Privacy Policy

Last updated: March 2026

At uPhone, we respect your privacy and are committed to protecting your personal data. This policy explains what information we collect, how we use it, and your rights regarding that data.

1. Who We Are

uPhone operates the eSIM marketplace at uphone.com. When we refer to "uPhone", "we", "us", or "our", we mean the entity operating this platform. For questions, contact us at [email protected].

2. Information We Collect

We collect the following types of information:

  • Account data: name, email address, and password when you register.
  • Order data: purchase history, eSIM plans bought, and transaction IDs.
  • Device data: device type and eSIM ICCID/EID for plan provisioning.
  • Payment data: processed securely via Stripe — we do not store card numbers.
  • Usage data: pages visited, clicks, session duration, and IP address (anonymised after 30 days).
  • Communications: support tickets and emails you send us.

3. How We Use Your Information

We use your data to:

  • Process and fulfil your eSIM orders
  • Send order confirmations, QR codes, and account notifications
  • Provide customer support
  • Improve our platform and detect fraud
  • Send marketing emails (only with your consent; unsubscribe anytime)
  • Meet legal obligations

4. Legal Basis for Processing (GDPR)

Where GDPR applies, our legal bases are: contract performance (fulfilling your order), legitimate interests (fraud prevention, analytics), consent (marketing), and legal obligation (tax records).

5. Cookies

We use cookies for session management, analytics (Google Analytics), and personalisation. See our Cookie Policy for full details and opt-out options.

6. Data Sharing

We do not sell your personal data. We share data only with:

  • eSIM providers (e.g. Zendit) — to provision your plan
  • Payment processor (Stripe) — to process transactions
  • Analytics (Google Analytics) — anonymised usage data
  • Support tools — to manage customer tickets
  • Legal authorities — where required by law

7. Data Retention

We retain order records for 7 years (tax/legal requirements). Account data is deleted within 30 days of account closure. Marketing consent data is kept until you withdraw consent.

8. Your Rights

Depending on your location, you may have the right to: access, correct, or delete your data; object to processing; request data portability; withdraw consent at any time. Submit requests to [email protected].

9. Security

We use industry-standard encryption (TLS 1.3), hashed passwords, and regular security audits. Payment data is handled exclusively by PCI-DSS compliant processors.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be notified by email or a banner on the site. Continued use after changes constitutes acceptance.

11. Contact

Questions about this policy? Email [email protected].

Privacy Policy