Privacy Policy

Last updated: 2024-03-25

This document (“Privacy Policy”) explains the privacy rules applicable to all information collected or submitted when you access, install, or use Saily Services (as defined below) and Website regardless of the device (computer, mobile phone, tablet, etc.) you use.

As used in this Privacy Policy, personal data means any information or set of information from which we can directly or indirectly identify you, e.g. by your name, surname, email address, telephone number, etc.

You should read this Privacy Policy along with the Terms & Conditions of usage of Saily and other related services we may provide to you that directly link to this statement.

Additional information on your data processing may also be indicated in contractual terms, supplemental privacy statements, or notices.

The capitalised words used in this Privacy Policy as definitions are defined here or in our Terms & Conditions.

By registering an account or otherwise using or visiting any Saily mobile application, Website, ordering and/or using Saily, contacting us concerning questions related to Saily (collectively the “Service” or “Services”), you confirm that you have read this Privacy Policy and agree to be bound by this Privacy Policy. If you disagree with the rules of this Privacy Policy, please do not use our Services.

Who we are

We are “peakstar technologies Inc.”, a corporation organised under the laws of the State of Delaware, United States of America, under registration number 7600176, registered address 16192 Coastal Highway, Lewes, Delaware 19958, County of Sussex, United States of America (“Saily”, “we”, “us”, “our”). Under privacy laws, we act as a data controller.

PROCESSING OF YOUR PERSONAL DATA

Saily processes your personal data to a limited scope to provide Services, process payments for the Services, and enable the functioning of our Website and mobile application. We may process the following categories of personal data:

Information required to create your Account and sign up for the Services

Name, email address. We collect your full name and email address during registration. This information is necessary for establishing Saily account, retrieving a lost password, and using the Services. Under certain circumstances for regulatory purposes in some countries to create an Account and sign up for the Service we may require copies of personal documentation (passport, ID document, etc.) from you which will be held by us and made available to national regulators if they so request.
Order data. When you order Services we process certain order information (e.g., the data plan you have chosen, term, currency, status, approximate location based on IP address, etc.).

Payment related information

Payment data. This information is necessary to collect payments for our Services. Our payment processing partners process basic billing information for payment processing and refund requests (such as date of purchase, payer’s IP address, zip code, card owner’s full name, and credit card information).
Country details. When providing your payment details, we ask our users to provide the country, state or province where they are registered, have a permanent address or usually live. This information is necessary for VAT calculation purposes.
Information for payment fraud prevention. To prevent fraudulent payments for the Services, your personal data (such as payer’s email address and device information) can be verified by our and/or our payment processing partner’s fraud management tools. A payment transaction that is considered high-risk may be rejected by us.

Communication data

Email address. We use your email address to: i) send you important updates and announcements related to your use of our Services; ii) respond to your requests or inquiries; iii) send you offers, surveys, and other marketing content (you can opt-out of those at any time).
Customer support inquiries. We keep the information that you provided to our customer support team that was necessary to resolve the query. Depending on what information is necessary, it can consist of, but is not limited to, payment information for customer verification processes, your country name, information on your device, etc.
Communication optimization data. We use various tools to help us optimise our email campaigns. These tools may track events you perform with an email, such as open and unsubscribe. We may also be able to see the user device’s operating system (e.g., Windows, Mac, iOS, Android) to optimise push notifications and automatically set the language.
Chatbot. If you contact us via our chatbot on our website, in addition to collecting your contact information, we will be able to see your IP address. This additional information is necessary for our support to determine the user's country.

Information collected on our Website

Service usage. We collect information about specific Saily Services you use.
Access logs. Like most websites on the internet, our Website collects access logs (such as IP address, browser type, operating system) to operate our services and ensure their secure, reliable, and robust performance. This information is also essential for fighting against DDoS attacks, scanning, and similar hacking attempts.
Cookies. Cookies, pixels, and other similar technologies are usually small text or image files that are placed on your device when you visit our Website. Some cookies are essential for our Website to operate smoothly; others are used to improve Websites’ functionality, analyse aggregated usage statistics to improve Website’s performance, and for advertising. We also use affiliate cookies to identify the customers referred to our Website by our partners so that we can grant the referrers their commission. You can check what cookies we use in our Cookie Policy.

Information collected on our mobile application

In-app event information. Our application collects information about the activity on your Account. The in-app event information is necessary for us: (i) to know if the application is working properly (e.g. if the user was able to register or login successfully if the user was able to download and install eSIM); (ii) to know how users interact with our application (e.g., what kind of user interface items are the most or least used, are notifications we show of interest to users, etc.); and (iii) to identify problems related to our app performance and updates (e.g., crash error reports). The in-app event contains the following information:

General event information: event time, categorization, and limited routing information.
Device information: device’s operating system and its architecture, device type, model, brand, unique device identifier, device’s city, country, and time zone.
Application information: name, version, and source of the application, enabled/disabled features at the time of the event, network type, public internet service provider’s information, user preferences (e.g., notifications enabled/disabled, language).
Account information: active/inactive plans, current and past active/inactive plans.

Traffic data. We may hold data about the network usage, assigned Services to your Account, and purchase history to grant your rights related to the refund policy.

Device information. We may collect some device information on our application too. Such information is logged automatically and may include the model of your device, operating system version, and similar non-identifying information. We may use this information to monitor, develop, and analyse the use of Services. Additionally, aiding users in making the most of eSIM functionalities.

Device identifiers. In some cases, we may record your device’s identifier for marketing or analytics purposes. These identifiers are assigned to your device by the OS manufacturer and can be reset at any time from your device's settings. For instructions, see the following policies for different devices: Advertising & Privacy on iOS devices and Managing your Google Settings on Android devices.

Promotional games data

Information for participating in our promotional games (e.g., sweepstakes, giveaways, contests). When you decide to participate in any promotional game that requires additional personal information, you will be explicitly requested to provide it. The personal data we ask you to provide typically includes your full name, e-mail address, phone number, and information about the purchased subscription plan. However, you have the right to refuse to provide such information and cease your participation in the promotional game at any time. In certain cases, we also may share the mentioned data with third parties that help us to organise/coordinate such promotional games. Please carefully review the terms and conditions of each promotional game in which you participate as they may contain specific additional information about the processing of your personal data. If the terms and conditions of such promotional games concerning the treatment of your personal data conflict with this Privacy Policy, the terms and conditions of such promotional games shall prevail.

Social networks data

Account data. To manage and administer our profiles on social networks (e.g., “Facebook”, “Instagram”, “Twitter”, “LinkedIn”, “YouTube” accounts), we may collect and process your personal data (e.g., full name, social network profile name, pictures, and/or public comments) you provided voluntarily.

GROUNDS FOR PROCESSING OF PERSONAL DATA

Your personal data is processed:

Where it is necessary to fulfil the contract with you. Such cases include: i) to provide access to Services; ii) to process your purchase transactions; iii) to ensure the secure, reliable, and robust performance of Services and Website.

When we have a legal obligation to process certain personal data collected from you (e.g., to keep and process records for tax purposes and accounting).

Where you have provided your consent to us. Such cases may include: i) to send marketing communication (unless applicable law permits us to contact you without your prior consent); ii) to communicate with you and manage your participation in Saily’s contests, offers, referrals, or promotions. Please note that although Saily may also process your personal data for marketing purposes when applicable law permits us to contact you without your separate consent if you choose not to receive marketing communication from us (i.e., if you opt-out), we will honour your request.

We sometimes may process your personal data under the legal basis of our or third parties’ legitimate interest. Such cases include: i) to properly administer business communication with you; ii) to detect, prevent, or otherwise address fraud, abuse, security, or technical issues with our Services and Website; iii) to protect against harm to the rights, property, and safety of Saily, our users, or third parties; iv) to improve or maintain our Services and provide new products and features; v) to receive knowledge of how our Website and applications are being used (crash reports, app store reviews, information about the channel from which our mo bile application was downloaded, etc.).

