Privacy Policy

Last Updated: November 1, 2025

Privacy Policy

bundgo Shared eSIM Data Pooling Service

Effective Date: November 1, 2025

AzureVibes s.r.o. ("bundgo", "we", "our", or "us")
Registered in Czech Republic
Email: [email protected]
Website: www.bundgo.com

bundgo is committed to protecting your privacy. This policy explains how we collect, use, and protect your personal information across our eSIM reseller platform and services.

1. Information We Collect

Information You Provide

For All Accounts:
- Email address (required for account creation, service notifications, and support)
- Saved payment method information (securely stored by Stripe, our certified payment provider — bundgo does not store full card details)
- Optional: Name, phone number (if you provide them for support purposes)

For Business/Group Accounts:
- Company name or group name
- Business contact information
- Administrator and authorized user email addresses

For Partner Accounts:
- Company information and registration details
- API credentials and access tokens
- White-label branding assets and configuration

eSIM Usage Data (from Third-Party Providers)

We receive limited usage data from our third-party eSIM providers:
- Data consumption and remaining balance
- eSIM activation timestamps
- Top-up and purchase history
- Geographic region of usage (country-level only)

Important: Detailed network data, location tracking, and telecommunications metadata are controlled by third-party eSIM providers and network operators, not by bundgo.

Automatically Collected Information

  • Account activity logs (login times, IP addresses)
  • Device information (browser type, operating system)
  • Service usage patterns (features used, support requests)

2. How We Use Your Data

We use your personal information to:

  • Provide the Service: Activate and manage eSIM profiles, process data package purchases, manage your account
  • Process Payments: Handle transactions, including automatic top-ups (if you enable this feature)
  • Customer Support: Respond to inquiries, troubleshoot issues, provide installation guidance
  • Service Communications: Send transactional emails (receipts, eSIM activation codes, QR codes, service notifications)
  • Account Management: Track balances, usage, and validity periods
  • Fraud Prevention: Detect and prevent fraudulent activity, abuse, and security threats
  • Service Improvement: Analyze usage patterns to improve our platform (using anonymized data)
  • Partner Services: Provide API access, white-label infrastructure, and partner support for authorized partners
  • Marketing Communications: Send promotional emails only if you opt in (you can unsubscribe anytime)

3. Legal Basis for Processing (GDPR)

We process your personal data based on:

  • Contract Performance: To deliver the services you requested
  • Consent: For optional features like marketing communications and non-essential cookies
  • Legal Obligations: To comply with tax laws, fraud prevention regulations, and telecommunications requirements
  • Legitimate Interests: For fraud prevention, security, platform improvement, and customer support

4. How We Share Your Data

We do not sell your personal data.

We may share your information with:

Third-Party Service Providers

  • eSIM Providers: We share minimal information (purchased data package details) with our third-party eSIM providers to activate and provision your eSIM profiles
  • Payment Processor: Stripe, Inc. handles all payment processing. They receive payment information but operate under strict confidentiality and security standards
  • Cloud Infrastructure: We use secure cloud hosting services that operate under confidentiality agreements and GDPR-compliant data processing agreements
  • Email Services: For sending transactional and service-related emails
  • Customer Support Tools: For managing support requests (limited to support staff only)

Network Operators

Third-party telecommunications network operators receive data necessary to provide connectivity services. We do not control their data practices — refer to their privacy policies.

Partner Data Sharing

For white-label partners, we may share anonymized usage statistics and aggregated data to help partners understand their service performance. We never share individual customer personal data with partners unless required to provide the partner's branded service.

Legal Requirements

We may disclose your information when required by law, court order, or government authority, or to protect our legal rights, prevent fraud, or ensure security.

5. Third-Party Services and Reseller Relationship

Important: bundgo is a reseller platform. The actual eSIM profiles and telecommunications connectivity are provided by third-party eSIM providers and network operators.

These third parties collect and process their own data about your device, network usage, location, and connectivity. We do not control their data collection practices.
We are not responsible for third-party data practices or privacy violations by third-party providers.

6. Cookies and Tracking

We use cookies to provide and improve our service:

Essential Cookies (Required)

  • Session management and authentication
  • Account security and fraud prevention
  • Shopping cart and purchase functionality

Optional Cookies (Require Your Consent)

  • Analytics: To understand how users interact with our platform (anonymized)
  • Preferences: To remember your settings and preferences

We do not use advertising or behavioral tracking cookies.

