Privacy Policy

This policy explains what personal data Flylo collects when you use flylo.app, why we collect it, who we share it with, and the rights you have under UK data protection law.

Flylo is operated from England & Wales and is the data controller for the information described below. If anything here is unclear, email us at support@flylo.app.

1. Who we are

Flylo is a consumer eSIM service. We sell data plans ("bundles") that run on the eSIM Go network, so you can use mobile data abroad without swapping your physical SIM. We do not operate a mobile network ourselves — we resell connectivity from eSIM Go and handle your account, purchases and support.

2. The data we collect

We try to collect as little as we can get away with. In practice that means:

• Account info: your email address, and the basic profile info returned by Apple or Google when you sign in with them (name, email, account identifier, profile picture if provided).
• Order history: the bundles you buy, the destination country, the price in USD, the date of purchase, and the ICCID of the eSIM assigned to you.
• Usage data tied to your eSIM: how much data a given eSIM has used and whether it is active. This is tied to the ICCID, not to your device or real-time location.
• Support correspondence: anything you send us at support@flylo.app, so we can help you and keep a record of the issue.
• Basic technical logs: IP address, browser type and timestamps when you use flylo.app, kept for security and abuse prevention.

3. What we do not collect

We do not track your location beyond the destination country you chose when buying a bundle. We do not read the contents of your traffic, we do not sell your data to advertisers, and we do not build advertising profiles on you.

4. Why we collect it

• To create your account and let you sign in.
• To process purchases and deliver your eSIM QR code.
• To show you your order history and remaining data.
• To provide customer support.
• To detect fraud, abuse and payment disputes.
• To comply with our legal and tax obligations in the UK.

Our lawful bases under UK GDPR are: performance of our contract with you (delivering the eSIM you paid for), our legitimate interests (fraud prevention, keeping the service running), consent (where you explicitly opt in, e.g. optional emails), and legal obligation (tax and accounting records).

5. Who we share it with

We share only what is necessary, and only with these categories of processors:

• Supabase — hosts our database and authentication. Your account record and order history live here.
• Vercel — hosts the flylo.app web application and edge functions.
• eSIM Go — the upstream network provider that issues the actual eSIM profile. They receive the information needed to provision your bundle (such as the bundle code and an order reference).
• Apple and Google — only if you choose to sign in with them. They tell us the minimum profile info needed to authenticate you.
• Stripe — our payment processor. When payments go live, Stripe receives your card details directly. We never see or store your full card number.

We may also share information with law enforcement or regulators where we are legally required to.

6. International transfers

Some of the providers above are based outside the UK (for example in the EU or the US). Where that happens, we rely on the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or UK adequacy regulations to keep your data protected.

7. How long we keep it

• Account data: while your account is open, and for up to 12 months after you close it.
• Order and billing records: 6 years, to meet UK tax and accounting rules.
• Support emails: up to 3 years after the issue is resolved.
• Technical logs: up to 90 days.

8. Your rights under UK GDPR

You have the right to:

• Access the personal data we hold about you.
• Ask us to correct anything inaccurate.
• Ask us to delete your data (subject to records we must keep by law).
• Ask us to restrict or object to certain processing.
• Port your data to another service in a machine-readable format.
• Withdraw consent at any time, where we rely on consent.

To use any of these rights, email support@flylo.app. We aim to respond within 30 days.

If you are unhappy with how we handle your data, you can complain to the UK Information Commissioner's Office at ico.org.uk.

9. Cookies

flylo.app uses a small number of essential cookies and local storage entries to keep you signed in and remember your preferences. We do not use advertising or cross-site tracking cookies.

10. Children

Flylo is not intended for anyone under 16. If you believe a child has given us personal data, contact us and we will delete it.

11. Changes to this policy

If we make material changes, we will update the "Last updated" date and, where appropriate, notify you by email. Continued use of Flylo after changes means you accept the updated policy.

12. Contact

Data protection queries: support@flylo.app.