GiTSIM logo

Privacy Policy

Last updated: May 16th 2025

Introduction

This Privacy Policy explains how we collect, use, share, and safeguard your personal data when you obtain and use a Gitsim eSIM, and how we comply with the EU General Data Protection Regulation (GDPR). It also describes your rights regarding your personal data. Gitsim is the controller for the processing of personal data in the context of our services.

Personal data we collect

We collect various types of personal data in order to provide our services. The categories of data we may collect include:

  • Identification and Contact Information: For example, your name, phone number, and email address. We need these to create your account or register your eSIM service and to communicate with you;
  • Device and Technical Information: Information about the device you use with our eSIM, such as device model, operating system, device eSIM identifier, as well as network and connectivity data. For instance, we may record network events like which local network your eSIM connects to, your data usage volume, and the country or location where the eSIM is used. We also collect technical data when you use our websites or app, such as your IP address, browser type, operating system, date and time of access, and usage logs. Some of this data is collected via cookies or similar tracking technologies (see Cookies below);
  • Order and Travel Details: Information related to your purchase or activation of a Gitsim eSIM plan. This includes the data plan or package you chose, the date of purchase or activation, and your approximate location at point of purchase (e.g. based on IP address);
  • Payment Information: To process payments for your eSIM, we collect necessary billing details. This may include billing name and address, and payment method details.
  • Communications with You: If you contact Gitsim customer support or otherwise communicate with us, we will collect and retain those communications;
  • Marketing Preferences: If you opt-in to marketing, we will note your preferences (e.g. that you agreed to receive promotional SMS messages).
  • Cookies and Online Data: When you use our website or app, we use cookies and similar technologies to collect information about your browsing actions and usage patterns.

How we use your personal data

Gitsim processes personal data for specific purposes and in accordance with the legal grounds allowed by GDPR. Below we explain why we use your data and the corresponding legal justification:

  • Providing and Managing the eSIM Service: We use your data to activate and deliver the eSIM and data plan you requested, and to ensure it works properly on your device. This includes using your personal and device information to set up the service, connecting you to mobile networks, and troubleshooting issues you report. It also covers managing your user account on our app or website and providing customer support. Legal basis: Performance of a contract – this processing is necessary to fulfill our agreement with you to provide the eSIM service.
  • Processing Payments: We handle your personal and payment data to process transactions, issue invoices or receipts, and manage any refunds. Legal basis: Performance of contract (to provide the paid service) and compliance with legal financial obligations (e.g. accounting laws).
  • Communicating with You about the Service: We will use your contact information (e.g. email or phone) to send service-related communications. This includes sending the eSIM QR code or installation instructions, notifications about service status, usage alerts, and responding to your inquiries. Legal basis: Performance of contract (we need to communicate to deliver the service), and in some cases legitimate interests in ensuring good customer service and satisfaction.
  • Sending Marketing and Promotional Messages (See Section “Marketing Communications” below for details): With your permission or as allowed by law, we may use your contact details to send promotional communications – for example, SMS offers about top-ups or new travel plans, or emails with special deals and travel tips. Legal basis: Consent, where required by GDPR or e-privacy laws, or legitimate interest for existing customers (in some cases we may rely on our interest in promoting similar services to you, but you will always have a clear opt-out).
  • Improving and Securing Our Services: We analyze usage data (e.g. how customers use our website and eSIM services) to understand performance and improve our products. This helps us fix technical issues, optimize our user interface, and develop new features that enhance your experience. We also process data to monitor for fraudulent or unauthorized use, ensure network security, and prevent abuse of our services. Legal basis: Legitimate interests – it is in our business interest to improve our services and protect our platform, and we ensure this does not override your rights. For example, we might use IP addresses and device IDs to detect misuse or multiple sign-ins that breach terms.
  • Other Legitimate Business Purposes: We might process data for internal administrative purposes, such as auditing, analytics, or preparing aggregate reports. We could also use data to contact you for feedback or to conduct customer satisfaction surveys to improve our offerings. Legal basis: Legitimate interests (running an efficient, high-quality business). We will always consider your rights and interests and provide transparency and opt-outs where appropriate.

We will not use your personal data for purposes that are incompatible with those above without asking for your consent. If we intend to use your data for a new purpose, we will update this Policy and notify you when required.

Marketing communications

Promotional Messages: With your agreement, Gitsim may send you marketing communications about our products and offers. Notably, since many Gitsim users are tourists using our eSIM for a short period, our primary marketing channel is SMS text messages to the phone number you provided. For example, we might send a text with a discount code for a future trip, or an offer to extend your data plan. We may also use email for newsletters or promotions if you provided your email. All such messages will be limited and relevant, e.g. focusing on travel connectivity deals.

