Privacy Policy
Last updated: June 30, 2026
0xesim ("we", "us", "the Service") sells data eSIMs paid for in cryptocurrency. We do not run identity checks (no KYC), we never ask for your name, address, or government ID, and we never touch your bank card. This policy explains exactly what data we collect, why we collect it, and who processes it on our behalf. We collect only what is needed to take your payment and deliver your eSIM.
1. Data we collect
We collect the minimum data needed to fulfil an order:
- Email address (optional). Only if you choose email delivery. We use it to send your eSIM QR code, your private retrieval code, and order-related notices. If you instead choose anonymous delivery, we never ask for an email and identify your order solely by a one-time retrieval code (see below).
- Order, payment and eSIM records. The plan you bought, your order number, the crypto payment status, and the resulting eSIM activation details (such as ICCID and activation profile) so we can deliver and support your order.
- Anonymous retrieval code. For anonymous orders we generate a private retrieval code and store only a salted hash of it — never the code itself. The plaintext code is shown to you once at checkout; if you lose it we cannot recover it for you.
- IP address (transient). We read the IP address of incoming requests to rate-limit abuse (for example, to stop checkout and lookup endpoints from being hammered). This is held in short-lived, in-memory counters and is not written to our database as a persistent log.
- Optional account (magic link). If you opt into an account, we store the email address you sign in with so you can retrieve your past orders. Sign-in uses a one-time "magic link" — we do not store a password.
We do not collect your name, postal address, phone number, or any government-issued identification, and we do not require you to create an account to buy.
2. What we do not do
- We do not perform KYC or identity verification.
- We never see or store your card or bank details — payments are made in cryptocurrency through our payment processor.
- We do not sell, rent, or trade your data to anyone.
4. How we use your data
- To process your crypto payment and confirm it.
- To provision and deliver your eSIM and QR code.
- To let you retrieve your eSIM later using your retrieval code, or your email and order number.
- To respond to support requests and process eligible refunds.
- To detect, prevent and limit fraud and abuse of the Service.
5. Service providers
We rely on a small number of third-party processors to run the Service. They receive only the data needed to perform their function:
- NOWPayments — processes your cryptocurrency payment. We do not handle or store card or bank details, and no KYC is performed by us. Your interaction with the payment processor is also subject to their own privacy terms.
- eSIMAccess — our upstream eSIM provider, which activates the eSIM profile for your order.
- Resend — sends transactional email (your eSIM QR code, retrieval code, and order notices) when you choose email delivery or use account sign-in.
- Supabase — our database and authentication provider, where order, payment and eSIM records are stored.
- Vercel — hosts and serves the website.
6. Data retention
We retain order, payment and eSIM records for as long as needed to deliver and support your order, to comply with our legal and accounting obligations, and to resolve disputes. Transient IP data used for rate-limiting is short-lived and is not kept as a persistent log. You can ask us to delete data associated with your order where we are not legally required to retain it.
7. Your rights
Depending on where you live, you may have rights to access, correct, or delete the personal data we hold about you, and to object to or restrict certain processing. Because anonymous orders carry no identifying data beyond a hashed retrieval code, in many cases we hold little or nothing that identifies you. To make a request, contact us at the address below; we may need your order number to locate your records.
8. Security
Access to order data is restricted, retrieval codes are stored only as salted hashes, and provider API keys are kept server-side and never exposed to the browser. No method of transmission or storage is completely secure, but we take reasonable measures to protect your data.
9. Children
The Service is not directed to children and is intended for users who are able to form a binding contract under the laws that apply to them. We do not knowingly collect data from children.
10. Changes to this policy
We may update this policy from time to time. When we do, we will revise the "Last updated" date above. Material changes will be reflected on this page.
11. Contact
For privacy questions or requests, contact us at [email protected].