Privacy Policy

InstantESIMs ("we", "us", "our") operates instantesims.com, an online store selling eSIM data plans for international travel. We are committed to protecting your personal information and being transparent about how we use it.

For the purposes of the General Data Protection Regulation (GDPR), we are the data controller of your personal information.

When you place an order or interact with our website, we may collect:

• Contact information — name, email address
• Payment information — processed securely via our payment provider; we do not store card details
• Device information — browser type, IP address, pages visited
• Order information — plans purchased, delivery email address

We use your information to:

• Process and fulfil your eSIM order
• Deliver your QR code to your email address
• Send order confirmations and support communications
• Improve our website and product offerings
• Comply with legal obligations

We do not sell your personal data to third parties.

If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data under the following legal bases:

• Contract performance — processing is necessary to fulfil your order and deliver your eSIM
• Legal obligation — processing is necessary to comply with applicable laws (e.g. tax and accounting requirements)
• Legitimate interests — we may process data to improve our services, prevent fraud, and ensure website security, where these interests are not overridden by your rights
• Consent — where you have explicitly opted in, such as subscribing to marketing emails. You may withdraw consent at any time.

By placing an order, you consent to receiving transactional emails related to your purchase. You may separately opt in to marketing emails. You can unsubscribe at any time via the link in any email.

We share your data only where necessary:

• Shopify — our e-commerce platform (shopify.com/legal/privacy)
• Payment processors — to securely handle transactions
• eSIM network providers — to activate your plan
• Legal authorities — where required by law

We do not transfer your data outside the EEA without appropriate safeguards in place. Where transfers do occur, we rely on mechanisms such as Standard Contractual Clauses (SCCs) or adequacy decisions.

We retain your order and account data for up to 7 years for legal and accounting purposes. You may request deletion of your data at any time (subject to legal retention requirements).

Our website uses cookies to improve your experience and analyse traffic. You can control cookies through your browser settings. We use analytics tools (such as Google Analytics) to understand how visitors use our site. For full details of the cookies we use, please see our Cookie Policy.

Depending on your location, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data ("right to be forgotten")
• Object to or restrict processing
• Data portability — receive your data in a structured, machine-readable format
• Withdraw consent at any time, where processing is based on consent
• Lodge a complaint with your local data protection authority

EEA and UK residents have these rights under GDPR and the UK GDPR respectively. To exercise any of these rights, contact us at support@instantesims.com. We will respond within 30 days.

If you are in the EEA, you have the right to lodge a complaint with your national data protection authority. In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk. We would, however, appreciate the chance to address your concerns before you contact a regulator.

We take reasonable technical and organisational measures to protect your data. All transactions are encrypted via SSL. In the event of a data breach that affects your rights, we will notify you and the relevant authorities as required by law.

Our website may contain links to third-party sites. We are not responsible for their privacy practices and encourage you to read their privacy policies.

Our services are not directed at children under 13. We do not knowingly collect data from children. If you believe we have inadvertently collected data from a child, please contact us immediately.

We may update this policy from time to time. We will notify you of significant changes by updating the date at the top of this page. Continued use of our website after changes constitutes acceptance of the updated policy.

If you have any questions about this policy, your data, or to exercise your rights, please contact us at:

support@instantesims.com