Legal
Privacy Policy
This Privacy Policy explains how eSIMDB (“we,” “us,” or “our”) collects, uses, shares, and protects information when you visit esimdb.ai (the “Service”). We are committed to transparency and compliance with applicable data protection laws, including the EU/UK General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), Brazil’s Lei Geral de Proteção de Dados (LGPD), and similar regional frameworks.
1. Data Controller
The data controller responsible for your personal data is:
eSIMDB
Contact: [email protected]
2. Information We Collect
2.1 Information you provide
- Chat queries — text you type into the AI planner to receive eSIM recommendations.
- Feedback — thumbs-up/down votes and optional session feedback you submit.
- Contact messages — name, email, and message content when you use our contact form.
2.2 Information collected automatically
- Analytics events — page views, clicks, scroll depth, and session duration (only with your consent).
- Device & browser metadata — device type (mobile/tablet/desktop), browser user-agent, screen width.
- Session identifiers — a random, non-personal ID stored in your browser’s localStorage (rotated every 30 days).
- UTM / referrer data — campaign parameters and referring URL to measure marketing effectiveness.
2.3 Information we do NOT collect
- We do not use third-party cookies or tracking pixels.
- We do not collect IP addresses for analytics purposes (only transient in server logs).
- We do not collect payment or credit-card information — all purchases happen directly on third-party provider websites.
3. How We Use Your Data
| Purpose | Legal Basis (GDPR Art. 6) |
|---|---|
| Provide eSIM recommendations | Legitimate interest (service delivery) |
| Analytics & product improvement | Consent (opt-in banner) |
| Respond to contact inquiries | Consent / contract performance |
| Aggregate market research | Legitimate interest (anonymised data only) |
| Prevent abuse & rate-limit | Legitimate interest (security) |
4. AI & Large Language Models
Your chat queries are processed by third-party large language model (LLM) APIs (currently OpenRouter and Google Gemini) to generate eSIM recommendations. We send only the anonymized text of your query — no personal identifiers or session data are transmitted. We apply automatic PII scrubbing (emails, phone numbers, card numbers) before any message is logged or sent to an LLM.
LLM providers may retain inputs for abuse monitoring as described in their own privacy policies. We do not use your data to train any AI model.
5. Data Sharing & Third Parties
We do not sell, rent, or trade your personal information. We share data only with:
- LLM API providers (OpenRouter, Google) — chat query text only, for recommendation generation.
- Hosting & infrastructure — server providers who process data under contract.
- Affiliate partners — when you click an affiliate link, the destination provider may set their own cookies. We disclose affiliate relationships on outbound links.
6. Cookies & Local Storage
We use localStorage (not cookies) for session identifiers and consent preferences. Analytics tracking is only enabled after you click “Accept” on the consent banner. You can revoke consent at any time via the “Do Not Sell My Data” link in the footer.
7. Data Retention
| Data Type | Retention Period |
|---|---|
| Analytics events | 90 days |
| Chat logs (scrubbed) | 180 days |
| Feedback records | 365 days |
| Server access logs | 30 days |
Automated purging runs daily. Data is permanently deleted, not archived.
8. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access — request a copy of data associated with your session (GDPR Art. 15, CCPA §1798.100).
- Deletion — request erasure of all data linked to your session (GDPR Art. 17, CCPA §1798.105).
- Rectification — request correction of inaccurate data (GDPR Art. 16).
- Portability — receive your data in a structured, machine-readable format (GDPR Art. 20).
- Opt-out of sale — we do not sell data, but you can opt out of analytics via the footer link (CCPA §1798.120).
- Withdraw consent — revoke analytics consent at any time without affecting prior lawful processing.
- Lodge a complaint — with your local data protection authority.
To exercise these rights, use the “Do Not Sell My Data” footer link, or email
[email protected] with your session ID (found in browser
developer tools under localStorage → esim_analytics_session_id).
9. Data Security
We protect data with: HTTPS encryption in transit, server-side rate limiting, input validation and sanitization, automatic PII scrubbing, database access controls (WAL mode, parameterized queries), and regular automated data purging.
10. Children’s Privacy
Our Service is not directed at children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with data, contact us and we will delete it promptly.
11. International Transfers
Your data may be processed outside your country of residence (e.g., in the United States for LLM processing). Where required, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs).
12. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be communicated via the consent banner version mechanism (re-prompting consent). The “Last updated” date above will reflect the latest revision.
13. Contact
For privacy inquiries or to exercise your rights:
[email protected]