Privacy Policy

Effective Date: October 16, 2025

Last Updated: October 16, 2025

1. Introduction and Data Controller Information

Welcome to Simnity (hereinafter "Simnity," "we," "us," or "our").

Company Details:

• Business Name: Simnity

• Website: https://simnity.com

• Contact Email: [email protected]

We are committed to protecting your personal data and respecting your privacy rights. This Privacy Policy explains how we collect, use, share, and protect your personal information in compliance with:

• General Data Protection Regulation (GDPR) (EU Regulation 2016/679)

• UK Data Protection Act 2018 and UK GDPR

• California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)

• Electronic Communications Data Protection Directive (ePrivacy Directive) (2002/58/EC)

• Telecommunications regulations in all jurisdictions where we operate

• Other applicable data protection and privacy laws worldwide

By using our services, website, mobile application, or providing us with your personal information, you acknowledge that you have read, understood, and agree to this Privacy Policy.

2. Scope and Application

This Privacy Policy applies to:

• Our Website: simnity.com and all subdomains

• Mobile Applications: Simnity iOS and Android apps

• eSIM Services: Purchase, activation, and use of our eSIM products

• Customer Support: All communications via email, chat, phone, or social media

• Marketing Communications: Newsletters, promotional emails, and advertisements

• Third-Party Services: Services provided through our partners and vendors

This policy does NOT apply to:

• Third-party websites, applications, or services linked from our platform

• Services operated by our telecommunications partners (see Section 11)

3. Personal Information We Collect

We collect personal information that you provide directly, information collected automatically, and information from third-party sources.

3.1 Information You Provide Directly

Account Registration:

• Full name

• Email address

• Phone number

• Password (encrypted)

• Date of birth (for age verification)

• Preferred language and currency

Purchase and Transaction Information:

• Billing name and address

• Payment card details (processed securely by our PCI-DSS compliant payment processors)

• Purchase history

• Order details and eSIM activation information

Identity Verification (KYC):

• Government-issued ID documents (passport, driver's license, national ID)

• Proof of address documents

• Selfie/photograph for identity verification

• Tax identification numbers (where legally required)

Customer Support Communications:

• Support tickets and correspondence

• Call recordings (with your consent, where legally required)

• Chat transcripts

• Feedback and survey responses

Optional Profile Information:

• Profile picture

• Travel preferences

• Communication preferences

3.2 Information Collected Automatically

Device and Technical Information:

• IP address

• Device type, model, and operating system

• Browser type and version

• Unique device identifiers (IMEI, ICCID for eSIM)

• Mobile network information

• App version and settings

Usage Data:

• Pages visited and features used

• Click-stream data and navigation patterns

• Search queries within our platform

• Time spent on pages

• Referral source

• Date and time of access

eSIM Service Data:

• eSIM activation and deactivation logs

• Data usage statistics

• Network connection details

• Location data (general, based on network connection)

• Service performance metrics

Cookies and Tracking Technologies:

• Essential cookies for site functionality

• Analytics cookies (with consent)

• Marketing cookies (with consent)

• Session cookies

• See our Cookie Policy for detailed information

3.3 Information from Third-Party Sources

• Social Media Login: If you register using social media (Google, Facebook, Apple), we receive your name, email, and profile picture

• Payment Processors: Transaction confirmation and fraud prevention data

• Telecommunications Partners: Network availability and service quality data

• Marketing Partners: Advertising campaign effectiveness data (anonymized where possible)

• Public Databases: Identity verification and fraud prevention data

4. Legal Bases for Processing Personal Data (GDPR)

We process your personal data only when we have a lawful basis under GDPR:

You have the right to withdraw consent at any time where we rely on consent as the legal basis.

5. How We Use Your Personal Information

We use your personal data for the following purposes:

5.1 Service Provision

• Creating and managing your account

• Processing purchases and delivering eSIM products

• Activating and managing eSIM profiles

• Providing customer support

• Sending service notifications and updates

5.2 Payment Processing

• Processing payments securely

• Preventing fraud and unauthorized transactions

• Issuing refunds where applicable

• Maintaining transaction records

5.3 Service Improvement

• Analyzing usage patterns to improve user experience

• Developing new features and services

• Conducting research and analytics

• Testing and troubleshooting

5.4 Security and Fraud Prevention

• Detecting and preventing fraudulent activities

• Protecting against security threats

• Verifying user identities

• Monitoring for suspicious activity

5.5 Legal Compliance

• Complying with telecommunications regulations

• Responding to legal requests and court orders

• Enforcing our Terms of Service

• Maintaining records as required by law

5.6 Marketing and Communications (with your consent where required)

• Sending promotional emails and newsletters

• Personalized advertising

• Market research and surveys

• Product recommendations

5.7 AI and Automated Decision-Making

• Fraud Detection: Automated systems analyze transaction patterns to prevent fraud

