Privacy policy
Last updated 2026-05-29
We collect the minimum amount of data needed to deliver your eSIM and run the business. This page is plain-English, no dark patterns.
What we collect
You give us, on checkout:
- Email address. So we can send you the QR code and order updates.
- Name & billing country. Collected by Stripe for fraud screening; we receive a copy.
- Card details. Handled entirely by Stripe. We never see your card number, CVC, or expiry.
Automatically, when you browse:
- IP address. Used for rate limiting and to detect abuse. Hashed before storage; we don't keep the raw value.
- User-agent string. So we know which devices are buying which plans.
- Page views, clicks. Standard product analytics. We do not run advertising trackers on esimgenius.ai.
What we don't do
- We do not sell your data, ever.
- We do not share your data with advertising networks.
- We do not place third-party tracking cookies on your browser.
- We do not require account creation to buy. Guest checkout is fine.
Who we share data with
- Stripe — to process your payment.
- Resend — to deliver your confirmation + QR-code emails.
- Our eSIM supplier (Telco-Vision) — your order details so they can provision the eSIM profile.
- Vercel + Supabase — our hosting and database providers, who store the data we collect.
How long we keep data
Order records (including hashed payment metadata) are kept for as long as legally required for tax and fraud purposes — typically 7 years in our jurisdiction. Analytics events are aggregated after 90 days.
Your rights
You can request a copy of your data, ask us to correct it, or ask us to delete it by emailing privacy@esimgenius.ai. We respond within 30 days. Some records (e.g. paid invoices) we have to retain by law and can't delete on request.
Changes to this policy
If we materially change how we handle data, we'll email everyone with an active order in the past 12 months. The “last updated” date at the top of this page reflects the current version.
Contact
Privacy questions: privacy@esimgenius.ai