Short Intro
This Privacy Policy explains how eSIMbag LLC collects, uses, stores, shares, and protects personal data when you use our website, account features, eSIM package discovery, order and payment flows, eSIM delivery and management features, customer support, and related services.
eSIMbag provides digital travel connectivity services. Because our services involve account access, digital eSIM delivery, payment processing, service communications, and technical support, we need to process certain personal data to operate the platform securely and reliably.
This Privacy Policy should be read together with our Terms of Service, Purchase Policy, Refund Policy, and Cookie Policy.
Who We Are
The service is operated by eSIMbag LLC, a company established in Wyoming, United States.
For privacy-related questions, data protection requests, or concerns about how your personal data is processed, you can contact us at support@esimbag.com.
For the purposes of this Privacy Policy, “eSIMbag”, “we”, “us”, and “our” refer to eSIMbag LLC. “You” refers to the person using the eSIMbag service.
- Legal entity: eSIMbag LLC
- Registered jurisdiction: Wyoming, United States
- Privacy contact: support@esimbag.com
Scope of This Policy
This Privacy Policy applies to personal data processed through the eSIMbag website, account system, order and payment flows, eSIM delivery and management features, service emails, customer support channels, and related operational systems.
This Privacy Policy does not apply to third-party websites, applications, services, or platforms that are not owned or controlled by eSIMbag. When you use a third-party service, that third party may process your personal data under its own privacy policy.
What Personal Data We Collect
The personal data we collect depends on how you use the service. We aim to collect only the data that is necessary for account management, order processing, payment handling, eSIM delivery, customer support, security, legal compliance, and service reliability.
Account Data
- Name and surname
- Email address
- Account password in protected form; we do not store plain-text passwords
- Account role, account status, verification status, and account timestamps
- Authentication provider information, such as local account or Google sign-in if you choose to use it
Order and Transaction Data
- Order identifiers and user identifiers
- Selected eSIM package, bundle name, SKU, destination, region, or country information
- Order amount, discount amount, tax amount where applicable, final amount, and currency
- Order status, payment status, delivery status, and related operational timestamps
- Customer email attached to the order
- Order metadata needed for fraud prevention, duplicate-order prevention, service reliability, and support
eSIM Service Data
To deliver and manage eSIM services, we may process technical eSIM data and service records. Some of this information is necessary to display installation details, support activation, confirm delivery, troubleshoot service issues, and provide usage visibility where available.
- eSIM identifiers and provisioning references, such as ICCID or provider references
- eSIM status, lifecycle events, activation-related timestamps, installation-related timestamps, and expiry information
- QR and activation information required to display or deliver eSIM installation details
- Usage records where available, such as total, used, and remaining data, usage sync timestamps, and package assignment status
- Provider response metadata needed to deliver, verify, maintain, or support the eSIM service
Device and Technical Data
- IP address
- User-Agent string
- Approximate device, browser, and operating system information
- Session, authentication, and account-security metadata
- Request metadata, server logs, error logs, and audit logs needed for security, reliability, abuse prevention, and troubleshooting
Support and Service Communications
When you contact us or when we need to send service-related messages, we may process communication content and metadata.
- Customer support messages and replies
- Email verification messages
- Password reset messages
- Order, payment, delivery, and eSIM activation-related service messages
- Important account, security, operational, or legal notices
Preferences Data
We may store limited preference data to provide a consistent user experience. These preferences do not include advertising profiles.
- Language and locale preferences
- Theme or appearance preferences
- Cookie or similar technology preferences where applicable
How We Collect Personal Data
We collect personal data in the following ways.
- Directly from you when you create an account, sign in, update your profile, start an order, complete a payment, request service emails, or contact support.
- Automatically when you use the service, such as through session cookies, security logs, request metadata, device/browser information, and preference storage.
- From service providers where necessary to operate the service, such as Stripe for payment processing, Google if you choose Google sign-in, eSIM Go for eSIM provisioning and lifecycle operations, and Turk Ticaret Net for hosting/infrastructure and email delivery services.
Why We Use Personal Data
We use personal data for the following purposes.
- To create, maintain, and secure user accounts
- To authenticate users and protect account access
- To show available eSIM packages and process orders
- To process card payments through Stripe and maintain payment records
- To apply valid discounts or coupon codes during the order/payment flow where available
- To deliver, display, activate, manage, and support eSIM services
- To provide customer support and troubleshoot order, payment, delivery, installation, activation, or usage issues
- To send required transactional, account, security, and service communications
- To prevent fraud, misuse, duplicate transactions, unauthorized access, and service abuse
- To maintain platform reliability, logs, auditability, and operational security
- To comply with applicable legal, tax, accounting, financial, regulatory, dispute-resolution, and law-enforcement obligations
Legal Bases for Processing
Where privacy laws require a legal basis for processing, we rely on the legal bases that are appropriate for the purpose and jurisdiction. These may include contract performance, legitimate interests, legal obligations, consent, or other lawful bases recognized by applicable law.