Consent and Opt-Out: We will only send you promotional SMS or emails if you have consented to receive them, or (where allowed) if you are an existing customer and we provide a simple opt-out mechanism. For example, when you sign up or activate a Gitsim eSIM, we may ask for your permission to send marketing texts. If you prefer not to receive these, you can decline or later opt out at any time. Each marketing SMS will include an option to unsubscribe (such as replying "STOP"), and our marketing emails will contain an "unsubscribe" link. You can also opt out by contacting us directly. Once you opt out, we will stop sending you promotional messages. (Service-related communications will still be sent as needed and are not affected by a marketing opt-out.).

Tailoring and Analytics: We may tailor the marketing content you receive based on your usage of our services or your travel profile – for instance, offering you a deal for a region you visited before. We might use analytics to ensure the offers we send are useful. Any such profiling for marketing will be done under your consent, and you have the right to object to or disable personalized marketing. We do not sell or rent your personal data to third-party marketers.

Cooking and tracking devices

Our website and mobile app use cookies and similar tracking technologies to provide and improve our online services. For example, we use essential cookies to enable core site functionality and analytics cookies (with your consent) to understand how users navigate our site. We may also use advertising cookies or pixels to deliver relevant ads about Gitsim on other platforms, but only if you have permitted this.

When you first visit our site, we will request your cookie preferences. You can choose to accept or reject various categories of cookies (except those strictly necessary). You can also change your preferences at any time via our Cookie Settings or by clearing cookies in your browser.

Please note, certain data like IP address, browser type, and usage stats are often collected automatically by virtue of visiting any website; we treat such online identifiers as personal data if they can be linked to you and handle them under this Policy.

Data security

Gitsim takes the security of your personal data very seriously. We have implemented a combination of physical, technical, and organizational measures to safeguard the information. We employ industry-standard encryption protocols to protect data in transit and at rest (for example, your data is encrypted when it's sent over networks and when stored on our servers). Our infrastructure is protected by firewalls, anti-malware software, and intrusion detection systems to guard against cyberattacks. We conduct regular security audits, vulnerability scans, and penetration testing to identify and address potential weaknesses in our systems. All access to our databases is logged and monitored, and we use access controls to ensure only necessary personnel can view personal data (on a "need-to-know" basis).

Despite all these measures, please note that no method of transmitting or storing data is 100% secure. The internet by its nature can never be completely risk-free. However, we strive to protect your personal information to the best of our ability. You also play a role in security: keep your account credentials (SIM activation codes, etc.) safe and notify us immediately if you suspect any unauthorized access to your account or eSIM. If we detect a data security risk that affects you, we will inform you and guide you on steps to protect yourself.

Data retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this Policy, and as required by law. The exact retention periods can vary based on the type of data and the legal context. Here are some general guidelines:

  • Customer Account and Service Data: Information related to your eSIM service (account details, eSIM activation and usage records) is kept while you are an active customer. After you stop using Gitsim, we will retain this data for a limited period – typically, we might keep basic account and transaction data for a few years after your last use of the service. This allows us to comply with any legal obligations (like telecom regulations or potential audits) and to be able to resume service for you if you return within that time.
  • Usage Logs: Detailed network event logs and data usage records are kept for a shorter period, unless law requires otherwise. For instance, we may keep logs of your eSIM's connectivity and data usage for [X] days or as mandated by local data-retention laws, and then either delete or anonymize that data. (By anonymize, we mean we remove or irreversibly scramble any information that could identify you personally.)
  • Payment and Billing Records: We retain billing information, invoices, and payment transaction records for the period required under finance and tax regulations. In many jurisdictions, this is around 7 to 10 years. This helps us handle any billing disputes or audits. Note that even when we retain transaction records, your sensitive payment details (like full credit card numbers) are not stored by us beyond what is needed for lawful record-keeping.
  • Customer Support Communications: Records of your communications with us (emails, chat logs, support tickets) are typically kept for a few years after resolution of your query. This helps us improve support and refer to past issues if you contact us again.
  • Marketing Data: If you have consented to marketing, we will retain your contact details for marketing purposes until you opt out or for a defined period of inactivity. As noted, we generally will not keep sending you marketing if you haven't interacted with us in over a year. We still may keep a record that you opted out, to ensure we honor that choice going forward.

Once the applicable retention period expires, or if you request deletion and we have no other legal basis to keep the data, we will securely delete or anonymize your personal data. In determining retention length, we consider factors like: the duration of our relationship with you, legal requirements, the statute of limitations for potential legal claims, and the nature of the data. When we anonymize data, we remove personal identifiers so that the information can no longer be linked to you. Anonymized data may be retained for statistical or analytical purposes without further notice.

