Privacy policy

eSIM Point (“we”, “us”, “our”) operates this website and sells travel eSIM data plans from connectivity partners worldwide. We act as the data controller for the personal data you provide when you visit, buy from us, or contact support.

For questions about this policy, email support@esimpoint.com.

• • Provision your eSIM and deliver the QR code to your email.
• • Process payments, issue receipts and handle refunds.
• • Provide customer support and respond to your questions.
• • Detect, prevent and investigate fraud or abuse.
• • Improve the site, products and plan recommendations.
• • Send transactional emails about your order or account.
• • Send marketing emails — only with your explicit opt-in, and you can unsubscribe any time.
• • Meet legal, tax and accounting obligations.

Under UK and EU GDPR, we rely on the following legal bases:

• Contract— to deliver the eSIM and service you purchased.
• Legitimate interests— site security, fraud prevention, product analytics and improving the service.
• Consent— non-essential cookies and marketing emails. You can withdraw consent at any time.
• Legal obligation— tax, accounting and responding to lawful requests.

We share personal data only with vendors needed to run the service:

• • Connectivity suppliers who issue and activate the eSIM profile.
• • Payment processors (e.g. card and wallet providers).
• • Email and messaging providers for QR delivery and support.
• • Cloud hosting and database providers.
• • Analytics and error-monitoring providers, where consent is given.
• • Regulators or law enforcement when legally required.

We do not sell your personal data.

Some of our partners are based outside the UK and EEA. Where data is transferred internationally, we rely on appropriate safeguards such as Standard Contractual Clauses, the UK International Data Transfer Addendum, or an adequacy decision.

• • Order and tax records: 6 years, for legal and accounting compliance.
• • Account data: while your account is active, plus 12 months after closure.
• • Support tickets: up to 24 months after the case is closed.
• • Marketing data: until you unsubscribe, then a suppression record is kept.
• • Server logs: typically 30–90 days.

We use a small number of cookies and similar technologies. Essential cookies keep you signed in, remember your cart and protect against abuse. Analytics and marketing cookies are only set if you consent through the cookie banner.

You can change cookie preferences any time from the banner or your browser settings.

We use TLS in transit, encryption at rest for sensitive fields, hashed passwords, role-based access controls, and regular reviews of vendors and infrastructure. No system is perfectly secure, so we also keep an incident response plan and will notify you and regulators where required by law.

Subject to local law (including GDPR and UK GDPR) you have the right to:

• • Access a copy of the personal data we hold about you.
• • Correct inaccurate or incomplete data.
• • Request erasure of your data.
• • Object to or restrict certain processing.
• • Withdraw consent for marketing or non-essential cookies.
• • Request portability of data you provided to us.
• • Lodge a complaint with your local supervisory authority — in the UK, the Information Commissioner’s Office.

To exercise any of these rights, email support@esimpoint.com. We will respond within one month.

Our service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

We may update this policy as our services or laws change. The “Last updated” date at the top reflects the latest revision. Significant changes will be flagged on the site or by email if you have an account.

Questions, requests or concerns? Email support@esimpoint.com or visit the help centre.