Privacy Policy

Last updated: June 30, 2026

0xesim ("we", "us", "the Service") sells data eSIMs paid for in cryptocurrency. We do not run identity checks (no KYC), we never ask for your name, address, or government ID, and we never touch your bank card. This policy explains exactly what data we collect, why we collect it, and who processes it on our behalf. We collect only what is needed to take your payment and deliver your eSIM.

1. Data we collect

We collect the minimum data needed to fulfil an order:

  • Email address (optional). Only if you choose email delivery. We use it to send your eSIM QR code, your private retrieval code, and order-related notices. If you instead choose anonymous delivery, we never ask for an email and identify your order solely by a one-time retrieval code (see below).
  • Order, payment and eSIM records. The plan you bought, your order number, the crypto payment status, and the resulting eSIM activation details (such as ICCID and activation profile) so we can deliver and support your order.
  • Anonymous retrieval code. For anonymous orders we generate a private retrieval code and store only a salted hash of it — never the code itself. The plaintext code is shown to you once at checkout; if you lose it we cannot recover it for you.
  • IP address (transient). We read the IP address of incoming requests to rate-limit abuse (for example, to stop checkout and lookup endpoints from being hammered). This is held in short-lived, in-memory counters and is not written to our database as a persistent log.
  • Optional account (magic link). If you opt into an account, we store the email address you sign in with so you can retrieve your past orders. Sign-in uses a one-time "magic link" — we do not store a password.

We do not collect your name, postal address, phone number, or any government-issued identification, and we do not require you to create an account to buy.

2. What we do not do

  • We do not perform KYC or identity verification.
  • We never see or store your card or bank details — payments are made in cryptocurrency through our payment processor.
  • We do not sell, rent, or trade your data to anyone.

3. Cookies

We use cookies only where they are strictly necessary to operate the Service — specifically, a session cookie if you sign into an optional account, and the session cookie used to operate our admin area. We do not use advertising cookies or third-party cross-site tracking cookies.

4. How we use your data

  • To process your crypto payment and confirm it.
  • To provision and deliver your eSIM and QR code.
  • To let you retrieve your eSIM later using your retrieval code, or your email and order number.
  • To respond to support requests and process eligible refunds.
  • To detect, prevent and limit fraud and abuse of the Service.

5. Service providers

We rely on a small number of third-party processors to run the Service. They receive only the data needed to perform their function:

  • NOWPayments — processes your cryptocurrency payment. We do not handle or store card or bank details, and no KYC is performed by us. Your interaction with the payment processor is also subject to their own privacy terms.
  • eSIMAccess — our upstream eSIM provider, which activates the eSIM profile for your order.
  • Resend — sends transactional email (your eSIM QR code, retrieval code, and order notices) when you choose email delivery or use account sign-in.
  • Supabase — our database and authentication provider, where order, payment and eSIM records are stored.
  • Vercel — hosts and serves the website.

6. Data retention

We retain order, payment and eSIM records for as long as needed to deliver and support your order, to comply with our legal and accounting obligations, and to resolve disputes. Transient IP data used for rate-limiting is short-lived and is not kept as a persistent log. You can ask us to delete data associated with your order where we are not legally required to retain it.

7. Your rights

Depending on where you live, you may have rights to access, correct, or delete the personal data we hold about you, and to object to or restrict certain processing. Because anonymous orders carry no identifying data beyond a hashed retrieval code, in many cases we hold little or nothing that identifies you. To make a request, contact us at the address below; we may need your order number to locate your records.

8. Security

Access to order data is restricted, retrieval codes are stored only as salted hashes, and provider API keys are kept server-side and never exposed to the browser. No method of transmission or storage is completely secure, but we take reasonable measures to protect your data.

9. Children

The Service is not directed to children and is intended for users who are able to form a binding contract under the laws that apply to them. We do not knowingly collect data from children.

10. Changes to this policy

We may update this policy from time to time. When we do, we will revise the "Last updated" date above. Material changes will be reflected on this page.

11. Contact

For privacy questions or requests, contact us at [email protected].

See also our Terms of Service.