Your rights under the GDPR

As a user of Gitsim, especially if you are in the EU or UK, you have robust rights regarding your personal data. We are committed to honoring these rights. You have the following rights:

  • Right of Access: You can request a copy of the personal data we hold about you, as well as information on how we use it, with whom it is shared, and how long we intend to keep it. This helps you understand and verify the lawfulness of our processing.
  • Right to Rectification: If any of your personal data is inaccurate or incomplete, you have the right to have it corrected or updated. Upon your request, we will rectify any errors in your data.
  • Right to Erasure: Also known as the "right to be forgotten," this allows you to request deletion of your personal data in certain circumstances. For example, if the data is no longer necessary for the purposes it was collected, or if you withdraw consent and we have no other legal basis, or if you object to processing and we have no overriding legitimate interest to continue, you can ask us to delete your data. Please note that we cannot delete data where we have a legal obligation to keep it (e.g. transaction records required for tax purposes) or other valid justification to retain it.
  • Right to Restriction of Processing: You can ask us to restrict (temporarily halt) the processing of your data in certain cases. For instance, if you contest the accuracy of your data, you can request we pause processing until we verify or correct it. Or if you have objected to processing (see below) and we are assessing our legitimate interests, you can request restriction in the interim. When processing is restricted, we will store your data securely and not use it except to the extent allowed (e.g. to protect legal rights).
  • Right to Data Portability: You have the right to receive the personal data you provided to us in a structured, commonly used, machine-readable format, and to request that we transmit it to another service provider where technically feasible. This typically applies to data processed by us on the basis of your consent or for performance of a contract. For example, you could ask for export of the account information you gave us, so you can reuse it elsewhere.
  • Right to Object: You may object at any time to processing of your personal data that is based on our legitimate interests. If you do so, we will stop the processing unless we have compelling legitimate grounds that override your interests, or the processing is needed for legal claims. Importantly, you have an absolute right to object to processing of your data for direct marketing purposes at any time. If you object to or opt out of marketing, we will honor that with no exceptions.
  • Right to Withdraw Consent: Where we rely on your consent to process personal data (for example, for sending marketing SMS or for certain analytics cookies), you have the right to withdraw your consent at any time. Withdrawal of consent will not affect the lawfulness of any processing done before you withdrew, and it will not affect processing under other legal bases. If you withdraw consent, we will stop the processing for which it was obtained. (For instance, you can withdraw consent to marketing messages and we will stop sending them.)
  • Rights in Relation to Automated Decisions: Gitsim does not currently make any decisions about you that have legal or similarly significant effects solely by automated means (i.e. without human involvement). If that ever changes, you would have the right not to be subject to a purely automated decision that significantly affects you, and to request human review of such a decision. You also have the right to express your point of view and contest the decision. We will inform you if we introduce automated decision-making processes that use your personal data.
  • Right to Lodge a Complaint: If you believe we have infringed your data protection rights or handled your data unlawfully, you have the right to file a complaint with a Supervisory Authority in the EU member state where you reside, where you work, or where the alleged violation occurred. For example, if you are a resident of the EU, you might contact your national Data Protection Authority. We would appreciate the chance to address your concerns first, so we encourage you to contact us with any complaint, but you are free to go directly to the authorities. In Turkey, you may also have rights under local data protection law (KVKK); we will cooperate with the relevant authorities.

To exercise any of your rights, please contact us (see Contact Us below). We may need to verify your identity to process certain requests, especially for access, deletion, or portability, to ensure we don't disclose data to the wrong person. We will respond to your requests as soon as possible, and within the timeframe required by law (generally within one month, extendable if necessary). There is no fee for making a request in most cases. However, if a request is manifestly unfounded or excessive (e.g. repetitive), we may charge a reasonable fee or refuse to act on it, as permitted by law – but we will explain our reasoning in such cases.

Contact Us (Data Protection Officer)

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please reach out to us. We have appointed a Data Protection Officer (DPO) who oversees our privacy practices and GDPR compliance. You can contact our DPO by emailing support@help.gitsim.com

Or via our customer service at support@help.gitsim.com.

We will gladly assist with inquiries about your data, resolve any problems, or address complaints. Your feedback about privacy is welcome.

Updates to this privacy policy

We may update this Privacy Policy from time to time, for example to reflect changes in our services or to ensure compliance with new legal requirements. If we make material changes, we will notify users by posting the updated Policy on our website and, where appropriate, by other communication (e.g. email notification). The "Last Updated" date at the top will indicate when the latest changes were made. We encourage you to review this Policy periodically to stay informed about how we protect your data.

If you continue to use Gitsim services after an update, it means you acknowledge the updated terms. However, if we seek to use your personal data for a new purpose that requires your consent, we will obtain your consent first.