Privacy Policy

1. Scope and Role

This Privacy Policy governs the collection, use, disclosure, retention, and protection of personal information in connection with your access to and use of Roamix services, including our website, account platform, checkout flow, eSIM provisioning features, and support channels. By using the services, you acknowledge that your personal information will be processed as described in this policy and subject to applicable law.

Except where another notice states otherwise, Roamix acts as the controller of personal information processed under this policy. Certain parties, including payment processors and telecommunications partners, may process information as independent controllers under their own legal terms and privacy notices.

2. Definitions

For purposes of this policy, personal information means information that identifies, relates to, describes, or can reasonably be linked to an individual. Processing means any operation performed on personal information, including collection, recording, organization, storage, use, disclosure, transfer, and deletion. Service provider means a vendor that processes personal information on behalf of Roamix for a business purpose. Network partner means a carrier or eSIM fulfillment provider that supports delivery and operation of purchased plans.

3. Information We Collect

We collect information that you provide directly to us, information generated through your use of the services, and information received from authorized third parties. Information you provide includes account registration details such as name, email address, password, and profile data you choose to submit, along with order data such as selected plan, destination, purchase timestamp, order identifiers, and support communications.

We receive limited information from third parties when needed to deliver the service. This includes authentication details from identity providers when you choose social sign in, payment confirmation and transaction metadata from Stripe, and activation or usage status from network partners so we can provision plans and display service status.

We also collect technical and device information that supports operations, security, and reliability, including IP address, browser type, operating system, application version, request logs, and diagnostic data associated with account activity and service performance. Roamix does not intentionally store full payment card numbers and does not intentionally request special category personal data through standard customer flows.

4. How We Use Information

We process personal information to administer accounts, process payments, issue receipts, evaluate refund requests, provision and maintain eSIM plans, provide customer support, and communicate required service notices. We also process information to protect the security and integrity of our systems, prevent fraud and abuse, monitor performance, improve product quality, enforce agreements, and satisfy legal and regulatory obligations.

Where permitted by law, we may use contact information to send updates about service changes, features, or offers. You may opt out of non essential marketing communications in accordance with applicable law and available account controls.

5. Legal Bases for Processing

Where applicable law requires a legal basis, Roamix processes personal information on the basis of contractual necessity, legitimate interests, consent, and legal obligation. Contractual necessity applies where processing is required to create accounts, process orders, and deliver purchased services. Legitimate interests include service security, fraud prevention, support quality, analytics, and product improvement. Consent applies where required for specific activities. Legal obligation applies where processing is required by law, court order, or regulatory request.

6. How We Disclose Information

Roamix does not sell personal information. We disclose personal information only where reasonably necessary to operate the service, fulfill contractual duties, and comply with legal requirements. Disclosures may be made to payment processors for transaction handling, cloud and infrastructure vendors for hosting and monitoring, customer communication providers for service messaging, and network partners for plan activation and service management.

We may also disclose information to professional advisers such as legal counsel, auditors, and accountants where needed for legitimate business operations or legal defense. We may disclose information to public authorities when required by valid legal process or binding legal obligation. In connection with a merger, financing, acquisition, or asset transfer, information may be transferred subject to applicable confidentiality and legal safeguards.

7. Cookies and Similar Technologies

Roamix uses cookies and similar technologies for authentication, session continuity, fraud prevention, user preference storage, and service analytics. Certain cookies are strictly necessary for core platform functions, including secure login and checkout. You may control cookie settings through your browser or device, but disabling required cookies may limit or prevent use of certain features.

Where applicable law recognizes browser level privacy signals, we process those signals in a manner consistent with legal requirements and technical feasibility.

8. Data Retention

We retain personal information for the period reasonably necessary to fulfill the purposes described in this policy, including account administration, service delivery, dispute resolution, security analysis, and legal compliance. Account records are retained while an account remains active and for a reasonable period thereafter. Order, billing, and refund records may be retained for up to seven years to satisfy tax, accounting, and legal requirements.

Security logs, fraud indicators, and support records are retained in accordance with operational needs, legal obligations, and risk controls. When retention is no longer required, we delete, deidentify, or aggregate relevant data in accordance with internal standards and applicable law.

9. Security

We maintain administrative, technical, and organizational safeguards intended to protect personal information against unauthorized access, loss, misuse, alteration, and disclosure. Controls include encrypted transmission, role based access management, credential security practices, logging, and monitoring. No data transmission or storage system can be guaranteed fully secure, and users share responsibility for maintaining account credential security.

If we identify a security incident involving personal information, we will investigate, mitigate, and provide notice in accordance with applicable legal obligations.

10. International Transfers

Personal information may be processed in jurisdictions other than your country of residence. Where required by law, we implement appropriate legal and contractual safeguards for cross border transfers and require service providers to maintain suitable data protection controls.

11. Your Privacy Rights

Depending on your jurisdiction, you may have rights to request access to personal information, correction of inaccurate data, deletion, restriction of processing, objection to certain processing activities, and data portability where technically feasible. You may also withdraw consent where consent is the legal basis for processing, without affecting processing conducted before withdrawal.

Rights requests may be submitted by contacting support@roamix.app from the email associated with your account. We may require identity verification before taking action and may decline requests where permitted by law, including where an exemption applies. We respond within the period required by applicable law.

12. Region Specific Privacy Notices

Users in California

If California law applies to your data, you may have rights to know, access, correct, and delete personal information, and to request information regarding disclosure practices as provided by law. Roamix does not sell personal information and does not share personal information for cross context behavioral advertising as defined by applicable California statutes.

Users in the European Economic Area, United Kingdom, and similar jurisdictions

If EEA, UK, or similar privacy laws apply, you may have rights to object to processing based on legitimate interests, request restriction, and lodge a complaint with a competent supervisory authority. We encourage you to contact us first so we can attempt to resolve your concern directly.

13. Children's Privacy

Roamix services are not directed to children under the age of thirteen and are not intended to solicit personal information from children. We do not knowingly collect personal information from children under thirteen. If you believe a child has provided personal information in violation of this policy, contact us and we will investigate and take appropriate corrective steps.

14. Third Party Sites and Services

Our services may contain links to third party websites or tools that are not operated or controlled by Roamix. We are not responsible for third party privacy or security practices. Your use of third party services is governed by the terms and privacy notices published by those third parties.

15. Changes to This Privacy Policy

We may revise this Privacy Policy from time to time to reflect legal, operational, or product changes. Updated versions become effective on the date posted unless a later date is stated. Where required by law, material changes will be communicated through additional notice methods.

16. Contact Us

For privacy questions, requests, or complaints, please contact support@roamix.app.