SHARING YOUR PERSONAL DATA

We do not share your personal data with third parties except as described in this Privacy Policy.

Technological partner. We act as an agent for our technological partner 1GLOBAL Software to deliver Services directly to you. Our partner is TP Global Operations Limited, a Limited liability company incorporated and registered in England and Wales with company number 14109189 whose registered office is at 109 Farringdon Road, Farringdon, London, EC1R 3BW, UK (“1GLOBAL”). We share information (which may include information relating to personal data), with 1GLOBAL as a condition of our marketing agreement, to ensure the most appropriate and best service delivery. More information on how 1GLOBAL processes personal data can be found on 1GLOBAL Privacy Policy.

Service providers. We also use third-party service providers to help us with various operations, such as payment processing, email automation, Website and mobile application d iagnostics, analytics, and others. As a result, some of these providers may process personal data. Some of our main service providers:

Live chat and support service platform, e.g., Zendesk (provided by Zendesk Inc.), Klaus (provided by Qualitista OÜ)

Emailing service providers, e.g., Iterable (provided by Iterable Inc.), Sendgrid (provided by Twilio Inc.)

Marketing, application analytics, and diagnostics, e.g., Google Analytics, Firebase Analytics (provided by Google), AppsFlyer (provided by AppsFlyer Ltd.)

Conversion attribution system, e.g., Hasoffers (provided by Tune Inc.)

Payment processing, e.g., NordSec B.V., Moonflash Limited, Lagosec Inc., nordvpn S.A., Stripe Inc., Stripe Payments Europe Ltd., Adyen N.V., PayPal Inc.

Other Saily partners. Sometimes our partners, for example, distributors, resellers, and app store partners will be independent data controllers of your personal data. In such cases, the procedures established by them (e.g., terms of service and privacy policies) will apply to such relationships. In other cases, we may collaborate with partners as joint controllers meaning that we jointly define the purpose and means of data processing with them. Both joint controllers are then responsible for the data processing and its compliance with applicable privacy laws.

We also partner with third parties to display advertising on our Website or to manage our advertising on other sites. These partners help us deliver more relevant ads and promotional messages to you, which may include behavioural, contextual, and generic advertising. We and our advertising partners may process certain personal data to help us understand your preferences so that we can deliver advertisements that are more relevant to you.

Your personal data may be processed in any country in which we engage service providers and partners. When you use our Services and Website, you understand and acknowledge that your personal data may be transferred outside of the country where you reside.

Other group companies. We share your personal data with other group companies Saily is part of to carry out our daily business operations and to enable us to maintain and provide Services to you.

Protection of your rights. We may disclose personal data to establish or exercise our legal rights or defend against any legal claims or other complaints. We may also share such information if we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, and violations of our Terms & Conditions.

Investigations, courts & others. We may provide personal data to law enforcement and pre-trial investigation authorities, courts and other dispute resolution authorities, and other persons performing functions assigned by law, in accordance with the legislation of the State of Delaware, United States of America. We provide information to these entities as required by law or as specified by the entities themselves.

Business transfers. We may share your personal data in those cases where we sell or negotiate to sell our business or go through a corporate merger, acquisition, consolidation, asset sale, reorganisation, or similar event. In these situations, Saily will continue to ensure the confidentiality of your personal data.

Cross-border transfers of personal data. To facilitate Services and Website, we may store, access, and transfer personal data from around the world, including in countries where Saily has operations. These locations may not guarantee the same level of protection of personal data as the one in which you reside. We assess the circumstances involving all cross-border data transfers and have suitable safeguards in place to ensure that your personal data will remain protected in accordance with this Privacy Policy. For example, in case your personal data is transferred to countries outside the EEA, we make sure there is an adequacy decision from the European Commission with regards to the recipient country or we use standard contractual clauses approved by the European Commission for such transfer of your personal data.

CHOICES RELATED TO YOUR DATA

Please note that various data protection laws across different jurisdictions provide privacy rights to you as a data subject. Subject to those applicable data protection laws, among others, you may have the following rights:

Delete: request us to erase your personal data.

Access: know and access personal data Saily has collected about you.

Rectify: rectify, correct, update, or complement inaccurate/incomplete personal data Saily has about you.

Object: object to the processing of your personal data which is done based on our legitimate interests (e.g., for marketing purposes).

Portability: request us to provide you with a copy of your personal data in a structured, commonly used, and machine-readable format or to transmit (if technically feasible) your personal data to another controller (only where our processing is based on your consent and carried out by automated means).

Restrict: restrict the processing of your personal data (when there is a legal basis for that).

Withdraw consent: withdraw your consent where processing is based on a consent you have previously provided.

Lodge a complaint: exercise your rights by contacting us directly or, if all else fails, by lodging a complaint with a supervisory authority.

How to exercise your privacy rights

Rectification. If you’d like to edit your profile information (e.g., change your email address), please contact our support team at [email protected].

Access/deletion. If you wish to delete your Account or your personal data that we process, or request to provide you with a copy of your personal data, please contact us at [email protected].

Please note that you will need to pass through the Account verification process so that we can verify you are the owner of the Account before taking further action on your request.

If you are using an Apple device, to initiate deletion, please follow these steps and our support team will follow up with your request shortly:

Saily Account via Saily app on iPhone: open the Saily app and log into your Account, tap on the Profile icon, tap “Account settings”, under “Delete account”, click “Delete”, and tap “Delete” once again.

Opt-out. If you wish to unsubscribe from our communication, you can opt-out at any time by clicking the “unsubscribe” link at the bottom of each email or contacting us at [email protected].

Cookies. You can control the use of cookies at the individual browser level on your device. To disable cookies, follow your browser’s instructions on how to block or clear cookies.

If you do not agree with the processing of your personal data by Saily, please do not use Services and Website. You can request us to discontinue processing your personal data, in which case your data will be processed only as much as it is necessary to effect the discontinuation of your use of the Services (e.g., final settlement or deleting all personal data based on your email address), or finalising other Saily’s legal relationship with you (e.g., record keeping, accounting, processing refunds). Please note that we or our third-party service providers may be obliged to retain your certain personal data as required by law.

To raise any other questions, concerns, or complaints about our privacy practices or our processing of your personal data, please contact us as provided below (Section “Contact Us”).

DATA SECURITY

We maintain tight controls over the personal data we collect. Our dedicated IT security team has implemented appropriate physical, technical, and organisational measures to protect information about you against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure, or access and against all other unlawful forms of processing:

Physical Measures. We control access to our facilities with access cards. We also use security alarm systems and CCTV. We store devices with personal data information only in locked rooms or cabinets. Our printers are protected by access control measures. A clean desk policy is implemented.

Technical Measures. We use layered defence with firewalls, anti-malware protection, intrusion detection, and prevention systems. Our infrastructure is regularly updated and regular vulnerability scans are in place to detect possible vulnerabilities. We have security event and incident management solutions to correlate and investigate signals in security tools. Servers are hardened and automated configuration tools are used to manage them. All workplaces are managed from a centralised endpoint management tool. Data at rest and in transit are encrypted. Encryption protocols are used according to the newest security practices.

Organisational Measures. We adopted information security and data processing policies according to best practices. We have external audits to prove our information security and data processing policies are up to standards. We adopted a constant development culture of security and data protection awareness among our employees (including organising regular and ongoing training and other awareness activities). We analyse the threat landscape and attack surface and constantly update our security measures. Access to databases containing personal data is granted on a need-to-know basis.

