Privacy Policy

Last updated: 2025-11-07

This document (“Privacy Policy”) explains the privacy rules applicable to all information collected or submitted when users access, install, or use Saily Services (as defined below), the App, and the Website, regardless of the device (computer, mobile phone, tablet, etc.) used.

In this Privacy Policy, “personal data” refers to any information or set of information that allows us to directly or indirectly identify a user (e.g., by name, surname, email address, telephone number, etc.).

User should read this Privacy Policy in conjunction with the Consumer Terms of Service, or the Business Terms of Service (if the user is an employee or authorized personnel of Saily’s customer, as defined below).

Additional information on how a user’s data is processed may also be outlined in contractual terms, supplemental privacy statements, notices.

Capitalized terms used in this Privacy Policy as definitions are defined either within this document or in our Consumer Terms of Service and Business Terms of Service.

By registering an Account, accessing and using the App, the Website, ordering and/or using Data Plans, contacting us with inquiries related to Saily (collectively, the “Service” or “Services”), the user acknowledges that they have read and agree to be bound by this Privacy Policy. If the user disagrees with the rules of this Privacy Policy, they should not use our Services.

Who we are

We are Saily (“Saily”, “we”, “us”, or “our”), a corporation organized under the laws of the State of Delaware, United States of America, with its principal business address at 330 N Wabash Ave, Chicago, IL 60611, United States of America.

For the purposes of this Privacy Policy, Saily Inc. is the entity responsible for determining the purposes and means of processing your personal data, acting as the data controller in connection with the services described in our Consumer Terms of Service, Business Terms of Service and this Privacy Policy.

In providing our Services and performing related activities, Saily Inc. may collaborate with other Saily group entities and trusted service providers, including:

  • Saily UAB, located at Švitrigailos str. 36, 03230 Vilnius, Lithuania, within the European Economic Area (EEA); and

  • CyberQuay Pty Ltd, located at Level 41, 161 Castlereagh Street, Sydney, NSW, 2000, Australia.

1. PROCESSING OF PERSONAL DATA

To provide our Services and operate our Website, we need to process certain information that can identify you, such as your email address or payment details (referred to as “personal information,” “personal data,” or simply “data”). The specific types of data we collect depend on how you interact with us, our Services, and Website, as well as the applicable legal requirements.

Your personal data may be collected by us in several ways:

  • Through information you provide directly (e.g., when creating your Account).

  • Automatically while you use our Services and/or Websites (e.g., through cookies).

We may process the following categories of personal data:

Information required to create Account and sign up for the Services

  • Name, email address. We collect the user's full name and email address during registration. This information is necessary for establishing an Account, retrieving a lost password, and using the Services. Under certain circumstances for regulatory purposes in some countries to create an Account and sign up for the Service we may require copies of personal documentation (Passport, ID document, etc.) from the user which will be held by us and made available to national regulators if they so request.

  • Order data. When a user orders Services we process certain order information (e.g., the data plan user has chosen, term, currency, status, billing information (for auto top-up functionality), approximate location based on IP address, etc.).

Information related to the conclusion and performance of the business agreement

  • Personal information. In order to conclude and perform a business agreement with the business customer we may process business customer’s representatives’ contact information (full name, telephone number, and/or email address) and professional information (position, represented entity’s information).

Payment related information

  • Basic billing data. When you purchase our Services, you need to provide a valid payment method along with associated billing details. The specific information collected depends on the payment method you choose and may include basic billing information such as

    • date of purchase, credit/debit card owner's full name, part of user’s credit card number, its expiration date. Your payment information (such as date of purchase, payer’s IP address, zip code, card owner’s full name, and credit card information) may be handled by our trusted third-party payment service providers. You may be redirected to an external website managed by the payment service provider to complete your transaction.

  • Country details. When providing payment details for Services related to Data Plans, we ask our users to provide the country, state or province where they are registered, have a permanent address or usually live. This information is necessary for VAT calculation purposes.

  • Information for dispute resolution. In certain cases, we may process information about your transaction details (along with your IP address), and your communication with our support team to help verify the legitimacy of disputed payments.

