In short: we collect what we need to deliver eSIMs to you, process payments, and improve the service. We don't sell your data. You can request access, correction, or deletion of your data at any time by emailing hello@roamfly.co.
1. Who We Are (Data Controller)
ROAMFLY LTD ("RoamFly", "we") is the data controller for the personal data we process about you. We are registered in England and Wales under company number [ROAMFLY_REGISTRATION_NUMBER], with registered office at [ROAMFLY_REGISTERED_ADDRESS].
For any privacy questions, contact us at hello@roamfly.co.
2. Personal Data We Collect
2.1 Information you give us
- Account data: name, email address, password (stored hashed).
- Order data: billing country, the eSIM plan(s) you purchase, and any preferences you select.
- Payment data: processed by Stripe; we receive a payment confirmation, the last four digits of your card, card brand, and country. We do not see or store your full card number.
- Support data: the contents of any messages you send us (email, contact form, chat).
- Marketing preferences: whether you have consented to receive newsletters or promotional emails.
2.2 Information we collect automatically
- Device & connection data: IP address, device type, browser type, operating system, language, time zone.
- Usage data: pages viewed, links clicked, referring pages, session duration. Collected via Vercel Analytics in a privacy-respecting form (no individual user profiles).
- eSIM activation data: whether your eSIM has been activated, the country it is being used in, data consumption against the plan allowance. We use this to operate the Service and to provide you with usage information in your account.
- Cookies & similar technologies: see our Cookie Policy.
2.3 Information from third parties
If you sign in using Google or Apple, we receive your name, email and a unique identifier from those providers. We do not receive your password.
3. Why We Use Your Data and the Lawful Basis
| Purpose | Lawful basis (UK GDPR) |
|---|---|
| Creating and managing your account; delivering eSIMs you purchased; providing customer support | Performance of a contract with you (Article 6(1)(b)) |
| Processing payments and preventing fraudulent transactions | Performance of contract; legitimate interests (Article 6(1)(b), (f)) |
| Sending you transactional emails (order confirmations, eSIM delivery, service updates) | Performance of contract (Article 6(1)(b)) |
| Sending you marketing emails and offers | Your consent, which you can withdraw at any time (Article 6(1)(a)) |
| Improving and securing the Service, debugging, and analytics | Legitimate interests (Article 6(1)(f)) |
| Complying with tax, accounting and other legal obligations | Legal obligation (Article 6(1)(c)) |
4. Who We Share Data With
We share personal data only with carefully selected service providers ("processors") and only as needed to operate the Service:
- Stripe — payment processing.
- Supabase — user accounts, authentication and order history.
- Vercel — website hosting and analytics.
- Resend — transactional email delivery.
- Cloudflare — DNS, content delivery and email routing for our domain.
- Our eSIM upstream provider — provisions and activates the eSIM profiles delivered to you. We share only what is necessary for activation and support.
- Google and Apple — if you use Sign in with Google / Apple to log in.
We may also disclose data when required by law, to enforce our Terms, or to protect the rights, property or safety of RoamFly, our customers, or others. We do not sell your personal data and do not share it with advertisers.
5. International Transfers
Some of our processors are based outside the United Kingdom (for example, in the European Union or the United States). Where we transfer personal data outside the UK, we rely on appropriate safeguards approved by the UK Information Commissioner's Office, including Standard Contractual Clauses with the UK addendum, the UK–US Data Bridge where applicable, and adequacy decisions where they exist.
6. How Long We Keep Your Data
- Account data: for as long as your account is active, plus up to 24 months after closure for fraud prevention and dispute handling.
- Order and billing records: at least 6 years from the end of the tax year in which the transaction occurred, to comply with UK accounting and tax law.
- Support correspondence: up to 3 years after the issue is resolved.
- Marketing preferences: until you withdraw consent or unsubscribe.
- Analytics and logs: up to 13 months in identifiable form, then aggregated or deleted.
7. Your Rights
Under the UK GDPR you have the right to:
- Access the personal data we hold about you;
- Correct data that is inaccurate or incomplete;
- Erase your data ("right to be forgotten"), subject to legal retention obligations;
- Restrict or object to certain processing;
- Port your data to another provider where technically feasible;
- Withdraw consent at any time, where processing is based on consent;
- Lodge a complaint with the UK Information Commissioner's Office (ico.org.uk) if you believe we have not handled your data properly.
To exercise any of these rights, email hello@roamfly.co. We will respond within one calendar month of receiving your request, as required by law.
8. Children
Our Service is not directed at children under 18. We do not knowingly collect personal data from anyone under 18. If you believe we have inadvertently collected such data, please contact us and we will delete it.
9. Security
We use industry-standard administrative, technical and physical safeguards to protect your data. These include encryption in transit (TLS) and at rest, restricted internal access, secure authentication, and regular security reviews. No system is 100% secure, but we work to minimise risk and respond promptly to any security issues.
10. Changes to This Policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the latest version. For material changes, we will notify registered users by email or through the Service.
11. Contact
If you have any questions about this Privacy Policy or how we handle your data, please email hello@roamfly.co or write to us at our registered office.