RoamlyRoamly

§ Legal / 01

Privacy Policy

Last updated
May 2026

This Privacy Policy explains how BeyondCorp Ltd ("Roamly", "we", "us") collects, uses, stores, and shares personal information when you use the Roamly mobile application and related services (the "Service"). By using the Service you agree to the practices described below.

1. Information we collect

We collect the minimum data needed to deliver eSIM connectivity and virtual numbers:

  • Account data: email address, password hash, device identifier, language and currency.
  • Purchase data: plan, country, price, transaction ID. We do not store full card numbers — payments are processed by Apple In-App Purchase.
  • Connectivity data: ICCID of provisioned eSIM profiles, active country/region, data balance, expiry dates.
  • Virtual-number data: rented numbers and SMS verification codes received on those numbers.
  • Diagnostic data: crash reports, anonymous performance metrics, app version, OS version.
  • Support data: messages you send to [email protected].

2. How we use information

  • Provision eSIM profiles and activate data packs with our carrier partners.
  • Deliver SMS codes received on virtual numbers to your account.
  • Process purchases, refunds, and renewals.
  • Send service notifications (low balance, expiry, security alerts).
  • Comply with legal obligations and prevent abuse, fraud, or violations of our Terms.
  • Improve the app via aggregated analytics — never to profile you for advertising.

3. Legal basis

We process personal data under the legal bases of contract performance (delivering eSIM and number services you bought), legitimate interest (security, fraud prevention, product improvement), legal obligation (tax, telecom regulation), and consent (push notifications, optional analytics).

4. Data we do not collect

  • We do not access the content of your phone calls, third-party SMS, contacts, or photos.
  • We do not sell personal data to third parties.
  • We do not use third-party advertising SDKs or cross-app tracking.
  • We do not collect precise geolocation. Country detection is derived only from the active eSIM profile.

5. Sharing

We share data only with:

  • Carrier partners that provide the underlying eSIM connectivity and virtual numbers (ICCID and plan information only).
  • Apple for in-app purchase processing.
  • Cloud infrastructure providers hosting our backend, under strict data-processing agreements.
  • Regulators or law enforcement when required by valid legal process.

6. Data retention

Account data is kept while your account is active and for up to 24 months after deletion to meet tax and telecom record-keeping obligations. SMS codes received on virtual numbers are stored for the lifetime of the rented number and erased when it expires. Diagnostic data is retained for up to 90 days.

7. Your rights

Depending on your jurisdiction (GDPR, CCPA, UK GDPR and similar), you have the right to:

  • Access a copy of your personal data.
  • Correct inaccurate data.
  • Delete your account and associated data.
  • Export your data in a portable format.
  • Object to or restrict certain processing.
  • Withdraw consent at any time.
  • Lodge a complaint with your local data-protection authority.

To exercise any of these rights, email [email protected]. We respond within 30 days.

8. Security

We encrypt data in transit (TLS 1.3) and at rest. Access to production systems is restricted to a small engineering team with multi-factor authentication. Despite our efforts, no system is 100% secure — please use a strong, unique password and enable device-level protections.

9. Children

Roamly is not directed at children under 13 (or under 16 in the EEA). We do not knowingly collect personal data from children. If you believe a child has provided data, contact us and we will delete it.

10. International transfers

Our infrastructure is hosted in the European Union. When data is transferred to carrier partners outside the EEA, we rely on Standard Contractual Clauses and additional safeguards.

11. Third-party services

Roamly may include links to third-party services (e.g. carrier portals). We are not responsible for their privacy practices and recommend reviewing their policies.

12. Changes to this policy

We may update this Policy from time to time. Material changes will be announced inside the app and on this page at least 14 days before they take effect.

13. Contact

BeyondCorp Ltd, Pygmalionos 51, 8046 Paphos, Cyprus — [email protected].