| Purpose | Data Categories | Legal Basis |
|---|---|---|
| Account creation, login, profile management, password reset, and session management | Account data, authentication data, technical/session data | Contract performance; legitimate interests in account security and service integrity |
| Order creation, discount application, payment processing, payment records, payment corrections, chargebacks, and disputes | Order and transaction data, payment-related data, technical data | Contract performance; legal obligations for financial and accounting records; legitimate interests in fraud prevention, payment security, and dispute handling |
| eSIM delivery, provisioning, activation support, usage visibility, and lifecycle management | eSIM service data, order references, account data, technical data | Contract performance; legitimate interests in service reliability and technical support |
| Transactional, account, security, and service communications | Account data, communication metadata, order/eSIM references | Contract performance; legitimate interests in service continuity, security, and customer support |
| Security logging, abuse prevention, audit records, operational monitoring, and troubleshooting | Technical data, logs, audit records, session data | Legitimate interests in protecting the platform, users, and services; legal obligation where required |
| Google sign-in, when you choose to use it | Google account identity data made available through the sign-in process | Your request to use Google sign-in; consent where required by applicable law; contract pre-steps |
| Compliance with legal, tax, accounting, regulatory, or law-enforcement requirements | Account data, order data, payment records, support records, logs | Legal obligation; legitimate interests in establishing, exercising, or defending legal rights |
International Data Transfers
eSIMbag is operated from the United States and provides services to users globally. Your personal data may be processed in countries other than the country where you live, including the United States and other countries where our service providers or partners operate.
Where required by applicable law, we use appropriate safeguards for international data transfers, such as data processing agreements, standard contractual clauses, adequacy decisions, contractual protections, or other lawful transfer mechanisms.
Because privacy laws vary by country, the rights and protections available to you may depend on your location and the applicable law.
Data Retention
We keep personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by applicable law.
Retention periods may vary depending on the type of data, the nature of the service, legal requirements, tax and accounting obligations, fraud-prevention needs, security requirements, dispute-resolution needs, chargeback periods, and the need to maintain accurate order and service records.
- Account data is generally kept while your account remains active. If you delete your account, we may deactivate or delete account access while retaining limited records where required for legal, tax, accounting, security, fraud-prevention, dispute-resolution, service-integrity, or recordkeeping purposes.
- Order, payment, invoice, tax, accounting, chargeback, dispute, and transaction records may generally be retained for up to 7 years after the relevant transaction or account closure, unless a longer period is required or permitted by law.
- eSIM delivery, activation, lifecycle, and usage records may be retained for as long as necessary to provide the service, support the purchased eSIM package, troubleshoot issues, maintain service integrity, and comply with legal, accounting, or dispute-resolution requirements.
- Authentication, security, audit, and operational logs are retained for a limited period appropriate to security, fraud prevention, troubleshooting, and platform reliability, unless longer retention is required for investigation, legal, compliance, or dispute-resolution reasons.
- Support communications are retained for as long as necessary to respond to your request, maintain support history, resolve disputes, improve service reliability, and meet legal or operational obligations.
- Preference data is generally retained until you change the relevant setting, clear your browser storage, delete your account, or the data is no longer needed.
Data Security
We use reasonable technical and organizational measures designed to protect personal data against unauthorized access, misuse, loss, alteration, or disclosure. These measures may include secure authentication practices, access controls, encryption in transit where appropriate, logging and monitoring, payment processor safeguards, operational security controls, and internal restrictions on access to personal data.
No website, internet transmission, payment flow, or digital service can be guaranteed to be completely secure. You are responsible for keeping your account credentials confidential and for using a secure device and network when accessing the service.
If we become aware of a data security incident that requires notification under applicable law, we will take steps required by that law, which may include notifying affected users, regulators, or other authorities.
Your Rights
Depending on your location and applicable law, you may have rights regarding your personal data. These rights may be subject to limitations, exceptions, identity verification, and legal requirements.
To exercise privacy rights, contact us at support@esimbag.com. We may need to verify your identity before responding to a request.
Some data may be retained even after a deletion request where retention is required or permitted for legal, tax, accounting, security, fraud-prevention, dispute-resolution, service-integrity, or recordkeeping purposes.
- Access the personal data we hold about you
- Correct inaccurate or incomplete personal data
- Request deletion of personal data
- Request restriction of processing
- Object to certain processing based on legitimate interests
- Request portability of personal data where applicable
- Withdraw consent where processing is based on consent
- Opt out of certain uses where applicable law provides such a right
- Lodge a complaint with a supervisory authority where applicable
Children’s Privacy
The service is intended for users who are at least 18 years old. eSIMbag is not directed to children and we do not knowingly collect personal data from children under 13.
If you believe that a child has provided personal data to eSIMbag without appropriate authorization, please contact us at support@esimbag.com so that we can review the matter and take appropriate action.
No Sale of Personal Data and No Targeted Advertising
We do not sell personal data. We do not currently share personal data for cross-context behavioral advertising or targeted advertising. We do not currently use advertising pixels, behavioral advertising networks, or analytics tracking tools.
If our practices change in the future, we will update this Privacy Policy and provide any notices, rights, or consent mechanisms required by applicable law.
Automated Decision-Making
We do not use personal data to make automated decisions that produce legal or similarly significant effects about users. Payment processors and fraud-prevention systems may use automated tools to help assess payment security, payment authorization, fraud risk, or transaction integrity.
Third-Party Links and Services
The service may contain links to third-party websites or may integrate third-party services. We are not responsible for the privacy practices, content, security, or policies of third parties that we do not own or control.
When you use third-party services such as Stripe, Google, eSIM Go, or other service providers involved in operating the service, those providers may process personal data according to their own privacy notices and contractual obligations.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our services, operations, service providers, legal requirements, security practices, or data processing activities.
When we update this Privacy Policy, we will update the Last Updated date. If a change is material, we may provide additional notice where required by applicable law.
Contact Us
If you have questions about this Privacy Policy, want to exercise your privacy rights, or want to contact us about how we process personal data, you can contact us at support@esimbag.com.
- eSIMbag LLC
- Wyoming, United States
- Email: support@esimbag.com