  • Information for refunds. If you request a refund for our Services, we may process the information that you submitted as part of the refund request, along with your data from the original purchase. This can include your personal identifiers (such as email address, card owner’s full name) and basic billing information (such as date of purchase, payer’s IP address, zip code, and credit card information) as necessary to assess and complete the refund process.

  • Information for payment fraud prevention. To prevent fraudulent payments for the Services, user’s personal data (such as payer’s email address and device information) can be verified by our and/or our payment processing partner’s fraud management tools. A payment transaction that is considered high-risk may be rejected by us.

Communication data

  • Email address. We use the user's email address to: i) send user important updates and announcements related to their use of our Services; ii) respond to user’s requests or inquiries; iii) send user offers, surveys, and other marketing content (user can opt-out of those at any time).

  • Customer support inquiries. We keep the information that the user provided to our customer support team that was necessary to resolve the query. Depending on what information is necessary, it can consist of, but is not limited to: payment information for customer verification processes, user’s country name, information on user’s device, etc.

  • Communication optimization data. We use various tools to help us optimize our email campaigns. These tools may track events the user performs with an email, such as open and unsubscribe. We may also be able to see the user device’s operating system (e.g., Windows, Mac, iOS, Android) to optimize push notifications and automatically set the language.

  • Chatbot. If the user contacts us via our chatbot on our website, in addition to collecting the user’s contact information, we will be able to see the user’s IP address. This additional information is necessary for our support to determine the user's country.

Information collected on our Website

  • Service usage. We collect information about specific Saily Services user use.

  • Access logs. Like most websites on the internet, our Website collects access logs (such as IP address, browser type, operating system) to operate our services and ensure their secure, reliable, and robust performance. This information is also essential for fighting against DDoS attacks, scanning, and similar hacking attempts.

  • Cookies. Cookies, pixels, and other similar technologies are usually small text or image files that are placed on the user's device when the user visits our Website. Some cookies are essential for our Website to operate smoothly; others are used to improve Websites’ functionality, analyze aggregated usage statistics to improve Website’s performance, and for advertising. We also use affiliate cookies to identify the customers referred to our Website by our partners so that we can grant the referrers their commission. Users can check what cookies we use in our Cookie policy.

Information collected on our App

  • In-app event information. Our App collects information about the activity on the user’s Account. The in-app event information is necessary for us: (i) to know if the App is working properly (e.g., if the user was able to register or login successfully, if the user was able to download and install eSIM); (ii) to know how users interact with our App (e.g., what kind of user interface items are the most or least used, are notifications we show of interest to users, etc.); and (iii) to identify problems related to our app performance and updates (e.g., crash error reports). The in-app event contains the following information:

    • General event information: event time, categorization, and limited routing information.

    • Device information: device’s operating system and its architecture, device type, model, brand, unique device identifier, device’s city, country, and time zone.

    • App information: name, version, and source of the App, enabled/disabled features at the time of the event, network type, public internet service provider’s information, user preferences (e.g., notifications enabled/disabled, language).

    • Account information: active/inactive plans, current and past active/inactive plans, credits information (when you are awarded Saily’s credits, we’ll store the information about the amount, currency, and expiration of your credits).

  • Traffic data. We may hold data about the network usage, Services assigned to the user’s Account, and purchase history to grant user rights related to the refund policy.

  • Device information. We may collect some device information on our App too. Such information is logged automatically and may include the model of the user’s device, operating system version, and similar non-identifying information. We may use this information to monitor, develop, and analyze the use of Services. Additionally, aiding users in making the most of eSIM functionalities.

  • Device identifiers. We shall record the user’s device’s identifier (for example, your device's IMEI number, or the mobile phone number used by the device), mobile network information for regulatory purposes, and in some cases - for marketing or analytics purposes. These identifiers are assigned to the user’s device by the OS manufacturer and can be reset at any time from the user’s device's settings. For instructions, see the following policies for different devices: Advertising & Privacy on iOS devices and Managing Google Settings on Android devices.