• Customer Support: AI chatbots provide initial support responses

• Personalization: Automated recommendations for eSIM plans based on travel patterns

• Right to Object: You have the right to request human review of any automated decision

6. Data Sharing and Disclosure

We do NOT sell your personal information to third parties. We share your data only in the following circumstances:

6.1 Service Providers and Partners

We share data with trusted third-party service providers who assist us in operating our business:

Data Processing Agreements: All service providers are bound by Data Processing Agreements (DPAs) and contractually obligated to protect your data according to GDPR and other applicable laws.

6.2 Legal Requirements and Protection

We may disclose your information when required by law or to:

• Comply with legal obligations, court orders, or government requests

• Enforce our Terms of Service and other agreements

• Protect our rights, property, and safety

• Protect the rights, property, and safety of our users and the public

• Detect, prevent, or address fraud, security, or technical issues

6.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred to the acquiring entity. We will notify you via email and/or prominent notice on our website before your data is transferred and becomes subject to a different privacy policy.

6.4 With Your Consent

We may share your information with third parties when you have given explicit consent for specific purposes.

7. International Data Transfers

Simnity operates globally, and your personal information may be transferred to, stored, or processed in countries outside your country of residence, including countries that may not have data protection laws equivalent to those in your jurisdiction.

GDPR Compliance for EU/UK Users:

• We implement Standard Contractual Clauses (SCCs) approved by the European Commission

• We conduct Transfer Impact Assessments to ensure adequate protection

• We may rely on Adequacy Decisions where applicable

• UK International Data Transfer Agreement (IDTA) for UK-originating data

Countries Where Data May Be Processed:

• European Union/EEA

• United Kingdom

• United States (with appropriate safeguards)

• India (for customer support)

• Other countries where network partners operate

You have the right to request information about the safeguards we use for international data transfers.

8. Data Security Measures

We implement industry-standard technical and organizational security measures to protect your personal information:

Technical Measures:

• Encryption: TLS/SSL encryption for data in transit; AES-256 encryption for data at rest

• Secure Authentication: Password hashing using bcrypt; multi-factor authentication (MFA) options

• Firewalls and Intrusion Detection: Network security monitoring and threat detection

• Secure Payment Processing: PCI-DSS Level 1 compliant payment processors

• Regular Security Audits: Penetration testing and vulnerability assessments

• Access Controls: Role-based access control (RBAC) and principle of least privilege

Organizational Measures:

• Data Protection Policies: Comprehensive internal data protection policies

• Employee Training: Regular privacy and security training for all staff

• Confidentiality Agreements: All employees sign confidentiality agreements

• Incident Response Plan: Documented procedures for data breach response

• Background Checks: Screening for employees with data access

• Third-Party Audits: Regular audits of service providers

Data Breach Notification:
In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR Article 33.

9. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Deletion: After the retention period expires, we securely delete or anonymize your data.

10. Your Privacy Rights

You have the following rights regarding your personal data:

10.1 Rights Under GDPR (EU/UK/EEA Users)

✅ Right to Access (Art. 15): Request a copy of your personal data we hold
✅ Right to Rectification (Art. 16): Correct inaccurate or incomplete data
✅ Right to Erasure / Right to be Forgotten (Art. 17): Request deletion of your data
✅ Right to Restriction of Processing (Art. 18): Limit how we use your data
✅ Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format
✅ Right to Object (Art. 21): Object to processing based on legitimate interests or direct marketing
✅ Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
✅ Right to Lodge a Complaint: File a complaint with your national supervisory authority
✅ Rights Related to Automated Decision-Making (Art. 22): Request human review of automated decisions

10.2 Rights Under CCPA/CPRA (California Residents)

✅ Right to Know: Request disclosure of personal information collected, used, and shared (past 12 months)
✅ Right to Delete: Request deletion of your personal information
✅ Right to Opt-Out: Opt-out of the "sale" or "sharing" of personal information
✅ Right to Correct: Request correction of inaccurate personal information
✅ Right to Limit Use of Sensitive Personal Information: Limit use of sensitive data
✅ Right to Non-Discrimination: Not be discriminated against for exercising your rights

Do Not Sell or Share My Personal Information: [Link to opt-out page]

10.3 How to Exercise Your Rights

Email: [email protected]
Online: Log into your account settings at https://simnity.com

Response Time:

• GDPR requests: Within 1 month (may be extended by 2 months for complex requests)

• CCPA requests: Within 45 days (may be extended by 45 days)

Identity Verification: We may require identity verification to prevent unauthorized access to your data.

