SimioSimio

Privacy Policy

Last updated: April 6, 2026

1. Introduction

Simio ("we", "our", "the application") is a mobile and web application for purchasing, activating, and managing eSIM data plans. This privacy policy describes how we collect, use, store, and protect your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable laws.

2. Data Collected

Account Data

  • First and last name
  • Email address (verified)
  • Phone number (optional)
  • Profile picture (optional)
  • Password (hashed, never stored in plain text)

Authentication Data

  • Session tokens
  • Social authentication data (Google, Apple)
  • Device identifiers (for push notifications)

eSIM and Usage Data

  • eSIM identifiers (ICCID)
  • Activation codes
  • Usage data (volume consumed)
  • eSIM status and lifecycle

Payment Data

  • Stripe customer ID
  • Order history (amounts, currencies)
  • Banking data is processed exclusively by Stripe and is never stored on our servers

Technical Data

  • Push notification tokens (Expo)
  • IP address (in sessions)
  • Device type and operating system
  • Preferences (language, theme, favorite countries)

3. Data Usage

We use your data to:

  • Create and manage your user account
  • Process your eSIM plan purchases
  • Activate and manage your eSIMs
  • Track your data usage in real time
  • Send you notifications about your eSIM status
  • Recommend relevant plans based on your location
  • Ensure your account security (Face ID, sessions)
  • Improve our services and fix technical issues

4. Data Sharing

We never sell your personal data. We only share your data with the following providers, necessary for the operation of the service:

  • Stripepayment processing (payment information, customer ID)
  • eSIM AccesseSIM provisioning and management (plan codes, order data)
  • Google / Applesocial authentication (email, name)
  • Resendtransactional email delivery (email address)
  • Expopush notifications (device tokens)

5. Data Retention

Your data is retained as long as your account is active. Upon account deletion, your personal data is deleted within 30 days, except for data we are legally required to retain (invoices, tax data).

6. Your Rights

Under the GDPR, you have the following rights:

  • Access — obtain a copy of your personal data
  • Rectification — correct inaccurate data
  • Deletion — request the deletion of your account and data
  • Portability — receive your data in a structured format
  • Objection — object to the processing of your data

To exercise your rights, contact us at privacy@simio.io.

7. Security

We implement appropriate technical and organizational measures to protect your data: encryption in transit (TLS), password hashing (bcrypt), optional biometric authentication (Face ID), and secure session management.

8. Cookies and Tracking

The mobile application does not use cookies. The website only uses technical cookies necessary for the operation of the service (authentication, preferences). We do not use any third-party advertising or analytics tracking tools.

9. Changes

We reserve the right to modify this policy. In case of substantial changes, we will notify you by email or notification in the application.

10. Contact

For any questions regarding this privacy policy, contact us: