Information: Name, email address, password
• Payment Information: Processed securely through Stripe (we do not store card details)
• Communication Data: Support messages, feedback
• eSIM Data: eSIM profiles and usage information

3.2 Automatically Collected Information

• Technical Data: IP address, browser type, device information
• Usage Data: How you interact with our service
• Cookies: As described in our Cookie Policy

4. Legal Basis for Processing

We process your personal data based on:

• Contract Performance: To provide eSIM services you've purchased
• Legitimate Interest: To improve our services and prevent fraud
• Legal Obligation: To comply with tax and regulatory requirements
• Consent: For marketing communications (where required)

5. How We Use Your Data

• Provide and maintain our eSIM services
• Process payments and manage your account
• Provide customer support
• Improve our services and develop new features
• Comply with legal obligations
• Prevent fraud and ensure security
• Send service-related communications

6. Data Sharing and Third Parties

We may share your data with:

6.1 Service Providers

• Stripe: Payment processing (EU-based operations)
• MongoDB Atlas: Database hosting with EU data residency
• eSIM Providers: To fulfill eSIM orders
• Email Services: For transactional emails

6.2 Legal Requirements

We may disclose data when required by law, court order, or to protect our rights and the safety of our users.

7. International Data Transfers

Your data is primarily processed within the European Union. When we transfer data outside the EU, we ensure adequate protection through:

• Adequacy decisions by the European Commission
• Standard Contractual Clauses (SCCs)
• Certification schemes and codes of conduct

8. Data Retention

We retain your personal data for:

• Account Data: While your account is active and for 7 years after closure for legal compliance
• Transaction Records: 7 years for accounting and tax purposes
• Support Communications: 3 years after resolution
• Marketing Data: Until you withdraw consent

9. Your Rights Under GDPR

You have the following rights regarding your personal data:

To exercise any of these rights, contact us at canarytelecom@gmail.com. We will respond within one month.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption in transit and at rest
• Regular security assessments
• Access controls and authentication
• Employee training on data protection
• Incident response procedures

11. Cookies and Tracking

We use cookies and similar technologies to improve your experience. For detailed information, please see our Cookie Policy.

You can manage cookie preferences through your browser settings or our cookie banner.

12. Children's Privacy

Our service is not intended for children under 16. We do not knowingly collect personal data from children under 16. If you believe we have collected such data, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through our service. The updated version will take effect when posted.

14. Complaints and Supervisory Authority

If you have concerns about our data practices, you can file a complaint with the Spanish Data Protection Agency (AEPD) or your local supervisory authority.

15. Contact Us

For privacy-related questions or to exercise your rights, contact us at: