Privacy Policy

Last updated

1. Introduction

Arel eSIM ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and eSIM services. We process personal data in accordance with the Turkish Law on Protection of Personal Data (KVKK), and the EU General Data Protection Regulation (GDPR) where applicable.

By using our services, you consent to the data practices described in this Privacy Policy. Please read this policy carefully to understand our practices regarding your personal data.

2. Information We Collect

2.1 Personal Information

We collect information that you provide directly to us, including:

  • Account Information: Name, email address, password, phone number
  • Payment Information: Billing address and payment method details. We do not store full credit card numbers on our systems; payment card data is collected and processed solely by our payment provider, Paddle.com (Merchant of Record), in accordance with applicable payment card industry standards.
  • Purchase Information: Order history, eSIM plan details, activation dates
  • Device Information: Device type, model, operating system, and eSIM compatibility—collected to verify device compatibility and deliver the service.
  • Support Communications: Messages sent through our support channels

We do not store full credit card numbers; payment card data is held and processed only by our payment provider, Paddle.com.

2.2 Automatically Collected Information

When you use our services, we automatically collect:

  • Usage Data: How you interact with our website and services
  • Technical Data: IP address, browser type, device identifiers, time zone settings
  • Cookies and Tracking: Information collected through cookies and similar technologies (see Cookie Policy)
  • Network Information: Connection data, service usage patterns, data consumption

3. How We Use Your Information

We use the collected information for the following purposes:

  • Service Delivery: To provide, activate, and manage your eSIM plans
  • Account Management: To create and maintain your account, process payments, and manage subscriptions
  • Customer Support: To respond to your inquiries, provide technical support, and resolve issues
  • Communication: To send service updates, activation confirmations, and important notifications
  • Improvement: To analyze usage patterns, improve our services, and develop new features
  • Security: To detect, prevent, and address fraud, security threats, and technical issues
  • Legal Compliance: To comply with legal obligations and enforce our Terms of Service
  • Marketing: To send promotional communications (with your consent, which you can withdraw at any time)

4. Information Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

4.1 Service Providers

We share information with trusted third-party service providers who assist in operating our business. Key partners include:

  • Paddle.com (Paddle) — our Merchant of Record, which processes payments, issues invoices, and handles payment card data. Paddle is established in Ireland and processes personal data in connection with purchases in accordance with its privacy policy and applicable law.
  • Redtea Mobile (or our designated network infrastructure partner) — which provides the telecommunications and network infrastructure necessary for eSIM activation and connectivity. Redtea may process technical and usage data required to deliver the service.
  • Cloud hosting and data storage providers
  • Analytics and marketing service providers
  • Customer support platforms

These providers are contractually bound to protect your information and use it only for the purposes we specify, in compliance with applicable data protection law.

4.2 Legal Requirements

We may disclose your information if required by law, regulation, or legal process, or to:

  • Comply with government requests or court orders
  • Protect our rights, property, or safety
  • Prevent fraud or abuse
  • Respond to security threats

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

4.4 Referral Programme

If you participate in our referral programme, we may notify referrers when a referral is successfully completed (for example, that a qualifying purchase was made). Referrers do not receive the referred customer's personal details (such as name, email, or contact information); we only use referral data as necessary to operate the programme and award credits in accordance with our Terms of Service.

5. Data Security

We implement industry-standard security measures to protect your personal information, including:

  • Encryption of data in transit (SSL/TLS) and at rest
  • Secure authentication and access controls
  • Regular security audits and vulnerability assessments
  • Secure payment processing through PCI-DSS compliant providers
  • Staff training on data protection best practices

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as necessary to:

  • Provide our services and maintain your account
  • Comply with legal obligations and resolve disputes
  • Enforce our agreements and protect our rights

When information is no longer needed, we securely delete or anonymize it. Account information is typically retained for up to 7 years after account closure for legal and accounting purposes.

7. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (subject to legal requirements)
  • Portability: Request transfer of your data to another service provider
  • Objection: Object to processing of your information for certain purposes
  • Restriction: Request restriction of processing in certain circumstances
  • Withdrawal of Consent: Withdraw consent for data processing where applicable

To exercise these rights, please contact us at [email protected]. We will respond to your request within 30 days.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience, analyze usage, and provide personalized content. For detailed information about our use of cookies, please see our Cookie Policy.

You can control cookies through your browser settings. However, disabling cookies may limit your ability to use certain features of our website.

9. International Data Transfers

Your personal data may be transferred to and processed in countries outside Turkey and the European Economic Area (EEA). Our operations and service providers are located in several jurisdictions: we are based in Turkey; our Merchant of Record (Paddle.com) is established in Ireland and may process data there and in other locations; and our network infrastructure provider (e.g. Redtea Mobile) may operate or use facilities in regions such as Singapore or China. These countries may have data protection laws that differ from those in your country.

Where we transfer personal data outside Turkey or the EEA, we ensure appropriate safeguards are in place as required by KVKK and EU GDPR. These may include: (i) transfers to countries that have been deemed to provide an adequate level of data protection by Turkey or the European Commission; (ii) standard contractual clauses (SCCs) approved by the European Commission; (iii) binding corporate rules or other approved mechanisms. We will ensure that any such transfers are made in compliance with applicable law and that your data remains protected in line with this Privacy Policy.

10. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child without parental consent, we will take steps to delete that information.

11. Third-Party Links

Our website may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by:

  • Posting the updated policy on our website
  • Sending an email notification to your registered email address
  • Displaying a prominent notice on our website

The "Last updated" date at the top indicates when this Privacy Policy was last revised. Your continued use of our services after changes are posted constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: