Privacy Policy

Last updated: 24 February 2026

This Privacy Policy sets out how SIMSY Limited ("we", "us", or "our"), trading as TravelSIMSY, collects, uses, discloses, transfers, and stores your personal data when you use our Services. It should be read alongside our Terms of Service and Cookie Policy.

1. Who We Are

TravelSIMSY is a brand of SIMSY Limited, a company registered in England and Wales. We are the data controller responsible for your personal data processed in connection with the TravelSIMSY service.

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us using the details provided in Section 16 of this policy.

2. Information We Collect

We collect personal data in the following ways:

2.1 Information you provide directly

When you register for an account (including via Google Sign-In or other third-party authentication providers), we collect your name, email address, and profile information. When you make a purchase, we collect transaction details including payment method and billing information. When you contact our customer support team, we collect the content of your communications.

2.2 Information collected through Google Sign-In

If you choose to sign in or register using Google Sign-In, we receive the following data from your Google account: your name, email address, and profile picture. We use Google's OAuth 2.0 authentication protocol to facilitate this sign-in process. We do not receive or store your Google account password. The specific data we receive is limited to the information you consent to share during the Google Sign-In authorisation process.

2.3 Information collected automatically

When you use the App or our website, we automatically collect:

  • Your IP address
  • Device information including device type, operating system, and unique device identifiers
  • eSIM usage data including data consumption volumes and connection timestamps
  • App usage data including features accessed and interaction patterns
  • Approximate location data derived from network connection information (this is necessary for the provision of the telecommunications service)
  • Diagnostic and crash report data

2.4 Information from third parties

We may receive information from our payment service providers regarding the status of your transactions, from our network partners regarding service delivery and usage, and from analytics providers regarding aggregated usage patterns.

3. How We Use Your Information

We use your personal data for the following purposes:

  • 3.1 To provide the Service: Including provisioning eSIM profiles, managing your account, processing payments, delivering data connectivity, and providing customer support.
  • 3.2 To improve our Service: Analysing usage patterns, identifying and fixing technical issues, developing new features, and optimising network performance.
  • 3.3 To communicate with you: Sending service-related notifications, responding to your enquiries, and providing important updates about your account or the Service.
  • 3.4 To comply with legal obligations: Including telecommunications regulatory requirements, tax obligations, fraud prevention, and responding to lawful requests from authorities.
  • 3.5 For marketing purposes: With your consent, we may send you marketing communications about our products and services. You can opt out of marketing communications at any time.
  • 3.6 To protect our legitimate interests: Including detecting and preventing fraud, enforcing our Terms of Service, and protecting the security of our network and systems.

4. Google Sign-In and Google User Data

This section specifically addresses how we handle data obtained through Google Sign-In and Google's OAuth 2.0 authentication, in accordance with the Google API Services User Data Policy.

4.1 What Google user data we collect

When you use Google Sign-In to create an account or log in to TravelSIMSY, we collect the following data from your Google account: your full name, your email address, and your profile picture (if available). This data is collected only with your explicit consent during the Google Sign-In authorisation flow. We do not access any other data from your Google account, including your Google contacts, calendar, drive files, or browsing history.

4.2 How we use Google user data

We use Google user data solely to provide and improve the TravelSIMSY application and its functionality. Specifically, we use your Google user data for the following purposes only: to create and authenticate your TravelSIMSY account; to identify you within the App and personalise your experience (for example, displaying your name); to send service-related communications to the email address associated with your account; and to provide customer support.

We do not use Google user data for any purpose other than providing or improving user-facing features of the TravelSIMSY application. We do not use Google user data to serve advertisements. We do not use Google user data for retargeting, remarketing, or interest-based advertising. We do not use Google user data to build user profiles for any purpose unrelated to the TravelSIMSY service.

4.3 How we store and protect Google user data

Google user data is stored securely on encrypted servers. We implement industry-standard security measures to protect Google user data, including:

  • Encryption of data in transit using TLS/SSL protocols
  • Encryption of data at rest
  • Access controls limiting access to authorised personnel only
  • Regular security audits and vulnerability assessments
  • Secure authentication mechanisms for all administrative access

4.4 Sharing and disclosure of Google user data

We do not sell, rent, lease, or trade Google user data to any third party under any circumstances. We do not transfer or disclose Google user data to third parties for purposes other than those described in this policy.