Promotional games data

  • Information for participating in our promotional games (e.g., sweepstakes, giveaways, contests). When the user decides to participate in any promotional game that requires additional personal information, the user will be explicitly requested to provide it. The personal data we ask the user to provide typically includes the user’s full name, e-mail address, phone number, and information about the purchased subscription plan. However, users have the right to refuse to provide such information and cease user’s participation in the promotional game at any time. In certain cases, we also may share the mentioned data with third parties that help us to organize/coordinate such promotional games. Please carefully review the terms and conditions of each promotional game in which the user participates as they may contain specific additional information about the processing of user’s personal data. If the terms and conditions of such promotional games concerning the treatment of user’s personal data conflict with this Privacy Policy, the terms and conditions of such promotional games shall prevail.

Social networks data

  • Account data. To manage and administer our profiles on social networks (e.g., “Facebook”, “Instagram”, “Twitter”, “LinkedIn”, “YouTube” accounts), we may collect and process users personal data (e.g., full name, social network profile name, pictures, and/or public comments) users provided voluntarily.

2. GROUNDS FOR PROCESSING OF PERSONAL DATA

User’s personal data is processed:

  • Where it is necessary to fulfill the contract with our users. Such cases include: i) to provide access to Services; ii) to process user’s purchase transactions; iii) to ensure the secure, reliable, and robust performance of Services, Website and App.

  • When we have a legal obligation to process certain personal data collected from users (e.g., to keep and process records for tax purposes and accounting).

  • Where users have provided consent to us. Such cases may include: i) to send marketing communication (unless applicable law permits us to contact the user without user’s prior consent); ii) to communicate with users and manage users’ participation in Saily’s contests, offers, referrals, or promotions. Please note that although Saily may also process the user’s personal data for marketing purposes when applicable law permits us to contact the user without separate consent if the user chooses not to receive marketing communication from us (i.e., if the user opt-out), we will honor the user’s request.

  • We sometimes may process user’s personal data under the legal basis of our or third parties’ legitimate interest. Such cases include: i) to properly administer business communication with user; ii) to detect, prevent, or otherwise address fraud, abuse, security, or technical issues with our Services, the Website and the App; iii) to protect against harm to the rights, property, and safety of Saily, our users, or third parties; iv) to improve or maintain our Services and provide new products and features; v) to receive knowledge of how our Website and App are being used (crash reports, app store reviews, information about the channel from which our App was downloaded, etc.).

3. SHARING PERSONAL DATA

We do not share our users’ Personal Data with third parties except as described in this Privacy Policy.

Service providers. We may use third-party service providers to help us with various operations, such as payment processing, email automation, the Website and the App diagnostics, analytics, and others. As a result, some of these providers may process personal data. Some of our main service providers:

  • Live chat and support service platform, e.g., Zendesk (provided by Zendesk Inc.), Klaus (provided by Qualitista OÜ).

  • Emailing service providers, e.g., Braze (provided by Braze Inc.), Iterable (provided by Iterable Inc.).

  • Marketing, application analytics, and diagnostics, e.g., Google Analytics, Firebase Analytics (provided by Google), AppsFlyer (provided by AppsFlyer Ltd.).

  • Conversion attribution system, e.g., Hasoffers (provided by Tune Inc.).

  • Payment processing, e.g., NordSec B.V., Moonflash Limited, Lagosec Inc., nordvpn S.A., Stripe Inc., Stripe Payments Europe Ltd., Adyen N.V., PayPal Inc.

Other Saily partners and processors. In certain cases, our partners - such as distributors, resellers, and app store partners - may act as independent data controllers of users’ personal data. When this is the case, their own procedures (e.g., terms of service and privacy policies) will apply to their processing activities. In other situations, we may collaborate with partners as joint controllers, meaning we jointly determine the purposes and means of processing personal data, and both parties are responsible for ensuring compliance with applicable privacy laws.

Additionally, we may engage third-party service providers, aggregators, vendors, or affiliates to process personal data on our behalf, strictly following our instructions and solely for the purposes outlined in this Privacy Policy. These parties act as data processors and are contractually obligated to implement appropriate technical and organizational measures to safeguard personal data and comply with applicable data protection laws.

We also partner with third parties to display advertising on our Website or to manage our advertising on other sites. These partners help us deliver more relevant ads and promotional messages to users, which may include behavioral, contextual, and generic advertising. We and our advertising partners may process certain personal data to help us understand users’ preferences so that we can deliver advertisements that are more relevant to users.

