Last updated: April 21, 2026 · Effective date: April 21, 2026
At Onesim our mission is to help you use the best eSIM plans around the world in the easiest and simplest way. To do that, we need to collect, use, and share some of your personal information.
This Privacy Policy ("Policy") explains how Onesim LLC ("Onesim", "we", "our", "us") collects, uses, discloses and protects your personal information when you interact with us through any of our services:
(together, the "Services"). This Policy is a single, unified document that governs all of the above Services — where a provision applies only to a specific platform (for example, a mobile-only permission), we say so explicitly.
The data controller responsible for your personal information under the EU/UK GDPR and similar laws is:
Onesim LLC
530-B Harkle Road, Suite 100
Santa Fe, NM 87505, USA
Email: hello [at] onesim [dot] co
For any questions about this Policy or to exercise your privacy rights, please contact us using the details above.
This Policy covers the personal information we collect about you when you use our Services or otherwise interact with us. It also explains the choices and rights you have in your information, including how you can object to certain uses of it and how you can access, correct, export or delete it.
Our Services are intended for a worldwide audience; this Policy is written to comply with the EU/UK GDPR, the California Consumer Privacy Act (CCPA/CPRA), the Google Play Developer Program Policies, the Apple App Store Review Guidelines, and the Telegram Mini App Terms.
When you create an account with Onesim, we collect the information you provide us, such as your name, email address, and password (hashed — we never store passwords in clear text). Authentication is powered by Supabase; if you sign in with Google, your Google email, display name and profile picture may also be provided to us by Google. Accounts created on any platform (web, Mini App, mobile app) share the same identity, so the Services can recognize you across platforms.
When you place an order for an eSIM plan, we collect the information you provide us, such as your name, email address, nationality (for regulatory KYC/KYT purposes), device model and operating system (to verify eSIM compatibility), destination country or region, plan details, promo codes and order history.
We do not store your full payment card details on our servers. Payments are processed by Stripe, Inc. via Stripe Payment Intents (on web, Mini App and mobile). When you pay, Stripe collects your card number, CVC, expiration date and billing address directly; we only receive a payment token, the last 4 digits, card brand, the billing country and the transaction status. On Android, Stripe may also support Google Pay (Google Wallet); on iOS, Apple Pay. Please see Stripe's privacy policy at stripe.com/privacy.
When you contact us or we contact you — by email, via our support bot @onesim_app_bot on Telegram, or through the in-app support form — we collect any information you provide, such as your name, email address, Telegram username, and the contents of the messages and any attachments.
When you rate an order or provide feedback about our Services, we collect the content of your feedback, a pseudonym if you provide one, and the associated order or bundle.
If you report a problem with your eSIM, we collect a description of the issue, optional screenshots you attach, and the corresponding eSIM identifiers (ICCID, order ID). This data is used solely to diagnose and resolve the issue.
When you use Onesim inside Telegram (as a Mini App or bot), Telegram passes us the data described in sections 4.1 and 4.2 of the Telegram Mini App Terms. In practice this includes:
startapp or start value you used to open the app (e.g., referral or invoice identifiers).We use Telegram Cloud Storage only to store non-sensitive UI preferences (for example, your selected language). We do not read your Telegram chats, contacts, or files.
Our Android and iOS apps request only the minimum permissions required for their features:
INTERNET, ACCESS_NETWORK_STATE): to communicate with Onesim servers, Supabase and Stripe.device_info_plus): non-personal information such as device model (e.g., "iPhone 15 Pro"), manufacturer, OS version, and whether the device supports eSIM. This is used to show you eSIM compatibility and to help diagnose technical issues. We do not collect hardware serial numbers, IMEI, IMSI, advertising identifiers (IDFA/AAID), contacts, SMS, location, microphone input, or installed-app lists.flutter_secure_storage, iOS Keychain / Android Keystore): we store your authentication token and a small number of preferences on your device in encrypted storage.Onesim does not request access to the device camera, microphone or photo library. eSIM QR codes and activation details are shown in the app; any scanning during installation is handled by your device’s own system settings or apps, outside the Onesim app.
The mobile apps do not include any third-party advertising SDKs, do not track you across other companies' apps or websites, and do not collect precise location.
When you visit or use the Services, we automatically collect certain information, including your Internet protocol (IP) address, approximate location inferred from your IP (country/region only), user-agent string, operating system, browser or mobile app version, screen size and language, referring URL, the pages and screens you visit, features you use, the links you click, timestamps, and error/crash diagnostics. This information may be associated with your account.
On onesim.co we use cookies, local storage and similar technologies to:
You can manage cookies in your browser settings, and where a consent banner is shown you can withdraw consent at any time. Blocking strictly necessary cookies may break login or checkout. The Telegram Mini App and the native mobile apps do not use browser cookies.