11. Third-Party Services and Links

Our platform may contain links to third-party websites, applications, or services not operated by us:

• Telecommunications Partners: eSIM connectivity is provided by third-party mobile network operators subject to their own privacy policies

• Social Media: Interactions with social media platforms are governed by their respective privacy policies

• Payment Processors: Payment processing is subject to third-party processors' privacy policies

• Analytics and Advertising: Third-party cookies and tracking (see Cookie Policy)

We are not responsible for the privacy practices of third parties. We encourage you to review their privacy policies.

12. Cookies and Tracking Technologies

We use cookies and similar tracking technologies. For detailed information, please see our Cookie Policy [Link].

Cookie Categories:

• Strictly Necessary: Essential for website functionality (no consent required)

• Functional: Enhance user experience (consent required)

• Analytics: Measure website performance (consent required)

• Marketing/Advertising: Personalized advertising (consent required)

Your Choices:

• Manage cookie preferences via our Cookie Consent Manager

• Opt-out of targeted advertising via Do Not Sell My Info link

• Browser settings to block cookies

13. Children's Privacy

Our services are NOT intended for individuals under the age of 18 (or the age of majority in your jurisdiction).

We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately at [email protected], and we will delete the information within 30 days.

Age Verification: We may use age verification mechanisms to prevent access by minors.

14. Marketing Communications and Opt-Out

Consent: We will only send you marketing communications if you have opted-in (where legally required) or based on legitimate interest (with easy opt-out).

How to Opt-Out:

• Click "Unsubscribe" in any marketing email

• Update preferences in your account settings

• Email: [email protected]

• Reply "STOP" to SMS marketing messages

Processing Time: We will process opt-out requests within 10 business days.

Transactional Emails: You cannot opt-out of service-related emails (e.g., order confirmations, security alerts) as they are essential to providing our services.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

Notification:

• Material Changes: We will notify you via email and/or prominent notice on our website 30 days before changes take effect

• Minor Changes: Indicated by updating the "Last Updated" date at the top of this policy

Continued Use: Your continued use of our services after changes take effect constitutes acceptance of the updated Privacy Policy.

Version History: [Link to previous versions]

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: [email protected]
Website: https://simnity.com/contact

17. Supervisory Authorities

You have the right to lodge a complaint with a data protection supervisory authority:

EU/EEA Users:

• Contact your national supervisory authority: https://edpb.europa.eu/about-edpb/board/members_en

UK Users:

• Information Commissioner's Office (ICO)

• Website: https://ico.org.uk

• Phone: +44 303 123 1113

California Users:

• California Attorney General's Office

• Website: https://oag.ca.gov/privacy

• Phone: 1-800-952-5225

18. Do Not Track (DNT) Signals

Some browsers have a "Do Not Track" feature. We currently do not respond to DNT signals as there is no industry standard. However, you can control cookies through our Cookie Consent Manager and browser settings.

19. California Privacy Rights - "Shine the Light" Law

Under California Civil Code Section 1798.83, California residents have the right to request information about the disclosure of personal information to third parties for direct marketing purposes.

To request this information: Email [email protected] with "California Shine the Light Request" in the subject line.

20. Dispute Resolution

Dispute Resolution:

• EU/UK Users: Disputes shall be resolved in accordance with GDPR and local data protection laws

• California Users: Subject to CCPA dispute resolution procedures

• Other Users: Subject to applicable local laws and our Terms of Service

21. Acknowledgment and Consent

By using our services, you acknowledge that:

• You have read and understood this Privacy Policy

• You consent to the collection, use, and sharing of your information as described

• You understand your rights and how to exercise them

• You agree to receive service-related communications

Explicit Consent for Sensitive Data: Where we process sensitive personal information (e.g., ID documents for KYC), we will obtain your explicit consent.