Legal
Privacy Policy
Privacy is core to how GeSIM is built. This policy explains, in plain terms, what information we process across our eSIM, VPN, and virtual number services — and the choices you have.
Legal
Privacy is core to how GeSIM is built. This policy explains, in plain terms, what information we process across our eSIM, VPN, and virtual number services — and the choices you have.
GeSIM provides global eSIM data plans, an integrated VPN, and virtual phone numbers through our mobile applications and websites (collectively, the "Services"). The Services are operated by GeSIM ("GeSIM," "we," "us," or "our"). This Privacy Policy explains what information we process when you use the Services, how that information is used, and the choices available to you. Your use of the Services is also subject to our Terms of Service, which set out the governing terms of your relationship with GeSIM.
GeSIM is designed to minimize data collection. Wherever technically feasible, our architecture avoids associating connectivity and usage with real-world identity. At the same time, operating connectivity and messaging features requires processing a limited amount of operational data. This policy describes both honestly.
By using the Services, you agree to the practices described in this Privacy Policy.
We aim to collect only what is necessary to provide and secure the Services. Depending on how you use GeSIM, the information we process may include:
| Category | Examples | Purpose |
|---|---|---|
| Account & authentication | Public wallet address, email address, or Google account identifier (depending on the sign-in method you choose) | Create and secure your account |
| Transaction data | On-chain wallet address, amount, and timestamp (publicly recorded on the relevant blockchain) | Confirm your on-chain payment in order to activate your plan |
| Operational metadata | Aggregate data usage, plan status, device/eSIM identifiers (e.g., EID/IMSI) required for provisioning, diagnostic and error logs | Provisioning, connectivity, and service reliability |
| Support communications | Information you provide when you contact us | Respond to your requests |
You may authenticate using a self-custodial wallet, email, or Google sign-in. Wallet creation and authentication are secured by Privy. For standard data plans, identity documents are not required for activation, and we seek to avoid collecting more personal data than is needed for the purposes described in this policy.
We use the limited information we process to:
We do not sell or share your personal information as those terms are defined under applicable law (including the California Consumer Privacy Act (CCPA)), and we do not use third-party advertising networks or behavioral ad tracking.
GeSIM supports self-custodial wallet authentication and on-chain payment settlement. Blockchain networks are public and immutable by design. Any transaction you broadcast — including your public wallet address, transaction amounts, and timestamps — is recorded on the relevant network and is publicly visible.
GeSIM does not control, and cannot alter or delete, data recorded on public blockchains. Please take this into account before transacting.
GeSIM's integrated VPN encrypts internet traffic between your device and our VPN egress. The VPN is designed to minimize the retention of browsing activity; where technically feasible, we avoid logging the contents of your traffic or persistent browsing histories.
To operate the service and maintain network capacity, we may process limited connection metadata such as aggregate throughput or session counts. Network operators and infrastructure providers in the connection path may independently process or retain metadata, as described in the "Third-Party Services" and "International Data Transfers" sections below.
GeSIM offers virtual phone numbers for verification and messaging. Numbers may be drawn from managed pools and reassigned over time. To deliver and secure this feature, we and our messaging partners process metadata necessary to route messages, such as routing information and delivery status.
We seek to limit retention of message content and verification codes to what is necessary to deliver the message. Virtual number features rely on regulated telecom partners who may have their own data-retention obligations that we do not control.
Virtual numbers are provided for legitimate verification and communication purposes. Using them to circumvent platform security controls or for fraudulent activity is prohibited and may result in suspension.
To activate connectivity, GeSIM provisions a data plan with mobile network operators and aggregation partners. For standard plans, provisioning is tied to technical identifiers (such as EID/IMSI) rather than to identity documents.
Mobile network operators and roaming partners operate under their own regulatory frameworks and may independently collect and retain connection metadata (such as session and traffic records) as required by the laws of the jurisdictions in which they operate. GeSIM does not control, and cannot guarantee, the data-retention practices of these independent carriers.
We work with service providers to deliver the Services. These may include:
These providers process data on our behalf or as independent operators under their own terms. We seek to engage providers that maintain appropriate security and data-minimization practices. We do not control the independent retention obligations of regulated telecom and carrier partners.
We don't use tracking cookies, analytics, or advertising networks. We don't build profiles of you or follow you across the web. Any cookies we use are strictly functional — needed to keep the app or site working — never for tracking or ads.
We retain information only for as long as necessary to fulfill the purposes described in this policy — including providing the Services and meeting legal and accounting requirements — and to resolve disputes and enforce our agreements. Operational and diagnostic logs are generally retained for limited periods and then deleted or aggregated.
Information recorded on public blockchains is public and immutable by design, and connection metadata processed by carriers and telecom partners is retained by those parties under their own obligations. This information is not held or controlled by GeSIM.
We implement technical and organizational measures designed to protect information against unauthorized access, alteration, disclosure, or destruction. These include encryption in transit, access controls, and the principle of least privilege. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
If you believe your account or wallet has been compromised, please contact us promptly using the details below.
GeSIM operates globally. Information may be processed and stored in countries other than the one in which you reside, including by mobile network operators, infrastructure providers, and other partners located in various jurisdictions. Where required, we take steps designed to ensure appropriate safeguards for such transfers.
By using the Services, you understand that your information may be processed in jurisdictions whose data-protection laws differ from those of your home jurisdiction.
The Services are not directed to anyone under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at contact@gesim.xyz so we can take appropriate action.
Depending on your jurisdiction, you may have rights regarding your personal information, such as the right to access, correct, delete, or restrict certain processing, to object to processing, or to request portability. You can also manage certain choices directly in the app, such as your authentication method and VPN settings.
To exercise any applicable rights, contact us using the details below.
Data deletion. GeSIM is designed to minimize data collection, so in most cases there is no stored personal data tied to your identity for us to delete. Where you have shared information with us directly — for example, an email address used to sign in or details provided in a support request — you may request its deletion by emailing contact@gesim.xyz, and we will act on verified requests in accordance with applicable law.
Information recorded on public blockchains is public and immutable by design, and connection metadata processed by carriers and telecom partners is controlled by those parties. This information is not held or controlled by GeSIM.
We may update this Privacy Policy from time to time to reflect changes to our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Effective date" above and, where appropriate, provide additional notice. Your continued use of the Services after an update constitutes acceptance of the revised policy.
If you have questions or requests regarding this Privacy Policy or your information, contact us at:
Download GeSIM. Set up in 60 seconds. Privacy by design.