On the website only, we use Google Analytics 4 (provided by Google LLC / Google Ireland Ltd.) to understand aggregate product usage and measure the effectiveness of marketing campaigns. IP addresses are truncated by Google before storage. You can opt out by installing the Google Analytics Opt-out Browser Add-on or by rejecting analytics cookies in our consent banner. The Telegram Mini App and the mobile apps do not use Google Analytics or any other cross-company analytics SDK.
We may receive information about you from third parties:
We process your personal information for the purposes described below. Where the EU/UK GDPR applies, we rely on the legal bases indicated in brackets (performance of a contract, legitimate interests, consent or legal obligation).
We do not sell your personal information, and we do not use it for automated decision-making that produces legal or similarly significant effects about you.
We share personal information only with the categories of recipients listed below, and only to the minimum extent necessary for the stated purpose.
We use trusted third-party service providers. Each of them acts as our processor under a data-processing agreement and is only allowed to use your data for the purposes we instruct.
We may share information with partners with whom we jointly offer products or services, strictly to deliver what you requested.
We may disclose information where we reasonably believe disclosure is required by applicable law, regulation or legal process, or is necessary to protect the rights, property or safety of Onesim, our users or the public.
If Onesim is involved in a merger, acquisition, financing, restructuring or sale of all or part of its assets, personal information may be transferred to the acquiring party; we will notify you of any such change and of any resulting change to this Policy.
If you post a public rating, review or feedback, the content may be visible to other users along with any name or identifier you chose to display. We do not sell personal information and we do not "share" personal information for cross-context behavioral advertising within the meaning of the CCPA/CPRA.
We are based in the United States, and many of our providers (Supabase, Stripe, Google, Telegram) are also based in the United States or operate globally. When we transfer personal data outside the European Economic Area, the United Kingdom, Switzerland or other jurisdictions with similar rules, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses and additional technical and organisational measures.
You can request a copy of the relevant safeguards by contacting us.
We keep your personal information only for as long as needed for the purposes set out in this Policy:
When we no longer need your data, we delete or anonymise it.
We use industry-standard technical and organisational measures to protect your information, including TLS 1.2+ in transit, encryption at rest for passwords (hashed) and secrets, OAuth 2.0 for authentication, signed Telegram init-data verification, role-based access controls, regular backups, audit logging, and a documented incident-response process. No system is 100% secure; we encourage you to use a strong, unique password and to protect access to your email and Telegram accounts.
If we become aware of a security breach affecting your personal information, we will notify you and the relevant authorities in accordance with applicable law.
Depending on where you live, you may have the following rights in respect of your personal data:
To exercise any of these rights, email us at hello [at] onesim [dot] co or use the in-app "Delete Account" option. We will respond within the time frame required by applicable law (typically 30 days). We may ask you to verify your identity before we act on a request.
You can unsubscribe from promotional emails at any time by clicking the "unsubscribe" link in each message. We will continue to send you non-promotional transactional messages (order confirmations, eSIM QR delivery, service notices) that are necessary to operate the Services.
Our website does not respond to "Do Not Track" signals, because no industry standard currently exists. We honour other opt-out mechanisms such as the Global Privacy Control (GPC) signal.
Our Services are not directed to children and we do not knowingly collect personal information from anyone under the age of 18. The mobile apps are rated accordingly on the App Store and Google Play. If you believe that a child has provided us with personal information, please contact us at hello [at] onesim [dot] co and we will promptly delete it.
Our Android app complies with the Google Play Developer Program Policies, including the Data safety and User Data sections. The Data safety form in our Google Play listing reflects the practices described in this Policy. We do not use sensitive permissions such as SMS, Call Log, or background location.
Our iOS app complies with the Apple App Store Review Guidelines and the App Privacy ("Privacy Nutrition Label") requirements. We do not perform any tracking within the meaning of Apple's App Tracking Transparency framework and therefore do not display an ATT prompt. Data collected is used only to operate the Services described above.
Onesim is an independent third-party service that operates on Telegram and is not endorsed by, nor affiliated with, Telegram. This Policy does not supersede the Telegram Privacy Policy, the Bot Terms, or the Mini App Terms, which continue to govern your relationship with Telegram itself.
The Services may contain links to other websites and applications, and other websites/applications may reference or link to the Services. These third-party services are not controlled by us. We encourage you to read the privacy policies of each website or application you interact with. We are not responsible for the privacy practices or content of such third parties.
We may update this Policy from time to time. If we make material changes, we will notify you by posting the updated Policy on this page, updating the "Last updated" date above, and, where appropriate, sending you an email or an in-app notification. Your continued use of the Services after the effective date constitutes your acceptance of the revised Policy.
If you have any questions, comments or complaints about this Policy or our privacy practices, please contact us at hello [at] onesim [dot] co or at the postal address below:
