AccountRent eSIM

Privacy Policy

Effective 17 May 2026

This Privacy Policy explains what personal data Esimky processes when you browse the site and buy a travel eSIM, why we process it, and the rights you have over it. We act as the data controller for this processing.

Data we process

Account data: your email address and a salted hash of your password (we never store your password in plain text).

Order data: the plan you bought, the server-computed price and tax, your billing country, the country your request originated from, an order identifier, and the resulting eSIM profile metadata (such as the ICCID and activation status). We do not receive or store your full card number — that is handled by our payment processor.

Usage data: data-allowance snapshots for an eSIM you own, used solely to show you remaining data and a remaining-days estimate in your dashboard.

Technical data: minimal request metadata (such as a coarse IP-derived country and the IP address for security and anti-fraud rate-limiting). Product analytics are only collected if you accept analytics cookies — see the Cookie Policy.

Why we process it (legal bases)

To perform our contract with you: creating your account, taking payment, delivering and supporting your eSIM, and showing your usage.

For our legitimate interests: securing the service (rate-limiting, anti-fraud, 3-D Secure step-up) and keeping fraudulent and sanctioned transactions out.

To comply with legal obligations: trade-compliance/sanctions screening and tax record-keeping.

With your consent: optional product analytics, which are off until you opt in and can be withdrawn at any time.

Sharing

We share the minimum necessary data with: our payment processor (to take payment), our connectivity/eSIM partners (to provision the plan you bought), our transactional email provider (to deliver your QR code and receipts), and our infrastructure providers (hosting, database, and a rate-limit store). We do not sell your personal data.

Retention

We keep account and order records for as long as your account exists and for the period required for tax and trade-compliance purposes, after which they are deleted or anonymised. If you delete your account, your owned rows are removed as described below.

Your rights and self-service controls

Subject to law you have the right to access, rectify, erase, restrict, and port your personal data, and to object to certain processing. You can exercise the two most important rights yourself, immediately, from your account: download a complete machine-readable export of all data we hold about you, and permanently delete your account and all associated orders, eSIM profiles, and usage data. After deletion you can no longer sign in with that account.

For any other request, or to raise a concern, contact info@esimky.com. You also have the right to lodge a complaint with your local data-protection authority.

Security

We enforce data isolation at the database layer so one customer can never read another customer’s data, transport security (HTTPS/HSTS), a strict content-security policy, and per-IP rate-limiting on authentication and checkout. No system is perfectly secure, but we design for least privilege and defence in depth.