Privacy Policy

NomadSIM (nomadsim.co) is operated by MB Software Studio. This privacy policy explains how we collect, use, and protect your personal data when you use our prepaid mobile top-up and travel eSIM services.

We collect the following information:

• Contact information: Email address (for account creation, receipts, and magic link authentication)
• Phone number: The Colombian mobile number you want to recharge (top-up orders only; not required for eSIM purchases)
• eSIM data: For eSIM purchases — the destination country you select, the eSIM ICCID (a unique identifier assigned to your eSIM profile), and activation and usage status events received from the carrier
• Payment information: Processed and stored by Stripe. We do not store your card details on our servers.
• Authentication data: Passkey credentials, Google OAuth tokens, or magic link sessions managed by Better Auth
• Technical data: IP address, user agent, browser type, and device information
• Usage data: Pages visited, actions taken, session recordings (via Microsoft Clarity), and analytics events (via Google Analytics 4)

We use your data to:

• Deliver mobile top-ups to your phone number
• Provision eSIM profiles and deliver activation details to your email
• Monitor eSIM activation and usage status to support fulfillment and troubleshooting
• Process payments and send transaction confirmations
• Manage your account, subscriptions, and referral program
• Send transactional emails (order confirmations, magic links) via Resend
• Improve our service through analytics and session recordings
• Detect and prevent fraud or abuse

We do not sell your personal data. We do not send marketing emails unless you explicitly opt in.

We share data with the following third-party services, each with their own privacy policies:

• Stripe — Payment processing. Stripe receives your card details, email, and billing information.
• Zendit / IDT — Top-up delivery and eSIM provisioning. For top-up orders, Zendit receives your phone number to fulfill the recharge. For eSIM orders, Zendit receives the order details (destination country, plan) to provision the eSIM profile on the carrier network and returns the ICCID and activation information.
• Resend — Transactional email delivery. Receives your email address.
• Google Analytics 4 — Website analytics. Collects anonymized usage data, IP address, and device information. For more information, see how Google uses data from sites that use its services.
• Microsoft Clarity — We partner with Microsoft Clarity to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay. Website usage data is captured using first and third-party cookies and other tracking technologies. We use this information for site optimization and fraud/security purposes. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.
• Google OAuth — If you sign in with Google, we receive your name, email address, and profile picture from Google.
• Vercel — Hosting. Vercel processes requests and may log IP addresses and request metadata.

We use the following cookies:

• Authentication cookies: Session cookies to keep you signed in. These are essential for the service to function.
• Analytics cookies: Set by Google Analytics 4 to measure site usage and performance.
• Session recording cookies: Set by Microsoft Clarity for session replay and heatmap data.

You can disable non-essential cookies in your browser settings. Disabling essential (authentication) cookies will prevent you from signing in.

We retain your account data and transaction history for as long as your account is active. If you request account deletion, we will remove your personal data within 30 days, except where we are legally required to retain it (e.g., financial records).

eSIM-related data (ICCID, activation status, usage events) is retained as part of your transaction record and subject to the same deletion policy.

Analytics data is retained according to the default retention periods of Google Analytics and Microsoft Clarity.

We use industry-standard security measures to protect your data, including HTTPS encryption, secure authentication via Better Auth, and Stripe's PCI-compliant payment processing.

However, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and personal data
• Withdraw consent for non-essential data processing

To exercise any of these rights, contact us at support@nomadsim.co.

NomadSIM is not intended for use by children under 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us and we will delete it.

We may update this privacy policy from time to time. Material changes will be communicated via email or a notice on the website. The "Last updated" date at the top reflects the most recent revision.

For questions about this privacy policy or your personal data, contact us at support@nomadsim.co.