Google user data may only be shared with the following categories of recipients, and only to the extent necessary to provide the TravelSIMSY service: cloud infrastructure providers who host our application (under strict data processing agreements); and customer support tools used to respond to your enquiries.

We will not share Google user data with any other third parties unless: we have your explicit consent to do so; it is necessary to comply with applicable law, regulation, legal process, or enforceable governmental request; or it is necessary to detect, prevent, or otherwise address fraud, security, or technical issues.

4.5 Retention and deletion of Google user data

We retain Google user data for as long as your TravelSIMSY account remains active and for a period of 24 months following account closure or inactivity. When the retention period expires, we will securely delete or anonymise your Google user data.

You may request deletion of your Google user data at any time by: using the account deletion feature within the TravelSIMSY App; emailing us at [email protected]; or revoking TravelSIMSY's access to your Google account through your Google Account permissions page at https://myaccount.google.com/permissions. Upon receiving a deletion request, we will delete your Google user data within 30 days, except where retention is required by law.

4.6 Compliance with Google API Services User Data Policy

TravelSIMSY's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We limit our use of Google user data to providing and improving user-facing features that are prominent in the requesting application's user interface.

5. Lawful Bases for Processing

Under UK GDPR, we process your personal data on the following legal bases:

  • 5.1 Performance of a contract: Processing necessary to provide the Service to you, including account management, eSIM provisioning, and payment processing (Article 6(1)(b)).
  • 5.2 Legitimate interests: Processing necessary for our legitimate business interests, including service improvement, fraud prevention, and network security, where those interests are not overridden by your rights (Article 6(1)(f)).
  • 5.3 Legal obligation: Processing necessary to comply with our legal obligations, including telecommunications regulations, tax law, and sanctions compliance (Article 6(1)(c)).
  • 5.4 Consent: Where you have given your explicit consent, such as for marketing communications or when authorising Google Sign-In. You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal (Article 6(1)(a)).

6. Data Sharing

We may share your personal data with the following categories of recipients:

  • 6.1 Network operators and roaming partners: To provision and deliver the eSIM data service. This may involve transfers of data to operators in the countries where you are using the Service.
  • 6.2 Payment service providers: To process your payments securely.
  • 6.3 Cloud hosting and infrastructure providers: To host and maintain the App and our systems.
  • 6.4 Analytics providers: To help us understand how the Service is used and to improve it.
  • 6.5 Professional advisors: Including legal, accounting, and auditing firms as necessary.
  • 6.6 Law enforcement and regulatory bodies: Where required by law or in response to a valid legal request.

We do not sell your personal data to third parties. This includes data obtained through Google Sign-In or any other authentication mechanism.

7. International Transfers

As TravelSIMSY provides an international connectivity service, your personal data may be transferred to, and processed in, countries outside the United Kingdom. This is inherent to the nature of the telecommunications service we provide.

Where we transfer personal data outside the UK, we ensure that appropriate safeguards are in place in accordance with UK GDPR requirements. These may include: UK adequacy regulations recognising that the destination country provides an adequate level of data protection; Standard Contractual Clauses approved by the UK Information Commissioner's Office; or other lawful transfer mechanisms as appropriate.

8. Data Retention and Deletion

We retain your personal data only for as long as is necessary for the purposes for which it was collected, or as required by applicable law. When the retention period for a given type of data expires, we will securely delete or destroy it.

  • 8.1 Account data (including data obtained through Google Sign-In): Retained for the duration of your account and for a period of 24 months following account inactivity or closure, after which it will be securely deleted.
  • 8.2 Transaction records: Retained for 7 years in accordance with UK tax and accounting requirements.
  • 8.3 Usage data: Retained in identifiable form for up to 12 months, after which it is anonymised for statistical analysis.
  • 8.4 Customer support records: Retained for 24 months following resolution of the enquiry.
  • 8.5 Marketing consent records: Retained for as long as consent is valid, plus 12 months following withdrawal of consent.

