Privacy Policy

Privacy Policy — Eseemo

Privacy Policy

Last updated: 1 May 2026

Contents
  1. Introduction
  2. Who is the data controller
  3. What we collect
  4. Why we collect it
  5. Legal basis for processing
  6. Who we share data with
  7. International data transfers
  8. How long we keep data
  9. Your rights
  10. Cookies and tracking
  11. How we protect your data
  12. Children's privacy
  13. Changes to this policy
  14. Contact and complaints

1. Introduction

This Privacy Policy explains how Eseemo collects, uses, and protects your personal data when you visit eseemo.com or purchase an eSIM. We take your privacy seriously and aim to be transparent about our practices.

This policy is written in compliance with the EU General Data Protection Regulation (GDPR) and Kosovo's Law on Personal Data Protection (Law No. 06/L-082).

2. Who is the data controller

The data controller responsible for your personal data is:

Slash Solutions L.L.C
Rruga Hyzri Talla, pn.
10000 Pristina
Republic of Kosovo

For privacy-related inquiries: privacy@eseemo.com

3. What we collect

We collect the minimum data necessary to provide our service. Specifically:

3.1 Information you provide directly

Data typeWhen collectedPurpose
Email addressAt checkoutOrder delivery, support, account access
Payment card detailsAt checkout (handled by payment partner — we never store card numbers)Payment processing
Cardholder nameAt checkoutPayment verification
Promo codes usedIf appliedTracking promotional offers
Phone model (if entered in compatibility checker)If you use the checkerVerifying eSIM compatibility
Support inquiriesWhen you contact usResponding to your questions

3.2 Information collected automatically

Data typeHow collectedPurpose
IP addressServer logs when you visitSecurity, fraud prevention, regional pricing
Browser type and versionServer logsCompatibility, security
Pages visitedServer logsService improvement
Approximate location (country-level)Derived from IPCurrency display, fraud prevention
Order historyFrom your purchasesOrder management, support

3.3 Information from third parties

Data typeSourcePurpose
Payment confirmationPayment processor (Paysera)Order fulfillment
eSIM activation statusWholesale providersCustomer support, usage information
Fraud risk indicatorsPayment processorFraud prevention

3.4 What we DO NOT collect

We deliberately do NOT collect:

  • Your actual location (only approximate country, not GPS or precise location)
  • Your phone number (we don't need it)
  • Browsing history outside Eseemo
  • Contents of your communications when using our eSIMs
  • Credit card numbers (these go directly to our payment processor)
  • Government identification documents
  • Biometric data

4. Why we collect it

We use your personal data only for the purposes described below:

4.1 To fulfill your order

  • Process your payment
  • Provision your eSIM through our wholesale provider
  • Deliver your eSIM QR code by email
  • Provide order history and support access

4.2 To provide customer support

  • Respond to your inquiries
  • Investigate and resolve issues
  • Process refund requests
  • Reissue eSIMs when needed

4.3 To protect against fraud and abuse

  • Detect and prevent fraudulent payments
  • Identify suspicious patterns of use
  • Comply with sanctions and export control laws

4.4 To improve our service

  • Understand which destinations and plans are popular
  • Identify and fix technical issues
  • Improve user experience

4.5 To comply with legal obligations

  • Tax reporting and accounting
  • Responding to lawful government requests
  • Maintaining records as required by law

Under GDPR, we process your data based on the following legal grounds:

Processing purposeLegal basis
Fulfilling your eSIM orderPerformance of contract (Article 6(1)(b))
Customer support and account managementPerformance of contract (Article 6(1)(b))
Payment processingPerformance of contract (Article 6(1)(b))
Fraud prevention and securityLegitimate interest (Article 6(1)(f))
Service improvement (analytics)Legitimate interest (Article 6(1)(f))
Legal compliance (tax, sanctions)Legal obligation (Article 6(1)(c))
Marketing emails (if you opt in)Consent (Article 6(1)(a))

6. Who we share data with

We share data only with parties necessary to provide our service. We do NOT sell your data to anyone.

6.1 Service providers

RecipientWhat we shareWhy
Payment processor (Paysera UAB, Lithuania)Payment details, email, order amountProcessing payments and refunds
Wholesale eSIM providersEmail, plan selectionProvisioning your eSIM
Hosting provider (Vercel Inc., USA)All data passing through our websiteHosting our service
Database provider (Supabase, USA / EU)Order and customer dataStoring our data securely
Email delivery service (Resend, USA)Email address, order contentDelivering confirmation and support emails
Error monitoring (Sentry, USA)Technical error data, IP addressDetecting and fixing bugs

All service providers are contractually bound to protect your data and use it only for the purposes we specify. Where these providers are located outside the EU, appropriate safeguards (typically EU Standard Contractual Clauses) are in place.

6.2 Legal authorities

We may disclose data to legal authorities when:

  • Required by law (court order, subpoena, regulatory request)
  • Necessary to comply with sanctions or anti-fraud regulations
  • Necessary to protect our rights or the safety of others

We will challenge requests we consider unlawful or overly broad.

