1. Information We Collect
ICY SIM is operated by Verios Group Limited ("we," "us," or "our"), a company incorporated in Hong Kong (Suite C, Level 7, World Trust Tower, 50 Stanley Street, Central, Hong Kong). We operate the ICY SIM website at icysim.com and the ICY SIM mobile application (together, the "Service"). This Privacy Policy explains what data we collect, why, and how we protect it.
Account Information
When you register, we collect your email address, first name, last name, date of birth, phone number, and country of residence. This information is necessary to create and manage your account.
Payment Information
We do not store raw card numbers. Payment data (card number, expiry, CVV) is processed and tokenised exclusively by our third-party payment processor. We store only a masked card reference (last 4 digits, card brand) and the payment token issued by our processor for future one-click payments, solely with your consent.
eSIM & Usage Data
When you purchase an eSIM plan, we collect and store:
- ICCID (SIM card identifier), activation code, and QR code data
- Data remaining (MB), data used, and plan expiry date
- Country and plan details associated with your eSIM
- Activation timestamp and eSIM status (install / active / expired)
Device & App Data
The ICY SIM mobile app may request access to:
- Camera — to scan eSIM QR codes for installation
- Photo Library — to set your profile photo or save QR codes
- Push Notification Token — to send you eSIM alerts (data warnings, expiry reminders)
Usage & Analytics
We may collect anonymised usage data, crash reports, and performance metrics to monitor service reliability and improve the user experience. This data does not identify you personally.
Communications
When you contact our support team, we retain the content of your messages to resolve your issue and maintain service quality.
2. How We Use Your Information
We use your data only for the following purposes:
- Service Delivery — Processing purchases, provisioning eSIM plans, and managing your account
- Transactional Communications — Sending order confirmations, eSIM activation details, low-data warnings, plan expiry reminders, and payment receipts
- Customer Support — Responding to your queries and resolving technical issues
- Safety & Fraud Prevention — Detecting and preventing fraudulent transactions or abuse of the Service
- Service Improvement — Analysing aggregated, anonymised usage trends to improve features
- Legal Compliance — Meeting obligations under applicable law
We never sell your personal data to third parties. We do not use your data for advertising profiling or share it with advertisers.
3. Third-Party Services
To deliver the Service, we work with trusted third-party providers in the following categories. Each provider is contractually required to handle your data securely and only for the stated purpose.
| Category | Purpose | Data Shared |
|---|---|---|
| Infrastructure & Database | Secure cloud database, user authentication, and file storage | Account data, eSIM records, order history |
| Payment Processing | Secure card and digital wallet payment processing (PayerMax) | Payment details — processed directly by our payment provider; we receive only a secure token |
| eSIM Connectivity | eSIM plan provisioning and activation via our licensed network partner | Order details required to allocate and activate your eSIM |
| Transactional Email | Delivery of receipts, eSIM details, and service alerts | Your email address and name |
| Push Notifications | Sending in-app alerts (data usage warnings, plan expiry) | Push notification device token (no personal data) |
| Security & Monitoring | Error monitoring and service reliability tracking | Anonymised device info and error logs (no PII) |
| Analytics | Anonymised product usage analysis to improve the Service | Anonymised usage events only |
4. Data Sharing
We do not sell, rent, or trade your personal information. We may disclose your data only:
- To the third-party service providers listed in Section 3, under strict data processing agreements
- When required by law, court order, or government authority
- To protect the rights, property, or safety of ICY SIM, our users, or the public
- In connection with a merger, acquisition, or sale of assets — in which case you will be notified
5. Data Retention
We retain your personal data only for as long as necessary to provide the Service and comply with legal obligations:
- Account data — retained for the lifetime of your account plus 2 years after deletion
- Order & eSIM records — retained for 7 years for accounting and tax compliance
- Support communications — retained for 3 years
- Analytics data — retained in anonymised form for up to 24 months
When you request account deletion, we delete or anonymise your personal information within 30 days, except where legal retention obligations apply.
6. Your Rights
Depending on your location, you may have the following rights:
- Access — Request a copy of the personal data we hold about you
- Rectification — Request correction of inaccurate data (you can also update most information directly in the app)
- Erasure — Request deletion of your account and associated data ("right to be forgotten")
- Portability — Receive your data in a structured, machine-readable format
- Restriction — Request that we restrict processing of your data in certain circumstances
- Objection — Object to processing based on legitimate interests
- Withdraw Consent — Where processing is based on consent, you may withdraw it at any time
To exercise any of these rights, contact us at support@icysim.com. We will respond within 30 days. California residents may also submit requests under the CCPA.
7. Security
We implement industry-standard security measures to protect your data:
- All data is encrypted in transit using TLS 1.2+
- Passwords are hashed and never stored in plain text
- Payment data is handled exclusively by PayerMax under PCI DSS compliance
- Access to production systems is restricted to authorised personnel only
- Regular security audits and dependency updates
While we take every precaution, no method of internet transmission is 100% secure. If you believe your account has been compromised, contact us immediately at support@icysim.com.
8. Children's Privacy
The ICY SIM Service is not directed to children under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
9. International Data Transfers
ICY SIM is a global service. Your data may be processed in countries outside your own, including countries where data protection laws may differ. When we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email or an in-app notice at least 14 days before the changes take effect. Continued use of the Service after the effective date constitutes your acceptance of the updated policy.
The "Last updated" date at the top of this page reflects the most recent revision.
11. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact our Data Protection team:
Verios Group Limited
Suite C, Level 7, World Trust Tower
50 Stanley Street, Central, Hong Kong