Privacy Policy

Last updated : 3/16/2026

1. Data Controller

Edvinas Jurevicius

Rhönstraße 95

63571 Gelnhausen

Deutschland

+49 175 4045558
support@sim.do

2. Purposes and Legal Bases of Data Processing

Contract Performance

Processing of orders, eSIM activation, payment processing, and customer accounts for contract fulfillment.

Legal basis : Art. 6 Abs. 1 lit. b DSGVO

Customer Communication

Support requests, transaction emails (order confirmations, eSIM data), and technical notifications.

Legal basis : Art. 6 Abs. 1 lit. b, f DSGVO

Legal Obligations

Retention of accounting records in accordance with German Commercial Code (HGB) and Tax Code (AO) (10 years).

Legal basis : Art. 6 Abs. 1 lit. c DSGVO

Marketing and Advertising

Newsletter, promotional emails, and personalized ads (Google Ads, Meta Ads) only with your consent.

Legal basis : Art. 6 Abs. 1 lit. a DSGVO, § 25 Abs. 1 TTDSG

Existing Customer Advertising (§ 7 (3) UWG)

If you provided your email address in connection with a purchase, we may use it for direct marketing of our own similar products or services (e.g. discount codes, top-up reminders, upsell offers). This is based on § 7 (3) of the German Unfair Competition Act (UWG) in conjunction with Art. 6 (1) (f) GDPR (legitimate interest). You may object to this use at any time at no cost beyond basic transmission charges – e.g. via email to support@sim.do or using the unsubscribe link in every email.

Legal basis : § 7 Abs. 3 UWG, Art. 6 Abs. 1 lit. f DSGVO

3. Recipients and Third-Party Services

To provide our services, we use the following service providers:

Stripe (Payment Processing)

Credit card payments, invoicing

Supabase (Database & Authentication)

Customer data storage, login management

Cloudflare Pages (Hosting & CDN)

Website delivery, DDoS protection, SSL/TLS

Resend (Email Delivery)

Transaction emails, order confirmations

eSIM Access (API & Webhooks)

eSIM provisioning, activation, status queries

4. Data Transfers to Third Countries

Some service providers (Stripe, Supabase, Cloudflare, Google, Meta) process data in the USA. Transfers are based on Standard Contractual Clauses (SCC) approved by the EU Commission.

Note : Standard Contractual Clauses ensure an adequate level of data protection according to Art. 46 GDPR.

5. Retention Period and Deletion

  • Contract data: until full contract completion + statutory retention periods
  • Accounting records: 10 years (§ 147 AO)
  • Marketing consents: until withdrawal or deletion request; existing customer advertising: until objection
  • Server log files: maximum 90 days

6. Data Subject Rights

You have the following rights regarding your personal data:

  • Right of Access (Art. 15 GDPR) : Right to confirmation whether and which data is being processed
  • Right to Rectification (Art. 16 GDPR) : Correction of inaccurate data
  • Right to Erasure (Art. 17 GDPR) : Deletion of your data, unless statutory retention obligations apply
  • Right to Restriction (Art. 18 GDPR) : Blocking of processing under certain conditions
  • Right to Data Portability (Art. 20 GDPR) : Receive your data in a structured, commonly used format
  • Right to Object (Art. 21 GDPR) : Object to processing based on legitimate interests
  • Right to Lodge a Complaint (Art. 77 GDPR) : Right to file a complaint with the competent data protection supervisory authority

7. Cookies and Tracking

Our website uses cookies. We distinguish between technically necessary cookies and those requiring your consent (§ 25 TTDSG).

Technically Necessary Cookies

Storage of language settings, session management, shopping cart functionality. These are required to provide the website.

Analytics (Google Analytics 4)

This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). We use "Consent Mode" so that no personal data is processed without your consent. Google Analytics uses cookies to analyze your use of the website. The information generated by the cookie about your use of this website is usually transmitted to and stored by Google on servers in the United States. We have activated IP anonymization so that your IP address is truncated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area beforehand. The legal basis is your consent according to Art. 6 (1) (a) GDPR.

Legal basis : § 25 Abs. 1 TTDSG, Art. 6 Abs. 1 lit. a DSGVO

Marketing Cookies (Google Ads, Meta Ads)

Only with consent: Personalized advertising, conversion tracking.

Legal basis : § 25 Abs. 1 TTDSG, Art. 6 Abs. 1 lit. a DSGVO

You can adjust or withdraw your cookie settings at any time in the footer under "Cookie Settings".

8. Payment Processing (Stripe)

All payment transactions are processed through Stripe Inc. Payment data (credit card number, name, billing address) is transmitted directly to and processed by Stripe. We do not store complete credit card data.

Legal basis : Art. 6 Abs. 1 lit. b DSGVO

Stripe Inc. , 510 Townsend Street, San Francisco, CA 94103, USA

9. Contact and Communication

When you contact us via email or phone, your information (name, email, phone number, message) will be stored to process your inquiry.

Legal basis : Art. 6 Abs. 1 lit. f DSGVO

10. Technical Security

We implement technical and organizational measures to protect your data:

  • SSL/TLS encryption for all data transmissions
  • Access controls and authentication
  • Regular security updates and monitoring

11. Changes to this Privacy Policy

We reserve the right to update this privacy policy as needed. The current version is always available on our website.

Privacy Questions?

Contact us with questions or to exercise your rights:

support@sim.do +49 175 4045558