Privacy Policy

1. Introduction

eSivio ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website (esivio.com), our mobile app, and our eSIM services. By using our services, you agree to the practices described in this policy.

2. Information We Collect

We collect information that you provide directly and information that we obtain automatically:

• Account information: name, email address, date of birth, and password when you register.
• Payment information: payment is processed by Stripe. We do not store your full card number; Stripe handles card data in accordance with their privacy policy.
• Order and eSIM data: purchases, eSIM activation codes, usage data (e.g. data consumed and remaining), and plan validity.
• Device and app usage: when you use our mobile app we may receive device type, platform, and push notification tokens to deliver service updates and reminders.
• Communications: when you contact support we keep records of your inquiries and our responses.
• Cookies and similar technologies: we use cookies and similar technologies on our website for essential functionality and, where you consent, analytics and preferences (see our cookie banner).

3. How We Use Your Information

We use the information we collect to:

• Create and manage your account and authenticate you.
• Process payments and fulfill orders (eSIM delivery and activation).
• Sync and display your eSIM usage (e.g. data used and remaining) on our website and in the app.
• Send you transactional emails (e.g. order confirmation, password reset) and, if you have agreed, marketing or product updates.
• Send push notifications (e.g. expiry reminders) when you have enabled them in the app.
• Provide customer support and respond to your requests.
• Improve our services, security, and user experience.
• Comply with legal obligations and enforce our Terms and Conditions.

4. Data Storage and Retention

Your data is stored on secure servers (including via Supabase and our backend infrastructure). We retain your account and order data for as long as your account is active and as needed to provide services, resolve disputes, and comply with legal obligations. After you delete your account, we delete or anonymize your personal data in line with our retention policies, except where we must keep it for legal or regulatory reasons.

5. Sharing and Third Parties

We do not sell your personal data. We may share your information with:

• Payment processor (Stripe): to process payments; Stripe has its own privacy policy.
• eSIM provider: to provision and manage your eSIM and obtain usage data.
• Cloud and infrastructure providers: (e.g. hosting, databases) that process data on our behalf under strict agreements.
• Push notification services: (e.g. Expo) to deliver app notifications when you have opted in.
• Email and support tools: to send emails and manage support requests.

We may also disclose information if required by law, to protect our rights or safety, or in connection with a merger or sale of assets.

6. Your Rights and Choices

Depending on where you live, you may have the right to:

• Access: request a copy of the personal data we hold about you.
• Correction: update or correct your account information (e.g. name) in your profile or by contacting us.
• Deletion: delete your account and associated data. You can do this from the Profile section in our mobile app or by contacting us.
• Portability: receive your data in a structured, commonly used format where applicable.
• Object or restrict processing: in certain circumstances, object to or ask us to restrict how we use your data.
• Withdraw consent: where we rely on consent (e.g. marketing, cookies), you may withdraw it at any time.

To exercise these rights or for any privacy-related question, contact us at support@esivio.com. You may also have the right to lodge a complaint with a data protection authority in your country.

7. Security

We use industry-standard measures to protect your personal information, including encryption in transit and at rest, secure authentication, and access controls. No method of transmission or storage is 100% secure; we encourage you to use a strong password and keep your login details confidential.

8. Children

Our services are not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will delete it promptly.

9. International Transfers

Your data may be processed in countries other than your own. We ensure appropriate safeguards (e.g. standard contractual clauses or adequacy decisions) are in place where required by law when transferring data internationally.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the revised policy on this page and update the "Last updated" date. For material changes, we may notify you by email or through the app. Continued use of our services after changes constitutes acceptance of the updated policy.

11. Contact Us

For questions about this Privacy Policy or our data practices: