Privacy Policy

1. Information We Collect

We may collect the following types of information:

a. Personal Information

Information you voluntarily provide, such as:

• Email address
• Name (if provided)
• Contact information
• Account details

b. Usage Information

Information collected automatically, including:

• Device type and operating system
• App usage and interaction data
• IP address and approximate location
• Diagnostic and performance data

c. Transaction Information

If you make a purchase, we may collect:

• Purchase history
• Plan details
• Payment status

(Payment details are processed securely by third-party providers and are not stored by Orbitelo.)

2. How We Use Your Information

We use collected information to:

• Provide and operate the Service
• Process purchases and manage eSIM plans
• Improve app performance and user experience
• Communicate important updates or support messages
• Ensure security and prevent fraud
• Comply with legal obligations

3. eSIM & Connectivity Data

Orbitelo does not operate mobile networks.

Connectivity services are provided by third-party eSIM and telecommunications partners. Limited technical information may be shared with these partners solely to:

• Activate and manage eSIMs
• Provide customer support
• Ensure service functionality

4. Data Sharing & Third Parties

We share data only where necessary to operate the Service. Our current third-party processors include:

• Stripe — payment processing. Card details are handled directly by Stripe and are never stored by Orbitelo.
• Provider of eSIM connectivity — our primary eSIM connectivity provider. Limited technical information (device identifiers, plan details, ICCID) is shared to activate and manage your eSIM.
• Firebase (Google) — authentication, App Check (fraud prevention), and client-side analytics.
• Mixpanel — product analytics to improve the user experience (web and server-side).
• Sentry — error monitoring and performance tracking.
• SendGrid (Twilio) — transactional email delivery (purchase confirmations, refund updates, dispute notifications).
• Intercom — customer support chat. We share a signed identity token so Intercom can verify your identity in support conversations.
• Anthropic / OpenAI — AI-powered trip planning feature. Free-text trip queries you submit are sent to Anthropic or OpenAI to generate plan recommendations. Do not include sensitive personal information in trip queries.
• Vercel Analytics & Speed Insights — web performance monitoring and anonymous usage analytics.
• Legal or regulatory authorities when required by applicable law.

We do not sell your personal data to any third party.

Authorized Orbitelo staff with a legitimate business need — including customer support, refund review, dispute resolution, and fraud prevention — may access your account data. This access is restricted to staff with the relevant operational role and is subject to internal access controls.

5. Data Retention

We retain personal information only for as long as necessary to:

• Provide the Service
• Comply with legal obligations
• Resolve disputes
• Enforce agreements

When you delete your account, your profile information is permanently anonymized and you lose login access. Transaction and billing records (orders, payments, wallet history) are retained in anonymized form — linked only to a placeholder account ID with no personal identifiers — for the minimum period required by applicable tax and accounting law, typically 5–7 years.

6. Cookies & Tracking

We use cookies and similar tracking technologies to operate and improve the Service. These may include:

• Essential cookies — required for authentication and core functionality
• Analytics cookies — used by Firebase Analytics, Mixpanel, and Vercel Analytics to understand how users interact with the Service
• Performance cookies — used by Sentry and Vercel Speed Insights to monitor errors and app performance

You can manage cookie preferences through your browser settings. Disabling non-essential cookies will not affect core functionality.

7. Security

We take reasonable technical and organizational measures to protect your information. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

8. Your Rights

Depending on your location, you may have the right to:

• Request a copy of your personal data by contacting us
• Request correction or deletion
• Object to or restrict processing
• Withdraw consent where applicable

To delete your account and associated data, visit our Account Deletion page. For all other requests, contact us at the email below.

9. International Data Transfers

Orbitelo operates globally. Your information may be processed or stored in countries outside your place of residence. We take steps to ensure appropriate safeguards are in place.

10. Children's Privacy

Orbitelo is not intended for users under the age of 18. Our Service involves purchasing digital products using payment methods, which requires users to be legal adults.

We do not knowingly collect personal data from anyone under 18. If we learn that a user is under 18, we will suspend their account and delete their associated personal data.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

When changes are made, the "Last updated" date will be revised. Continued use of the Service means acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or your data, please contact us:

Email: support@orbitelo.com