Your privacy is part of the product. We practice data minimization — collecting only what we need to deliver connectivity — and we never sell your personal data.
Introduction & data controller
MOBINIL LLC ("MOBINIL," "we," "our," or "us"), a limited liability company organized under the laws of the State of Delaware, United States, operating under the brand MOBINIL eSIM, respects your privacy and is committed to protecting your personal data.
This Privacy Policy describes how we collect, use, share, and protect personal data when you use the MOBINIL eSIM website and, when launched, our mobile applications (together, the "Services"). MOBINIL acts as the Data Controller for this data.
This Policy is drafted in accordance with the GDPR, the California Consumer Privacy Act (CCPA), and the guidelines of the Apple App Store and Google Play.
Information we collect
MOBINIL is committed to data minimization: we collect only what is necessary to provide and secure our Services.
Information you provide
- Account information — your name, email address, and password (stored only in hashed form).
- Order information — the plans you purchase, transaction references, and purchase history.
- Communications — information you provide when you contact support, submit feedback, or participate in surveys.
Information collected automatically
- Technical & log data — IP address, device and browser type, operating system, application version, access timestamps, and diagnostic or crash reports — used to maintain the security, stability, and performance of the Services.
- Usage data — aggregated data-consumption metrics associated with your plan, used for billing accuracy and fraud prevention. We do not monitor, log, or inspect the content of your internet traffic.
Information we do not collect
- We do not collect, store, or process your full credit card number, CVV, or bank details — all payment data is handled exclusively by Stripe.
- We do not require or collect device identifiers such as your IMEI or EID, and we do not perform identity (KYC) verification for standard travel data plans.
- We do not collect precise geolocation (GPS), contacts, photos, microphone data, or data from other applications on your device.
Legal basis for processing (GDPR)
We process personal data under the following legal grounds, in accordance with Article 6 of the GDPR:
- Performance of a contract (Art. 6(1)(b)) — to deliver the Services you request, manage your account, and process your orders.
- Legal obligation (Art. 6(1)(c)) — to comply with applicable tax, accounting, and lawful regulatory requirements.
- Legitimate interests (Art. 6(1)(f)) — for fraud prevention, security, and service improvement, where not overridden by your rights and freedoms.
- Consent (Art. 6(1)(a)) — where required, such as for marketing communications. You may withdraw consent at any time.
Payment processing
All financial transactions are processed by Stripe, Inc., a PCI-DSS Level 1 certified payment provider. Your payment details are transmitted directly to Stripe over encrypted channels. MOBINIL does not receive, access, store, or process your full card number, CVV, or banking details at any point. For details, see Stripe's Privacy Policy.
Data retention & deletion
In accordance with Apple App Store Review Guidelines and Google Play Data Safety requirements:
- Data minimization — we retain only what is strictly necessary to deliver our Services.
- Active accounts — we retain your data for as long as your account remains active.
- Post-closure retention — after account closure, we retain only what applicable law requires (e.g., tax and billing records).
- Right to deletion — you may request deletion of your personal data at any time. Upon a verified request from the account holder, we erase the personal data under our control within 30 days. Some data may be retained beyond this period where required by law (for example, transaction and tax records) or where held by our service providers (such as payment, authentication, and eSIM provisioning partners) under their own retention policies.
Your privacy rights
Under the GDPR, CCPA, and other applicable frameworks, you have the right to:
- Access (GDPR Art. 15 / CCPA §1798.100) — request a copy of the data we hold about you.
- Rectification (Art. 16) — correct inaccurate or incomplete data.
- Erasure (Art. 17) — request deletion of your personal data, subject to legal retention.
- Restriction (Art. 18) — restrict processing under certain circumstances.
- Data portability (Art. 20) — receive your data in a structured, machine-readable format.
- Objection (Art. 21) — object to processing based on legitimate interests.
- Non-discrimination (CCPA §1798.125) — exercise your rights without penalty.
To exercise any right, contact support@mobinil-esim.com. We respond to verified requests within 30 days.
Security measures
We implement robust technical and organizational measures to protect your personal data, including:
- Encryption in transit — all data exchanged with our Services is protected using TLS.
- Encryption at rest — stored personal data is encrypted using the AES-256 standard.
- Certified infrastructure — the platform is hosted on ISO 27001-certified cloud infrastructure operated by leading providers.
- Access controls — role-based access ensures personal data is available only to authorized personnel with a legitimate need.
- Specialized partners — payment security and eSIM provisioning are handled by specialist providers (Stripe; our connectivity partners) that maintain their own certified security and compliance programs.
Website analytics
We use website analytics tools to measure how visitors interact with our site — such as pages viewed, approximate location, device and browser type, and referral source. This data is aggregated, used solely to improve our service, and is not used to identify you personally. Our current analytics provider is Vercel Web Analytics.
Children's privacy
The Services are not directed to, and are not intended for, individuals under the age of sixteen (16). We do not knowingly collect personal data from children under 16. If we learn that we have inadvertently done so, we will delete it promptly. Please contact us if you believe a child under 16 has provided us with personal data.
Changes to this policy
We may update this Policy to reflect changes in our practices, technology, or legal obligations. For material changes, we will provide notice via in-app message, a notice on our website, or email to your registered address, and we will revise the "Last Updated" date above.
Contact — privacy compliance
If you are not satisfied with our response, you have the right to lodge a complaint with your local Data Protection Authority.
Still have a question?
Our team is online 24/7 to help with anything not covered here.