If we detect something suspicious, we will notify you immediately and guide you through steps to stay better protected. However, no company can guarantee the absolute security of internet communications as no technology is completely bulletproof. By using the Services and Website, you expressly acknowledge that we cannot guarantee the 100% security of personal data provided to or received by us through the Services and that any information received from you through Website or our Services is provided at your own responsibility. If you have any reason to believe that your interaction with us is no longer secure, please notify us at [email protected].

DATA RETENTION AND DELETION

Saily will keep your personal data only as long as necessary to provide you with the Services, or for as long as we have another legitimate ground to do so, but not longer than permitted or required by law. Some of more specific data retention terms are provided below:

Personal data related to the provision of the Services is kept for 3 years from the last usage of the data plan.
Personal data related to data usage is kept for 30 days or as long as required by legislation.
Customer billing information and payment details are kept by Saily for 10 years from the last payment transaction.
Customer support records are kept for 3 years.
Saily will use your email for marketing communication for 1 year after the end of your last data plan or until you exercise your right to opt-out, whichever comes first.

When we no longer have a legal ground to keep your personal data, it will either be securely disposed of, or de-identified through appropriate anonymization means. Saily will destroy personal data recorded or stored in the form of electronic files using method(s) that would prevent the recovery of the data.

COUNTRY-SPECIFIC PROVISIONS

For users in the European Economic Area (“EEA”)

If you are a resident of EEA countries, you can exercise your rights as provided in the European Union's General Data Protection Regulation (“GDPR”) by contacting us at [email protected].

For users in California

If you are a California resident, you can exercise your rights as provided in the California Consumer Privacy Act (“CCPA”) by contacting us at [email protected]. As per definitions in the CCPA, please note that Saily does not sell, share, lease, or rent your personal information.

If you have questions, requests, concerns, or complaints about this Privacy Policy or our personal data processing practices, or you wish to exercise your data subject rights, please contact us via [email protected] or by writing to us at the following address:

“peakstar technologies Inc.”, registered address 16192 Coastal Highway, Lewes, Delaware 19958, County of Sussex, United States of America

CHILDREN’S DATA

Saily does not knowingly collect or solicit personal data from anyone under the age of 18. If you are under 18, please do not attempt to send any personal data about yourself to Saily. If we acknowledge that we have collected and processed personal data from a child under the age of 18, we will delete that data as quickly as possible.

OTHER TERMS

Limitation of liability. To ensure the security of personal data, Saily employs various technical, physical, and organisational security measures; however, it is your responsibility to exercise caution and reason when using the Services and Website. You will be personally liable if your use of the Services and Website violates any third-party privacy or any other rights or any applicable laws. Under no circumstances is Saily liable for the consequences of your unlawful, wilful, and negligent activities, and any circumstances that may not have been reasonably controlled or foreseen (please read the Terms & Conditions for more information).

Links to other websites. Our Website may include links to other websites (e.g., social media websites, partner’s websites, etc.) whose privacy practices may be different from ours. If you access any of those websites via such links and/or submit your personal data to any of those websites, your personal data is processed by the procedures established by them and governed by their privacy policies. We encourage you to carefully read the privacy policy (or other respective privacy notices) of any website you visit.

Prevailing language. For all purposes, the English language version of the Privacy Policy shall be the original, governing instrument and understanding between you and us. In the event of any conflict between this English language version of the Privacy Policy and any subsequent translation into any other language, the English language version shall govern and control.

Updates to the Privacy Policy. Both our and our technology partner’s Services and Website constantly introducing new features or being modified. Therefore, we may need to amend the Privacy Policy from time to time. If the amendments to the Privacy Policy materially affect the activities of our processing of your personal data, we will notify you in advance of such changes by reasonable means (e.g., notification through the respective applications, our Website, or via email), and we will always indicate the date of the last update. Unless it is stated by us otherwise, each update of the Privacy Policy comes into force as of the moment when the amended Privacy Policy is published on this Website. You are expected to check this Privacy Policy regularly so that you are familiar with the most current wording of the Privacy Policy. Your continued use of the Services and Website will be deemed acceptance thereof.