Privacy Policy | eSIMradar

Introduction

At eSIMradar, we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

Data Controller

The data controller responsible for processing your personal data is:

Now On Company Limited

112/246 Moo 8, Bangkaew, Bangplee, 10540 Samut Prakarn, Thailand

For data protection inquiries, contact us at contact@esimradar.com

Information We Collect

We collect information that you provide directly to us, including:

Account information (name, email address)
Usage data (pages visited, features used)
Device information (browser type, IP address)
Cookies and tracking technologies

Account Data We Collect

When you create an account with us, we collect and store the following types of data:

Profile Information: Your display name, avatar image, and account preferences.
Favorites: eSIM plans you have saved to your favorites list.
Price Alerts: Your price alert preferences and notification settings for price drops on eSIM plans.
Trip Planning: Information about trips you create, including travel dates and destination countries.
Saved Comparisons: Plan comparisons you have saved for future reference.
Plan Notes: Private notes you add to eSIM plans for your personal reference.
Reviews and Votes: Reviews you submit and helpfulness votes you cast on other users' reviews.
Session Information: Device information (browser type, operating system, IP address), session tokens, and activity tracking for security and analytical purposes.
OAuth Provider Data: Information from third-party authentication providers (Google, Apple) when you sign in using these services.

Mobile App Data Collection

If you use our mobile applications (iOS or Android), we may collect additional information:

Device Information: Your device model, operating system version, unique device identifiers, and device settings.
Location Data: If you provide consent, we may collect your location data (GPS coordinates or estimated location) to provide location-based features, such as finding eSIM plans for your current location. You can disable location services at any time through your device settings.
Push Notifications: Push notification tokens and your notification preferences to send you price alerts, trip reminders, and other account-related notifications.
In-App Analytics: Usage data including features used, screens viewed, and interactions within the app to help us improve the user experience.
Crash Reports: Error logs and crash reports to help us identify and resolve technical issues. This may include device information, app version, and error details.

Required Permissions: Our mobile apps may request the following permissions: - Internet access (required for all functionality) - Location services (optional, for location-based features) - Push notifications (optional, for alerts and reminders) You can revoke these permissions at any time through your device settings.

Legal Basis for Processing

We process your personal data on the basis of the following legal grounds under GDPR Article 6 and similar provisions under PDPA:

Consent: We process certain data based on your explicit consent, such as marketing communications, optional analytical tracking, and location data in mobile apps. You can withdraw your consent at any time through your account settings or by contacting us.
Contract Performance: We process data necessary to provide our services and fulfill our contractual obligations to you, including account management, providing access to saved favorites, price alerts, trip planning, and other account features you have requested.
Legitimate Interests: We process certain data based on our legitimate interests, such as improving our services, analyzing usage patterns, fraud prevention, ensuring security, and providing personalized recommendations. We balance these interests against your privacy rights and only process data when necessary for these purposes.
Legal Obligation: We may process and retain certain data to comply with legal obligations, such as tax requirements, regulatory compliance, or responding to lawful requests from authorities.

How We Use Your Information

We use the information we collect to provide, maintain, and improve our services, process transactions, send communications, and comply with legal obligations.

Account-Specific Usage: We use your account data to provide personalized features, such as saved favorites, price alerts, trip planning, saved comparisons, and plan notes. This data enables you to access your saved information on all devices when you sign in.
Personalization: We use your usage data, preferences, and interaction history to personalize your experience, recommend relevant eSIM plans, and improve our service offerings.
Notifications: We use your notification preferences and contact information to send you price alerts, trip reminders, account updates, and other communications you have requested or that are necessary for account management.
Analytics and Improvement: We analyze aggregated usage data and analytical information to understand user behavior, identify trends, resolve technical issues, and continuously improve our website and mobile applications.

Analytics and Tracking Technologies

We use various analytics and tracking technologies to understand how users interact with our website and services:

PostHog: We use PostHog for product analytics, including automatic capture of user interactions, pageview tracking, and pageleave events. PostHog stores data using both cookies and localStorage for user identification and session tracking.
Google Analytics 4: We use Google Analytics 4 to track pageviews, user events, and conversions. Google Analytics anonymizes IP addresses and provides aggregated usage statistics to help us improve our services.
Engagement Tracking: We track user engagement with eSIM plans, provider pages, and region pages to understand user preferences and improve our recommendations.
Third-Party Analytics Services: We may use additional third-party analytics services in our mobile applications, such as Firebase Analytics, Firebase Crashlytics, or Sentry, to track app usage, identify crashes, and monitor performance.