Users’ personal data may be processed in any country in which we engage service providers and partners. When users use our Services, the Website, or the App, they understand and acknowledge that their personal data may be transferred outside of the country where they reside.

Business customers (B2B). When users are using our Services for business purposes (e.g., as employees, contractors or authorized personnel) under an insertion order or other type of commercial agreement that Saily has signed with their employer or contracting organization (“Business customer”), we may share certain data related to their usage of our Services with that Business customer. In this case, Saily and the Business customer act as separate and independent data controllers. This means that each party is responsible for its own compliance with applicable data protection laws and regulations. Saily may collect and share data such as service plans, usage patterns, and billing information for the purpose of managing, analyzing, and optimizing the Services provided. This data will be shared in accordance with a data sharing agreement between Saily and the Business customer, ensuring compliance with applicable privacy and data protection laws. The Business customer may process this data in accordance with their own privacy policies and agreements with their employees or contractors. Users are encouraged to review these policies directly with their employer or contracting organization for detailed information on how their data is handled. Saily shall not be liable for the Business customer’s processing of personal data, and the Business customer shall not be liable for Saily’s processing of personal data. Each party agrees to handle personal data in accordance with its own privacy policies and applicable legal requirements.

Other group companies. We share users’ personal data with other group companies Saily is part of to carry out our daily business operations and to enable us to maintain and provide Services to users.

Protection of user’s rights. We may disclose personal data to establish or exercise our legal rights or defend against any legal claims or other complaints. We may also share such information if we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, and violations of our Consumer Terms of Service, or Business Terms of Service.

Investigations, courts & others. We may provide personal data to law enforcement and pre-trial investigation authorities, courts and other dispute resolution authorities, and other persons performing functions assigned by law, in accordance with the legislation of the jurisdiction, where Saily operates or from which a competent authority submits an inquiry. We provide information to these entities or persons as required by law or as specified by the entities themselves.

Business transfers. We may share users’ personal data in those cases where we sell or negotiate to sell our business or go through a corporate merger, acquisition, consolidation, asset sale, reorganization, or similar event. In these situations, Saily will continue to ensure the confidentiality of users’ personal data.

Cross-border transfers of personal data. To facilitate Services, the Website, and the App, we may store, access, and transfer personal data from around the world, including in countries where Saily has operations. These locations may not guarantee the same level of protection of personal data as the one in which the user resides. We assess the circumstances involving all cross-border data transfers and have suitable safeguards in place to ensure that users’ personal data will remain protected in accordance with this Privacy Policy. For example, in case a user’s personal data is transferred to countries outside the EEA, we make sure there is an adequacy decision from the European Commission with regards to the recipient country or we use standard contractual clauses approved by the European Commission for such transfer of user’s personal data.

4. CHOICES RELATED TO USER’S DATA

Please note that there are various data protection laws across different jurisdictions that provide privacy rights to you as an individual. Subject to the applicable data protection laws and any other applicable factors, you may have the following rights:

  • Delete: request us to erase the user’s personal data.

  • Access: know and access personal data Saily has collected about the user.

  • Rectify: rectify, correct, update, or complement inaccurate/incomplete personal data Saily has about the user.

  • Object: object to the processing of user’s personal data which is done based on our legitimate interests (e.g., for marketing purposes).

  • Portability: request us to provide a copy of user’s personal data in a structured, commonly used, and machine-readable format or to transmit (if technically feasible) user’s personal data to another controller (only where our processing is based on user’s consent and carried out by automated means).

  • Restrict: restrict the processing of user’s personal data (when there is a legal basis for that).

  • Withdraw consent: withdraw user’s consent where processing is based on a consent user has previously provided.

  • Rights related to automated decision-making: you have the right not to be subjected to a decision based solely on automated processing (including profiling) if such a decision could have a legal or otherwise significant impact on you.

  • Lodge a complaint: exercise user’s rights by contacting us directly or, if all else fails, by lodging a complaint with a supervisory authority.

How to exercise user’s privacy rights

Rectification. If a user would like to edit their profile information (e.g., change email address), please contact our support team at [email protected].

Access/deletion. If a user wishes to delete their Account or their personal data that we process, or request to provide them with a copy of their personal data, please contact us at [email protected].