You may request that your data be deleted at any time by contacting us at [email protected] or by using the account deletion feature within the App. We will process your request within 30 days, except where we are required by law to retain certain data for a longer period.

9. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

  • 9.1 Right of access: You have the right to request a copy of the personal data we hold about you.
  • 9.2 Right to rectification: You have the right to request that we correct any inaccurate or incomplete personal data.
  • 9.3 Right to erasure: You have the right to request that we delete your personal data in certain circumstances. This includes the right to have your Google user data deleted.
  • 9.4 Right to restrict processing: You have the right to request that we restrict the processing of your personal data in certain circumstances.
  • 9.5 Right to data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller.
  • 9.6 Right to object: You have the right to object to the processing of your personal data where we are relying on legitimate interests as the legal basis.
  • 9.7 Right to withdraw consent: Where we process your data based on consent (including consent granted via Google Sign-In), you have the right to withdraw that consent at any time. You may also revoke TravelSIMSY's access to your Google account at any time through your Google Account settings at https://myaccount.google.com/permissions.

To exercise any of these rights, please contact us using the details in Section 16. We will respond to your request within one month, or inform you if we require an extension of up to two further months.

10. Children's Data

TravelSIMSY is not directed at children under the age of 18. Account holders must be at least 18 years of age. The TravelSIMSY service is not a child-directed application and does not knowingly offer Google Sign-In or any Google API service to children.

Under UK GDPR, the age of digital consent for information society services is 13 years. We do not knowingly collect personal data from children under 13 years of age. If we become aware that we have collected personal data from a child under 13 without appropriate parental consent, we will take steps to delete that data as soon as reasonably practicable.

Where an adult account holder permits a minor (aged 13–17) to use the Service under their supervision, the account holder is responsible for the minor's use and for ensuring compliance with these terms.

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • 11.1 Encryption of all data in transit using TLS/SSL protocols.
  • 11.2 Encryption of data at rest using industry-standard encryption algorithms.
  • 11.3 Role-based access controls limiting access to personal data to authorised personnel only.
  • 11.4 Regular security audits and vulnerability assessments of our systems.
  • 11.5 Staff training on data protection and information security.
  • 11.6 Secure authentication mechanisms for administrative and system access.

While we take all reasonable precautions, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee the absolute security of your personal data, but we are committed to maintaining security procedures that protect the confidentiality of your data.

12. Cookies and Similar Technologies

Our website and App may use cookies and similar tracking technologies to enhance your experience, analyse usage, and support the operation of the Service. For detailed information about the cookies we use and how to manage your preferences, please refer to our separate Cookie Policy.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. We will notify you of any material changes by posting the updated policy within the App and on our website, and where appropriate, by email to the address associated with your account.

If we change how we use Google user data, we will notify you and obtain your consent before processing your Google user data in any new or different way not disclosed in this policy.

We encourage you to review this policy periodically. Your continued use of the Service after any changes to this policy constitutes your acceptance of those changes.

14. Complaints

If you are dissatisfied with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection:

Information Commissioner's Office
Website: www.ico.org.uk
Telephone: 0303 123 1113

We would appreciate the opportunity to address your concerns before you contact the ICO, so please contact us first using the details below.

15. Third-Party Authentication Providers

In addition to Google Sign-In, we may offer other third-party authentication options in the future (such as Apple Sign-In). Where we do so, the same principles outlined in this Privacy Policy will apply: we will collect only the data necessary to provide the Service, we will use it solely for providing and improving the TravelSIMSY application, and we will not sell it to third parties.

Each third-party authentication provider has its own privacy policy governing their handling of your data. We encourage you to review the privacy policies of any authentication providers you use:

Google: https://policies.google.com/privacy

16. Contact Us

If you have any questions about this Privacy Policy, our use of Google user data, or wish to exercise your data protection rights, please contact us:

SIMSY Limited – Trading as TravelSIMSY
Registered in England and Wales
Email: [email protected]
Website: www.travelsimsy.com

Document version: 2.0 – Last updated: 24 February 2026