6.3 Business transfers

If Slash Solutions L.L.C is acquired, merges, or sells assets, customer data may be transferred to the acquiring party. We will notify you of any such change and your rights regarding the transfer.

6.4 We do NOT share data with

  • Advertisers or marketing platforms
  • Data brokers
  • Social media platforms (we don't use their tracking pixels)
  • Other commercial partners for marketing purposes

7. International data transfers

Some of our service providers are located outside the European Economic Area (EEA), including in the United States.

Where we transfer your data outside the EEA, we ensure appropriate safeguards are in place, typically:

  • EU Standard Contractual Clauses (Commission Implementing Decision 2021/914)
  • Adequacy decisions where the destination country has been deemed to provide adequate protection
  • Where applicable, the EU-US Data Privacy Framework

You may request copies of these safeguards by contacting privacy@eseemo.com.

8. How long we keep data

Data typeRetention periodWhy
Order data (purchase records)7 yearsTax and accounting requirements
Customer email and contact info3 years after last interactionCustomer support, in case of returns
Payment records (without card numbers)7 yearsTax requirements
Server access logs90 daysSecurity investigation
Marketing consent recordsUntil consent withdrawn + 3 yearsProof of consent
Support email correspondence3 yearsCustomer service quality, dispute resolution

After the retention period, data is deleted or anonymized. Some data may be retained longer if required by law or for legal proceedings.

9. Your rights

Under GDPR, you have the following rights:

9.1 Right to access

You can request a copy of all personal data we hold about you. We'll respond within 30 days.

9.2 Right to correction

If your data is inaccurate, you can request correction.

9.3 Right to deletion ("right to be forgotten")

You can request deletion of your data, subject to legal retention requirements (e.g., we must keep order records for tax purposes).

9.4 Right to data portability

You can request your data in a structured, machine-readable format to transfer to another service.

9.5 Right to restrict processing

You can request we limit how we process your data in certain circumstances.

9.6 Right to object

You can object to processing based on legitimate interests, including direct marketing.

9.7 Right to withdraw consent

Where processing is based on consent (e.g., marketing emails), you can withdraw consent at any time.

9.8 Right to lodge a complaint

You can complain to a supervisory authority, including:

  • Kosovo's Information and Privacy Agency: aip.rks-gov.net
  • Your country's data protection authority (for EU residents)

How to exercise your rights

Email privacy@eseemo.com from the address associated with your account. We may need to verify your identity. We respond within 30 days.

Most rights are free to exercise. We may charge a reasonable fee for manifestly unfounded or excessive requests.

10. Cookies and tracking

We use cookies and similar technologies. We minimize tracking and explain what we use below.

10.1 Essential cookies (always active)

  • Session cookies for cart and order processing
  • Authentication cookies for "Find my eSIM" sessions
  • Security cookies to prevent CSRF attacks
  • Language preference cookies

These cannot be disabled as they're necessary for the service to function.

10.2 Analytics cookies (with your consent)

We use minimal analytics to understand how the service is used. These cookies record:

  • Pages visited (without identifying you personally)
  • Approximate visit duration
  • Referring website

We do not use Google Analytics, Meta pixels, or other invasive tracking. Our analytics are configured to respect your privacy.

10.3 No advertising cookies

We do NOT use cookies for advertising or to build profiles about you for marketing purposes.

Managing cookies

You can manage cookies through your browser settings. Disabling essential cookies will prevent the service from functioning correctly.

11. How we protect your data

We implement reasonable technical and organizational measures to protect your data:

  • HTTPS encryption for all data in transit
  • Encrypted database storage
  • Access controls limiting who can view customer data internally
  • Regular security reviews
  • Two-factor authentication for administrative access
  • Password hashing (where applicable; we currently use email-based authentication)
  • Card payment details handled by PCI-DSS-compliant payment processor (we never store card numbers)
In case of a data breach: We will notify affected customers within 72 hours of becoming aware of any breach that poses a risk to their rights and freedoms, and we will report to the relevant supervisory authority within the same timeframe.

12. Children's privacy

Eseemo is intended for adults (18+). We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact privacy@eseemo.com and we will delete it.

13. Changes to this policy

We may update this Privacy Policy. Material changes will be communicated by:

  • Email to your registered address (if applicable)
  • Notice on our website

The "Last updated" date at the top of this policy reflects the most recent change.

14. Contact and complaints

Privacy inquiries:

Email: privacy@eseemo.com

Postal:
Slash Solutions L.L.C
Attn: Privacy
Rruga Hyzri Talla, pn.
10000 Pristina, Republic of Kosovo

Supervisory authority:

If you believe we have not handled your data properly, you have the right to complain to:

Kosovo Information and Privacy Agency (Agjencia për Informim dhe Privatësi)
aip.rks-gov.net

EU residents may complain to the data protection authority in their country.