Please note that the user will need to pass through the Account verification process so that we can verify the user is the owner of the Account before taking further action on their request.

If user is using an Apple devices, to initiate deletion, please follow these steps and our support team will follow up with their request shortly:

  • Saily Account via Saily app on iPhone: open the Saily app and log intor Account, tap on the Profile icon, tap “Account settings”, under “Delete account”, click “Delete”, and tap “Delete” once again.

Opt-out. If a user wishes to unsubscribe from our communication, they can opt-out at any time by (i) disabling the marketing communication option in their Saily account profile via the App, (ii) clicking the “unsubscribe” link at the bottom of each email or (iii) contacting us at [email protected].

Cookies. Users can control the use of cookies at the individual browser level on their device. To disable cookies, follow browser’s instructions on how to block or clear cookies.

If a user does not agree with the processing of their personal data by Saily, please do not use Services and Website. User can request us to discontinue processing of their personal data, in which case user’s data will be processed only as much as it is necessary to effect the discontinuation of user’s use of the Services (e.g., final settlement or deleting all personal data based on user’s email address), or finalizing other Saily’s legal relationship with user (e.g., record keeping, accounting, processing refunds). Please note that we or our third-party service providers may be obliged to retain certain user’s personal data as required by law.

To raise any other questions, concerns, or complaints about our privacy practices or our processing of user’s personal data, please contact us as provided below (Section “Contact Us”).

5. DATA SECURITY

We maintain tight controls over the personal data we collect. Our dedicated IT security team has implemented appropriate physical, technical, and organizational measures to protect information about user against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure, or access and against all other unlawful forms of processing:

  • Physical Measures. We control access to our facilities with access cards. We also use security alarm systems and CCTV. We store devices with personal data information only in locked rooms or cabinets. Our printers are protected by access control measures. A clean desk policy is implemented.

  • Technical Measures. We use layered defense with firewalls, anti-malware protection, intrusion detection, and prevention systems. Our infrastructure is regularly updated and regular vulnerability scans are in place to detect possible vulnerabilities. We have security event and incident management solutions to correlate and investigate signals in security tools. Servers are hardened and automated configuration tools are used to manage them. All workplaces are managed from a centralized endpoint management tool. Data at rest and in transit are encrypted. Encryption protocols are used according to the newest security practices.

  • Organizational Measures. We adopted information security and data processing policies according to best practices. We have external audits to prove our information security and data processing policies are up to standards. We adopted a constant development culture of security and data protection awareness among our employees (including organizing regular and ongoing training and other awareness activities). We analyze the threat landscape and attack surface and constantly update our security measures. Access to databases containing personal data is granted on a need-to-know basis.

If we detect something suspicious, we will notify users immediately and guide them through steps to stay better protected. However, no company can guarantee the absolute security of internet communications as no technology is completely bulletproof. By using the Services and Website, users expressly acknowledge that Saily cannot guarantee the 100% security of personal data provided to or received by us through the Services and that any information received from users through Website or our Services is provided at users’ own responsibility. If users have any reason to believe that their interaction with us is no longer secure, please notify us at [email protected].

6. DATA RETENTION AND DELETION

Saily will keep the user’s personal data only as long as necessary to provide the user with the Services, or for as long as we have another legitimate ground to do so, but not longer than permitted or required by law. Some of more specific data retention terms are provided below:

  • Personal data related to the provision of the Services is kept for 3 years from the last usage of the data plan.

  • Personal data related to data usage is kept for 30 days or as long as required by legislation or Data Plan variation.

  • Customer billing information and payment details are kept by Saily for 10 years from the last payment transaction.

  • Customer support records are kept for 3 years.

  • Saily will use the user’s email for marketing communication (i) for 1 year after the end of the user’s last data plan, or (ii) until the user exercises their right to opt-out, whichever comes first.

When we no longer have a legal ground to keep user’s personal data, it will either be securely disposed of, or de-identified through appropriate anonymization means. Saily will destroy personal data recorded or stored in the form of electronic files using method(s) that would prevent the recovery of the data.