7. Mobile App Permissions

If you use our mobile app, it may request permissions such as:

  • Camera access: For scanning eSIM QR codes
  • Notifications: For usage alerts and service updates

We do not store or collect sensitive data without your explicit permission. You can revoke permissions at any time through your device settings.

8. Data Transfers and Storage

International Data Transfers

Your data may be processed or stored in:
- European Union (primary data storage)
- United States (cloud infrastructure, payment processing via Stripe)
- Other regions where our service providers operate

We ensure adequate safeguards for international transfers using:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- GDPR-compliant data processing agreements with all service providers
- Encryption in transit and at rest

Data Location

Primary data storage is in the European Union. Third-party providers (Stripe, cloud services) may process data in their respective regions under contractual data protection obligations.

9. Data Retention

We retain your personal data only as long as necessary:

Active Accounts

  • Email address and account information: Duration of service plus 90 days after account termination
  • Payment information: Managed by Stripe according to their retention policies and payment industry regulations (typically 7 years for tax/audit purposes)
  • Usage data: Retained for billing verification and customer support (typically 12 months)

After Account Termination

  • Most personal data is deleted within 90 days
  • Some data may be retained longer to comply with legal obligations (tax records: 7 years, fraud prevention logs: up to 5 years)
  • Anonymized usage data may be retained indefinitely for analytics

Your Right to Deletion

You can request earlier deletion by contacting [email protected] (subject to legal retention requirements).

10. Security Measures

We protect your data using industry-standard security practices:

  • Encryption: All data transmission uses TLS/SSL encryption; stored data is encrypted at rest
  • Access Controls: Strict role-based access; only authorized personnel can access personal data
  • Payment Security: All payment processing is handled by PCI-DSS compliant Stripe; we never store full card details
  • Security Monitoring: Continuous monitoring for suspicious activity and security threats
  • Regular Audits: Periodic security assessments and vulnerability testing
  • Secure Infrastructure: Cloud hosting with enterprise-grade security (ISO 27001 certified providers)

No system is 100% secure. While we implement appropriate safeguards, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

11. Your Privacy Rights (GDPR)

Under GDPR, you have the following rights:

Right to Access

Request a copy of the personal data we hold about you

Right to Rectification

Correct inaccurate or incomplete personal data

Right to Erasure ("Right to Be Forgotten")

Request deletion of your personal data (subject to legal retention requirements)

Right to Restriction of Processing

Limit how we process your data in certain circumstances

Right to Data Portability

Receive your personal data in a machine-readable format to transfer to another service

Right to Object

Object to certain types of processing, including direct marketing (you can unsubscribe from marketing emails anytime)

Right to Withdraw Consent

Withdraw consent for processing based on consent (does not affect lawfulness of prior processing)

Right to Lodge a Complaint

File a complaint with your national data protection authority

How to Exercise Your Rights

Email: [email protected]
Response Time: We will respond to your request within 30 days

Please include your account email address and specify which right you wish to exercise. We may request identity verification to protect your data security.

12. Automated Decision-Making and Profiling

We do not use your personal data for automated decision-making or profiling that produces legal effects or similarly significant impacts on you.

We may use automated systems for:
- Fraud detection and prevention (to protect your account)
- Service performance monitoring
- Usage pattern analysis (using anonymized data)

These automated processes do not make decisions about your eligibility for services or affect your rights.

13. Marketing Communications

We may send you marketing emails about new features, promotions, or updates only if you have opted in.

You can opt out at any time by:
- Clicking the "unsubscribe" link in any marketing email
- Updating your preferences in your account settings
- Contacting us at [email protected]

Transactional emails (receipts, eSIM activation codes, service notifications, security alerts) cannot be opted out of, as they are essential to providing the service.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service features.

Notice of Changes:
- We will post the updated policy on our website with a new "Effective Date"
- For material changes, we will notify you via email at least 30 days before the changes take effect
- Continued use of the service after changes take effect constitutes acceptance of the updated policy

Previous versions of this Privacy Policy are available upon request at [email protected].

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data:

Contact:
Email: [email protected]
Response time: Within 72 hours

AzureVibes s.r.o.

Contact: [email protected]
Website: www.bundgo.com
Support Center: www.bundgo.com/support-hub

Registered Office: Nové sady 988/2, 602 00, Brno, Czech Republic
Company Registration (IČO): CZ19707266
Tax ID (DIČ): CZ19707266

Last Updated: November 1, 2025
Version: 1.0

© 2025 AzureVibes s.r.o. All rights reserved.