🌍 Buy now β€” your timer doesn't start until you install the eSIM Browse plans β†’

Privacy Policy

Effective date: . If you need an older version, contact contact@esimsupra.com.

We respect your privacy. This policy explains how eSIMSupra collects and uses your information.

1. Who controls your data

The data controller is the operator of eSIMSupra (trading as eSIMSupra, contactable at contact@esimsupra.com). Specific company details, registered address, and company number are available on request and will be published on this page once our legal entity is finalised.

Operator note: replace this paragraph with your registered company name, address, jurisdiction, and registration number before commercial launch in the EEA / UK / California.

1. Information We Collect

  • Identity and contact data: name, email address, and β€” if you choose to provide it in the contact form β€” phone or WhatsApp number.
  • Order data: selected plan, destination country, plan validity, price, currency, and payment confirmation metadata returned by Stripe or PayPal. We do NOT store your full card number; Stripe and PayPal hold that.
  • eSIM profile data: the eSIM activation code we deliver to your email, the plan's ICCID once it is provisioned, and the destination country tied to that code.
  • Support data: the contents of any email, chat, or form you send us and our replies.
  • Usage data: pages visited on esimsupra.com, approximate IP location, device type, and time-on-page, collected by the analytics tools listed in our Cookie Policy when you have consented to them.
  • Cookie preferences: a small record of the categories you accepted or rejected in the cookie banner.

3. Legal basis for processing (GDPR)

We rely on contractual necessity to deliver and support your eSIM order, on your consent for analytics and marketing cookies, on legitimate interest for fraud prevention and security of our site and services, and on legal obligation for tax and anti-money-laundering record-keeping.

2. How We Use Data

  • Fulfil the eSIM order you placed and deliver the activation code.
  • Provide customer support through the channels we offer.
  • Send transactional emails: purchase confirmation, activation instructions, service notices.
  • Improve site performance and troubleshoot bugs.
  • Measure marketing effectiveness, when you have consented to analytics cookies.
  • Meet legal, tax, and accounting requirements in our jurisdiction of operation.
  • Prevent and investigate fraud, abuse, or security incidents.

We do not sell personal information, and we do not use your data to train AI models.

3. Data Sharing

We use the following processors to operate the service. Each is bound by a data-processing agreement and uses data only on our instructions.

  • Stripe, Inc. β€” card and Apple Pay / Google Pay processing.
  • PayPal Holdings, Inc. β€” PayPal checkout.
  • Cloudflare, Inc. β€” content delivery, DDoS protection, and site hosting via Cloudflare Pages.
  • Ghost Foundation β€” the content management system that hosts our blog.
  • Google LLC β€” Google Analytics (G-G8T0X64HE6), loaded only after you accept analytics cookies.
  • Simple Analytics B.V. β€” privacy-oriented usage analytics, loaded only after you accept analytics cookies.
  • Trustpilot A/S β€” the review widget rendered on selected pages.
  • Telegram FZ-LLC β€” delivery of internal order notifications to our support team. Your name, order summary, and total price are transmitted to a private support channel; contact content and payment card data are not.
  • eSIM network partners β€” the wholesale carriers behind each plan. Their role is to activate the profile and route traffic; they do not receive your name or email.

A full list of third-party cookies and widgets is maintained in the Cookie Policy.

6. International transfers

Because we serve travellers in 180+ countries and rely on service providers that operate globally, your personal data may be transferred outside your country of residence β€” including to the United States, the EEA, and the United Kingdom. For EEA and UK data subjects we rely on the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum where applicable. Each processor listed in section 5 publishes its own transfer safeguards in its data-processing addendum, which we have executed with them.

4. Data Retention

  • Order and billing records: 6–10 years, as required by tax law in the jurisdiction of invoice issuance.
  • Support correspondence: 24 months from your last interaction unless you request earlier deletion.
  • Analytics data: up to 26 months.
  • Cookie consent record: 12 months, then we ask again.
  • Marketing lists: until you unsubscribe, plus 30 days for list hygiene.

8. Your rights

Depending on your location, you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion (the "right to be forgotten" under GDPR; "right to delete" under CCPA).
  • Export a portable copy of data you provided to us.
  • Restrict or object to processing.
  • Withdraw consent at any time via the cookie settings button or by emailing us.
  • Opt out of any sale or sharing of personal information (we do not sell).
  • Non-discrimination for exercising these rights.
  • Lodge a complaint with your local data-protection supervisory authority.

Email contact@esimsupra.com from the address associated with your order. We respond within 30 days.

9. Children's data

Our service is not directed at children under 16 (or under 13 where COPPA applies). We do not knowingly collect personal information from children. If you believe a child has provided us with data, contact us and we will delete it.

5. Security

We use industry-standard safeguards to protect your data, but no system is 100% secure.

11. Changes to this policy

We may update this policy from time to time. Material changes will be announced on the site and, where legally required, notified by email before they take effect. The effective date at the top of the page reflects the most recent change.

6. Contact

For any privacy question, data-subject request, or supervisory-authority correspondence:
contact@esimsupra.com
Or via the Contact Us.


Frequently asked questions

What data do you collect about me?

We collect the contact details you provide at checkout or through the contact form (name, email, and optional phone/WhatsApp), the order details needed to deliver your eSIM (plan, destination, currency, price), payment confirmation metadata from Stripe or PayPal (never the full card number), device and browsing data (IP address, browser, pages viewed) that is collected by the analytics tools you consent to, and support correspondence. We do not collect biometric data, precise geolocation, or financial account numbers.

On what legal basis do you process my data?

Order fulfilment and support are processed under contractual necessity (GDPR Article 6(1)(b)). Analytics and marketing cookies are processed under your explicit consent (GDPR Article 6(1)(a)), which you can withdraw at any time through the cookie settings button on the site. Fraud prevention and legal compliance are processed under legitimate interest and legal obligation (GDPR Articles 6(1)(f) and 6(1)(c)).

What are my rights under GDPR and CCPA?

You have the right to access the personal data we hold about you, to request correction of inaccurate data, to request deletion, to export a portable copy, to restrict or object to processing, and to lodge a complaint with your local data-protection supervisory authority. California residents additionally have the right to know what is collected, to opt out of any sale or sharing of personal information (we do not sell personal information), and to non-discrimination for exercising these rights. To exercise any right, email contact@esimsupra.com from the address tied to your order.

Is my data sent outside of my country?

Yes. Because eSIMSupra serves travellers in 180+ countries, your data may be transferred to service providers based outside your country, including in the United States, the European Economic Area, and the United Kingdom. Where transfers leave the EEA or the UK, we rely on the European Commission's Standard Contractual Clauses and equivalent safeguards published by the provider (Stripe, PayPal, Google, Trustpilot) in their own data-processing addenda.

How long do you keep my data?

Order and billing records are retained for the period required by tax and commerce law in the place of invoice issuance (typically 6–10 years). Support correspondence is retained for 24 months from the last interaction unless you request earlier deletion. Marketing and analytics data is retained for 26 months. Account data, where an account exists, is retained while the account is active and for 90 days after deletion for backup rotation.