7. COUNTRY-SPECIFIC PROVISIONS

For users in the European Economic Area (“EEA”)

If the user is a resident of an EEA country, the user may exercise their rights under the European Union’s General Data Protection Regulation (“GDPR”) by contacting us at [email protected].

For users in the United States

Sharing in the last twelve (12) months: In the past twelve (12) months, we have disclosed personal information for business purposes to the categories of service providers and contractors listed in the “Sharing personal data” Section.

For users in California

If the user is a California resident, the user can exercise their rights as provided in the California Consumer Privacy Act (“CCPA”) by contacting us at [email protected]. As per definitions in the CCPA, please note that Saily does not sell, share, lease, or rent user’s personal information.

In addition to the rights described in the “Choices related to user’s data” Section, California residents may also have the following rights under the provisions of the CCPA applying to the processing of personal information:

  • Right to opt out of sale/sharing. You have the right to opt out of the sale or sharing of your personal information to third parties.

  • Right to non-discrimination. You have the right to not receive discriminatory treatment if and when you exercise your privacy rights under the CCPA.

  • Right to limit the use of sensitive personal information. In general, you have the right to limit the use of your sensitive personal information (as described in the CCPA) when such use goes beyond that which is necessary for providing the Service (or for certain other permissible purposes, like fraud prevention, customer service, or quality control). However, Saily does not process sensitive information in a manner which might give rise to this right.

For users in the rest of the world

If the user is a resident of any other jurisdiction, the users may exercise their rights under applicable data protection laws by contacting us at [email protected].

8. CONTACT US

If the user has questions, requests, concerns, or complaints about this Privacy Policy or our personal data processing practices, or wish to exercise their data subject rights, please contact us via [email protected] or by writing to us at the relevant address, as determined by the user’s residence:

  • European Economic Area (EEA): Saily UAB, Švitrigailos str. 36, 03230 Vilnius, Lithuania.

  • Australia: CyberQuay Pty Ltd, LEVEL 41, 161 Castlereagh Street, Sydney, NSW, 2000, Australia.

  • Rest of the world: Saily Inc., 330 N Wabash Ave, Chicago, IL 60611, United States of America.

9. CHILDREN’S DATA

Saily does not knowingly collect or solicit personal data from anyone under the age of 18. If you are under 18, please do not attempt to send any personal data about yourself to Saily. If we acknowledge that we have collected and processed personal data from a child under the age of 18, we will delete that data as quickly as possible.

10. OTHER TERMS

Limitation of liability. To ensure the security of personal data, Saily employs various technical, physical, and organizational security measures; however, it is the user’s responsibility to exercise caution and reason when using the Services and Website. User will be personally liable if their use of the Services and Website violates any third-party privacy or any other rights or any applicable laws. Under no circumstances is Saily liable for the consequences of user’s unlawful, wilful, and negligent activities, and any circumstances that may not have been reasonably controlled or foreseen (please read the Consumer Terms of Service, and Business Terms of Service for more information).

Links to other websites. Our Website may include links to other websites (e.g., social media websites, partner’s websites, etc.) whose privacy practices may be different from ours. If users access any of those websites via such links and/or submit their personal data to any of those websites, the user’s personal data is processed by the procedures established by them and governed by their privacy policies. We encourage users to carefully read the privacy policy (or other respective privacy notices) of any website they visit.

Prevailing language. For all purposes, the English language version of the Privacy Policy shall be the original, governing instrument and understanding between users and us. In the event of any conflict between this English language version of the Privacy Policy and any subsequent translation into any other language, the English language version shall govern and control.

Updates to the Privacy Policy. Both our and our partners Services, Website, the App constantly introducing new features or being modified. Therefore, we may need to amend the Privacy Policy from time to time. If the amendments to the Privacy Policy materially affect the activities of our processing of user’s personal data, we will notify user in advance of such changes by reasonable means (e.g., notification through the respective applications, our Website, or via email), and we will always indicate the date of the last update. Unless it is stated by us otherwise, each update of the Privacy Policy comes into force as of the moment when the amended Privacy Policy is published on this Website. Users are expected to check this Privacy Policy regularly so that they are familiar with the most current wording of the Privacy Policy. User’s continued use of the Services, the Website and the App will be deemed acceptance thereof.