Privacy Policy

Last updated: June 2025

This Privacy Policy describes how A-Sim ("we", "us", "our") collects, uses, and shares personal information when you use the A-Sim mobile application, website, and related services (collectively, the "Service").

1. Information we collect

Account information

• Email address (required to create an account)
• Name (optional, used for receipts and customer support)
• Password (stored only as a salted hash — we never see your plaintext password)

Payment information

• Payment is processed by Stripe, Inc. Card numbers, CVCs and bank details are sent directly to Stripe and never touch our servers. We retain only a payment confirmation identifier, the amount, currency and a masked last-4 of the card for receipts and refunds.
• Stripe's privacy policy applies to data they collect: https://stripe.com/privacy

eSIM and device data

• When you purchase an eSIM, our telecom network partner issues you a profile (ICCID, QR payload, activation code) which we store so you can re-install it later.
• Live data usage (used / remaining MB), connection status and validity dates fetched from our network partner on demand — we don't continuously track your location or browsing.
• Device information from your phone (model identifier, OS version) used to run the eSIM compatibility check.
• Push notification token issued by Apple (APNs) or Google (FCM) when you opt in to notifications — required to alert you when your data is low.

Communications

• Transactional emails (purchase confirmation, eSIM install link, low-data alerts) are sent via SendGrid. SendGrid receives your email address and message contents for the sole purpose of delivery.

2. How we use your information

• To deliver and operate the Service (create your eSIM, send the install link, show usage).
• To process payments and prevent fraud.
• To send transactional alerts (low data, expiring plans, top-up confirmations).
• To respond to customer support requests.
• To comply with legal obligations and enforce our Terms of Service.

We do not sell your personal information. We do not use your data for behavioural advertising and we do not share it with advertising networks.

3. Third-party processors

We share the minimum personal information required with the following processors, each contractually obligated to protect your data:

• Stripe — payment processing
• Telecom network partner — eSIM profile provisioning and live usage data
• SendGrid (Twilio) — transactional email delivery
• Expo (push delivery) — relays push notifications to APNs / FCM
• MongoDB Atlas / cloud hosting — secure database and application hosting

4. Data retention

• Account records and order history: retained while your account is active. You may request deletion at any time by emailing support@a-sim.io.
• Payment receipts: retained for 7 years to meet tax and accounting obligations (CRA requirement).
• Expired eSIM profiles: retained for 12 months for support and dispute resolution, then anonymized.

5. Your rights

Depending on where you live (GDPR / UK GDPR / CCPA / PIPEDA), you have the right to:

• Access the personal information we hold about you
• Correct inaccurate information
• Request deletion of your account and data (subject to legal retention)
• Export your data in a portable format
• Object to or restrict certain processing
• Withdraw consent to push notifications and marketing communications

To exercise any of these rights, email support@a-sim.io. We respond within 30 days.

6. Security

We use HTTPS / TLS encryption in transit, encryption at rest for sensitive fields, scoped JWT authentication and bcrypt password hashing. We never store full payment card numbers. No system is 100% secure; we encourage you to use a strong, unique password and to enable device-level biometrics.

7. Children

The Service is not directed to children under 13 (or under 16 in the EU/UK), and we do not knowingly collect personal information from them. If you believe we have, contact us and we will delete it.

8. International transfers

Our processors operate globally. By using the Service you consent to the transfer of your information to Canada and to other countries where our processors operate, subject to standard contractual clauses where required.

9. Changes

We may update this policy from time to time. Material changes will be highlighted in the app and emailed to account holders. The "Last updated" date at the top of this page reflects the most recent revision.

10. Contact

Privacy questions: support@a-sim.io
A-Sim — Province of Ontario, Canada