Opt Out: You can opt out of certain analytical tracking: - PostHog: You can disable PostHog tracking by adjusting your browser settings or using browser extensions that block tracking scripts. - Google Analytics: You can install the Google Analytics Opt-out Browser Add-on or adjust your browser settings. - Mobile Apps: You can disable analytics in mobile apps through your device's privacy settings or by uninstalling the app.

Information Sharing

We do not sell your personal information. We may share your information with service providers who assist us in operating our website and conducting our business, subject to strict confidentiality obligations.

Cookies and Tracking

We use cookies and similar tracking technologies to track activity on our website and store certain information. You can control cookies through your browser settings.

For more detailed information about how we use cookies and tracking technologies, please see our Cookie Policy.

Your Rights

Under applicable data protection laws, including the General Data Protection Regulation (GDPR) and Thailand's Personal Data Protection Act (PDPA), you have the following rights regarding your personal data:

Right of Access: You have the right to request access to the personal data we hold about you, including account data, usage data, and any other information we have collected.
Data Export: You can export your account data at any time through your account settings. This includes your profile information, favorites, price alerts, trips, comparisons, notes, and reviews. The exported data will be provided in a machine-readable format (JSON).
Right of Deletion: You have the right to request deletion of your personal data. You can delete your account and all associated data at any time through your account settings. Upon account deletion, we will remove your personal data from our systems, subject to any legal obligations to retain certain information.
Right of Rectification: You have the right to correct inaccurate or incomplete personal data. You can update your profile information, preferences, and other account data through your account settings at any time.
Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and transmit those data to another service provider when technically feasible.
Right of Objection: You have the right to object to processing of your personal data based on legitimate interests. You can opt out of certain data processing activities through your account settings or by contacting us.
Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing before the withdrawal.

Exercise Your Rights: You can exercise many of these rights directly through your account settings. Visit your account settings to:

Export your account data
Delete your account
Update your profile information
Manage your notification preferences

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law:

Account Data: We retain your account data (profile, favorites, alerts, trips, comparisons, notes, reviews) as long as your account is active. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are obligated to retain certain information for legal, regulatory, or legitimate business purposes.
Analytics Data: Analytics and usage data are typically retained in aggregated and anonymized form for up to 26 months to help us understand long-term trends and improve our services.
Deletion Timelines: When you request deletion of your data or delete your account, we will process the deletion request within 30 days. Some data may be retained in backup systems for up to 90 days before permanent deletion. We may also retain certain information if required by law or for legitimate business purposes such as fraud prevention or dispute resolution.

Data Security

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

Encryption: We use industry-standard encryption technologies (TLS/SSL) to protect data in transit. Sensitive data stored in our databases is encrypted at rest using secure encryption methods.
Access Controls: We implement strict access controls and authentication mechanisms. Only authorized personnel with a legitimate business need have access to personal data, and all access is logged and monitored.
Data Breach Procedures: In the unlikely event of a data breach that may affect your personal data, we will notify you and relevant authorities as required by applicable law. We have incident response procedures to quickly identify, contain, and remediate security incidents.

International Data Transfers

Your personal data may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country:

Safeguards: When we transfer personal data internationally, we implement appropriate safeguards to ensure that your data is protected. This includes the use of standard contractual clauses approved by relevant data protection authorities, ensuring that service providers are bound by similar data protection obligations, and only transferring data to countries with adequate data protection laws or appropriate safeguards in place.

Children's Privacy

Our services are not intended for children under 13 years of age (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children under 13 years of age. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately. If we learn that we have collected personal information from a child under 13 years of age without parental consent, we will take steps to delete that information promptly. In compliance with the Children's Online Privacy Protection Act (COPPA) and similar regulations, we require that users be at least 13 years old to create an account.

Thailand Personal Data Protection Act (PDPA)

As our company is based in Thailand, we are subject to Thailand's Personal Data Protection Act (PDPA), which provides similar protection as GDPR. Under PDPA, you have the right to access, correction, deletion, restriction of processing, and objection to processing of your personal data. You also have the right to data portability and to withdraw consent. If you are located in Thailand or are a Thai citizen, these rights apply to your personal data processed by us.

PDPA Rights: Your rights under PDPA include: - Right to access your personal data - Right to correction of inaccurate data - Right to deletion of your personal data - Right to restriction of processing - Right to data portability - Right to objection to processing - Right to withdraw consent To exercise these rights, contact us using the information provided in the "Contact Us" section.

Contact Us

If you have questions about this Privacy Policy, contact us at: Now On Company Limited 112/246 Moo 8, Bangkaew, Bangplee 10540 Samut Prakarn, Thailand Email: contact@esimradar.com You can also use our website contact form to reach us.