Privacy Policy

Flylo is an international eSIM provider. This policy explains what personal data we collect when you use flylo.app, why we collect it, who we share it with, and the rights you have under GDPR and equivalent data protection laws.

Flylo is the data controller for the information described below. If anything here is unclear, email us at support@flylo.app.

1. Who we are

Flylo is a consumer eSIM service. We sell mobile data bundles that run on partner networks, so you can use mobile data abroad without swapping your physical SIM. We do not operate a mobile network ourselves — we resell connectivity from tier-1 international carriers and handle your account, purchases and support.

2. The data we collect

We try to collect as little as we can get away with. In practice that means:

• Account info: your email address and, if you sign in with Google, the basic profile info Google returns (name, email, account identifier, profile picture if provided). You can also sign in with email and password.
• Order history: the bundles you buy, the destination country or region, the amount charged and currency, the date of purchase, and the ICCID of the eSIM assigned to you.
• Usage data tied to your eSIM: how much data a given eSIM has used and whether it is active. This is tied to the ICCID, not to your device or real-time location.
• Support correspondence: anything you send us at support@flylo.app, so we can help you and keep a record of the issue.
• Anonymous site analytics: which pages you visit, the page you came from, your approximate country (derived from your IP, which is not itself stored with the visit), and a random per-visitor identifier stored in your browser's localStorage. No cookies, no tracking across other sites, no profile building.
• Basic technical logs: IP address, browser type and timestamps for requests to our service, kept short-term for security and abuse prevention.

3. What we do not collect

We do not track your location beyond the destination country you chose when buying a bundle. We do not read the contents of your mobile traffic. We do not sell your data to advertisers. We do not build advertising profiles on you. We do not use cross-site tracking cookies.

4. Why we collect it

• To create your account and let you sign in.
• To process payments and provision your eSIM so you can install it directly from your browser.
• To show you your order history and remaining data.
• To provide customer support.
• To detect fraud, abuse and payment disputes.
• To understand, at an aggregated level, how travellers use flylo.app so we can improve it.
• To comply with our legal, tax and accounting obligations.

Our lawful bases under GDPR are: performance of our contract with you (delivering the eSIM you paid for), our legitimate interests (fraud prevention, service operation, aggregated product analytics), consent (where you explicitly opt in, e.g. optional marketing emails), and legal obligation (tax and accounting records).

5. Who we share it with

We share only what is necessary, and only with these categories of processors:

• Supabase — hosts our database and authentication. Your account record and order history live here.
• Vercel — hosts the flylo.app web application and edge functions.
• eSIM Go — the upstream network aggregator that issues the actual eSIM profile. They receive the information needed to provision your bundle (such as the bundle code and an order reference).
• Google — only if you choose to sign in with Google. Google tells us the minimum profile info needed to authenticate you.
• Stripe — our payment processor. When you pay, Stripe receives your card details directly. Flylo never sees or stores your full card number.
• Trustpilot — only if you click our review invitation. Trustpilot then collects the review you choose to leave under their own privacy policy.

We may also disclose information to law enforcement or regulators where we are legally required to.

6. International transfers

Because we are an international service, your data may be processed in countries other than your own. Where data leaves the jurisdiction it was collected in, we rely on Standard Contractual Clauses, adequacy decisions (including the UK IDTA and EU SCCs), or equivalent safeguards recognised by your local data protection regime, to keep your data protected.

7. How long we keep it

• Account data: while your account is open, and for up to 12 months after you close it.
• Order and billing records: up to 6 years, to meet tax and accounting rules.
• Support emails: up to 3 years after the issue is resolved.
• Anonymous analytics: up to 13 months.
• Technical logs: up to 90 days.

8. Your rights

Under GDPR and most equivalent laws, you have the right to:

• Access the personal data we hold about you.
• Ask us to correct anything inaccurate.
• Ask us to delete your data (subject to records we must keep by law).
• Ask us to restrict or object to certain processing.
• Port your data to another service in a machine-readable format.
• Withdraw consent at any time, where we rely on consent.

To exercise any of these rights, email support@flylo.app. We aim to respond within 30 days.

If you are unhappy with how we handle your data, you can complain to your local data protection authority. If you are in the UK, that is the Information Commissioner's Office at ico.org.uk. If you are in the EU, you can contact the authority in your country of residence.

9. Cookies and local storage

flylo.app uses a small number of essential cookies and browser local-storage entries to keep you signed in and remember your preferences. We do not use advertising, marketing or cross-site tracking cookies. You can clear these at any time from your browser settings.

10. Children

Flylo is not intended for anyone under 16. If you believe a child has given us personal data, contact us and we will delete it.

11. Security

Data is encrypted in transit using TLS and encrypted at rest by our infrastructure providers. Access to production systems is restricted to authorised personnel and protected by multi-factor authentication.

12. Changes to this policy

If we make material changes, we will update the "Last updated" date and, where appropriate, notify you by email. Continued use of Flylo after changes means you accept the updated policy.

13. Contact

Data protection queries: support@flylo.app.