1. What we collect
We collect the minimum needed to deliver eSIMs:
- Account: email, name, hashed password.
- Commerce: order history, plan codes, payment method tokens (via Stripe).
- eSIM technical data: ICCID, install status, usage counters reported by the carrier.
- Operational: IP address, device user-agent (for fraud prevention and rate-limiting).
2. What we don't collect
We do not collect device location, contacts, photos, or other identifiers beyond what is needed for the service.
3. Why we collect it
To create and manage your account, fulfill purchases, send transactional emails (purchase confirmation, password reset), and provide customer support.
4. Who we share it with
- Stripe — payment processing. Stripe sees card data; we do not.
- eSIM Access — our upstream eSIM provider. They receive the package code and a Roamo-internal order reference required to provision the profile.
- Cloudflare — infrastructure (Workers, D1, R2, Email). All data is stored in Cloudflare's regional databases.
We do not sell your data. We do not share it with advertisers.
5. How long we keep it
Account data: as long as your account is active, plus 7 years for tax/finance record retention. You may request deletion at any time (see section 7).
6. Cookies
We use HTTP-only cookies for authentication (session and refresh tokens). We do not use third-party tracking cookies.
7. Your rights
You can access, correct, export, or delete your data at any time. Email
privacy@roamo.io with your request — we respond within 30 days.
8. International transfers
Cloudflare and Stripe operate globally. Your data may be processed outside your country of residence. We rely on Standard Contractual Clauses where applicable.
9. Changes
We will notify you by email of material changes and update the date above.