رازداری پالیسی

Our Data Processors

We share your data with these trusted service providers. Each one has a data processing agreement with us.

We have Data Processing Agreements in place with all processors listed above.

Affiliate Partners

When you arrive through an affiliate link, we share a referral token with Rewardful to attribute your purchase and calculate rewards. This data is kept for 90 days.

Transfer Mechanisms by Processor

Stripe, Google, Meta, Microsoft, Sentry, VWO, and Vercel transfer data to the United States under Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework. Supabase processes data in the US under SCCs. For UK-origin transfers, we use the UK International Data Transfer Agreement (IDTA) alongside SCCs.

اپنے حقوق کیسے استعمال کریں

اوپر درج کوئی بھی حق استعمال کرنے کے لیے privacy@helloroam.com پر رابطہ کریں۔ اپنا ڈیٹا دیکھنے یا حقوق استعمال کرنے کی کوئی فیس نہیں ہے۔ ہم معقول فیس اس صورت میں لے سکتے ہیں جب آپ کی درخواست بے بنیاد، بار بار دہرائی گئی یا حد سے زائد ہو۔

کوکی ترجیحات کا انتظام

ہم اپنی سروس پر معلومات محفوظ کرنے اور سرگرمی ٹریک کرنے کے لیے کوکیز اور ملتی جلتی ٹریکنگ ٹیکنالوجیز استعمال کرتے ہیں۔ ان میں بیکنز، ٹیگز اور اسکرپٹس شامل ہیں جو ڈیٹا اکٹھا کرنے اور ہمارا پلیٹ فارم بہتر بنانے میں مدد کرتے ہیں۔

شکایت کا حق

اگر اس رازداری پالیسی یا ہم آپ کا ڈیٹا کیسے سنبھالتے ہیں، اس بارے میں سوالات ہیں تو ہم سے رابطہ کریں:

Personal Information We Collect

We collect the following categories of personal information from California residents:

• Identifiers: name, email address, and account credentials
• Device information: device type, operating system, and identifiers used for eSIM activation
• Payment information: billing details processed securely by our payment provider
• Usage data: how you interact with our website and app
• Internet or other network activity: IP address, browser type, and pages visited

How to Submit a CCPA Request

To exercise any of the rights above, email us at privacy@helloroam.com. Include your name, email address, and a description of your request. You may also submit a request on behalf of another person if you have written authorization or hold power of attorney.

Verification Process

We need to verify your identity before we can process your request. We will ask you to confirm the email address linked to your account and may request additional information to confirm your identity. We will respond to your request within 45 days. If we need more time, we will let you know.

Legal Bases Under LGPD

We process your personal data based on your consent, to perform a contract with you, to meet a legal obligation, or to serve our legitimate interests. We tell you the applicable legal basis at the time we collect your data.

Your Rights Under LGPD

• Confirmation that we process your personal data and access to a copy of it.
• Correction of incomplete, inaccurate, or outdated data.
• Anonymization, blocking, or deletion of unnecessary or excessive data.
• Portability of your personal data to another service provider.
• Deletion of personal data processed with your consent.
• Information about which public and private entities we share your data with.
• Information about your option to deny consent and the consequences of doing so.
• Withdrawal of consent at any time, free of charge.
• Review of decisions made by automated means that affect your interests.

Purpose of Data Use

We use your personal data to process eSIM orders, manage your account, provide customer support, send service notifications, and improve our platform. We will not use your data for other purposes without notifying you first.

Cross-Border Transfers

Your personal data is transferred to and stored in the United Kingdom. The UK has been recognized as providing an adequate level of personal data protection by the European Commission. We apply equivalent safeguards for transfers under APPI.

Your Rights Under APPI

• Disclosure of the personal data we hold about you.
• Correction of any inaccurate personal data.
• Cessation of use or deletion of your personal data where it is no longer needed.
• Cessation of provision of your personal data to third parties.

How We Apply PIPEDA Principles

• Accountability: We are responsible for all personal information under our control and have designated a privacy contact to oversee compliance.
• Consent: We collect, use, or disclose your personal information only with your knowledge and consent, except where the law permits otherwise.
• Limiting Collection: We collect only the information we need for the identified purposes.
• Accuracy: We keep your personal information as accurate, complete, and up to date as necessary.
• Safeguards: We protect your personal information with security appropriate to its sensitivity.

Your Rights Under PIPEDA

• Access to the personal information we hold about you.
• Challenge the accuracy and completeness of your information and request corrections.
• Withdraw consent for non-essential data collection at any time.

Your Rights Under the DPDP Act

• Access to a summary of the personal data we process and how we use it.
• Correction and updating of inaccurate or incomplete personal data.
• Erasure of personal data that is no longer necessary for the purpose it was collected.
• Grievance redressal through our dedicated grievance mechanism.
• Nomination of another individual to exercise your rights on your behalf in case of death or incapacity.

AI Crawler Access

Our public website content, including eSIM pricing, coverage information, and FAQs, is accessible to AI crawlers. Your account data, personal information, and order history are never exposed to or shared with AI crawlers. We protect all personal data from AI training pipelines.

How We Use AI Internally

We use AI tools to support content research and review customer support quality. These tools process anonymized or aggregated data only. They are not used to make automated decisions about individual users.

When you participate in the HelloRoam referral program, we collect limited technical data to attribute referrals accurately and prevent fraud.

Data Collected

• IP address (anonymized after attribution)
• Browser user-agent string
• Device fingerprint (hashed, non-reversible)

Purpose

This data is used solely to attribute referral purchases to the correct referrer, prevent duplicate or fraudulent claims, and calculate referral rewards. We do not use this data for advertising or sell it to third parties.

Data Retention

Referral attribution data is retained for 90 days after the referred purchase. After this period, the data is automatically deleted. Aggregated, non-personal statistics (total referrals, reward amounts) are kept for accounting purposes.