Privacy Policy

Last updated: March 2026

1. Introduction

MoodSIM ("we", "us", "our") provides eSIM services and related products. This Privacy Policy describes the categories of personal information we collect, the purposes for which we process it, the legal bases under applicable law (including the EU/UK General Data Protection Regulation), how long we retain it, third parties with whom we share it, and your rights.

2. Information We Collect

We may collect the following categories of personal information:

  • Account Information: name, email address, profile image, and authentication credentials.
  • Payment Information: payment processor identifiers and non-sensitive card metadata (e.g., card brand and last four digits). We do not store full payment card numbers.
  • Order and Service Data: order identifiers, purchased product codes, eSIM provisioning identifiers, and activation and usage timestamps.
  • Technical Data: IP address, device and browser information, user agent, and other connection metadata collected automatically.
  • Referral Data: referral identifiers from URL parameters used to attribute partner referrals.
  • Communications: messages you send to customer support and related correspondence.
  • Usage Data: aggregated and pseudonymized analytics data about how the service is used.

3. How We Collect Information

We collect information you provide directly (e.g., when creating an account, making a purchase, or contacting support), information generated through your use of our services (e.g., orders and provisioning records), and information collected automatically (e.g., logs, device metadata, and analytics).

4. Purposes and Legal Bases

Depending on the processing activity, we rely on one or more of the following lawful bases under the GDPR:

  • Performance of a Contract: to provide our services, process orders and payments, provision eSIMs, and deliver customer support.
  • Legal Obligation: to comply with tax, accounting, and record-keeping requirements and to respond to lawful requests from authorities.
  • Legitimate Interests: to operate, secure, and improve our services, prevent fraud, and perform analytics, provided these interests do not override your rights.
  • Consent: where required by law (e.g., for marketing communications or non-essential tracking). You may withdraw consent at any time.
  • Vital Interests: in exceptional circumstances to protect someone's life or safety.

5. Sharing of Information

We share personal information with service providers and subprocessors who perform services on our behalf, including payment processors, identity and authentication providers, eSIM provisioning partners, and hosting and infrastructure providers. We require these parties to implement appropriate safeguards and, where applicable, enter into data processing agreements.

6. Cookies and Tracking Technologies

We use cookies and similar technologies for session management, site functionality, and referral attribution. We also collect analytics data to improve our services. Marketing communications are sent only with your consent, and you may opt out at any time.

7. Data Retention

We retain personal information only as long as necessary for the purposes described:

  • Order and payment records: retained for the period required by tax and accounting law (typically up to seven years).
  • Account information: retained while the account is active and for a reasonable period thereafter to comply with legal obligations.
  • Logs and analytics: retained for a limited period (e.g., up to 12 months) and aggregated or anonymized as appropriate.
  • Referral data: retained for a short period (e.g., 30 days).

8. International Transfers

Personal information may be transferred to and processed in countries outside the European Economic Area or the United Kingdom. Where such transfers occur, we rely on appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms.

9. Your Rights

Subject to applicable law and verification, you may have the right to access, correct, delete, restrict processing of, or obtain a portable copy of your personal information. You may also object to processing or withdraw consent where processing is based on consent. To exercise your rights, contact us at [email protected] .

10. Children

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will take steps to remove it.

11. Security

We implement reasonable technical and organizational measures to protect personal information against unauthorized access, alteration, disclosure, or destruction.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted with an updated "Last updated" date at the top of this page.

13. Contact

If you have questions about this Privacy Policy or our data practices, contact us at [email protected] .