Privacy Policy
Last updated: 2024-09-11
This document (“Privacy Policy”) explains the privacy rules applicable to all information collected or submitted when users access, install, or use Saily Services (as defined below) and the Website regardless of the device (computer, mobile phone, tablet, etc.) used.
In this Privacy Policy, “personal data” refers to any information or set of information that allows us to directly or indirectly identify a user (e.g., by name, surname, email address, telephone number, etc.).
User should read this Privacy Policy in conjunction with the Consumer Terms of Service or the Business Terms of Service (if the user is an employee or authorized personnel of Saily’s customer, as defined below), if they want to use Saily or other related services we may provide to user that directly link to this statement.
Additional information on how a user’s data is processed may also be outlined in contractual terms, supplemental privacy statements, notices.
Capitalized terms used in this Privacy Policy as definitions are defined either within this document or in our Consumer Terms of Service and Business Terms of Service.
By registering an account,using or visiting any Saily mobile application, Website, ordering and/or using Saily, contacting us with inquiries related to Saily (collectively, the “Service” or “Services”), the user acknowledges that they have read and agree to be bound by this Privacy Policy. If the user disagrees with the rules of this Privacy Policy, they should not use our Services.
Who we are
We are “peakstar technologies Inc.”, a corporation organized under the laws of the State of Delaware, United States of America, under registration number 7600176, registered address 16192 Coastal Highway, Lewes, Delaware 19958, County of Sussex, United States of America (“Saily”, “we”, “us”, “our”). Under privacy laws, we act as a data controller.
PROCESSING OF YOUR PERSONAL DATA
Saily processes user’s personal data to a limited scope to provide Services, process payments for the Services, and enable the functioning of our Website and mobile application. We may process the following categories of personal data:
Information required to create your Account and sign up for the Services
Name, email address. We collect the user's full name and email address during registration. This information is necessary for establishing Saily account, retrieving a lost password, and using the Services. Under certain circumstances for regulatory purposes in some countries to create an Account and sign up for the Service we may require copies of personal documentation (Passport, ID document, etc.) from the user which will be held by us and made available to national regulators if they so request.
Order data. When a user orders Services we process certain order information (e.g., the data plan user has chosen, term, currency, status, approximate location based on IP address, etc.).
Information related to the conclusion and performance of the business agreement
Personal information. In order to conclude and perform a business agreement with the business customer we may process business customer’s representatives’ contact information (full name, telephone number, and/or email address) and professional information (position, represented entity’s information).
Payment related information
Payment data. This information is necessary to collect payments for our Services. Our payment processing partners process basic billing information for payment processing and refund requests (such as date of purchase, payer’s IP address, zip code, card owner’s full name, and credit card information).
Country details. When providing payment details, we ask our users to provide the country, state or province where they are registered, have a permanent address or usually live. This information is necessary for VAT calculation purposes.
Information for payment fraud prevention. To prevent fraudulent payments for the Services, user’s personal data (such as payer’s email address and device information) can be verified by our and/or our payment processing partner’s fraud management tools. A payment transaction that is considered high-risk may be rejected by us.
Communication data
Email address. We use the user's email address to: i) send user important updates and announcements related to their use of our Services; ii) respond to user’s requests or inquiries; iii) send user offers, surveys, and other marketing content (user can opt-out of those at any time).
Customer support inquiries. We keep the information that the user provided to our customer support team that was necessary to resolve the query. Depending on what information is necessary, it can consist of, but is not limited to: payment information for customer verification processes, user’s country name, information on user’s device, etc.
Communication optimization data. We use various tools to help us optimize our email campaigns. These tools may track events the user performs with an email, such as open and unsubscribe. We may also be able to see the user device’s operating system (e.g., Windows, Mac, iOS, Android) to optimize push notifications and automatically set the language.
Chatbot. If the user contacts us via our chatbot on our website, in addition to collecting the user’s contact information, we will be able to see the user’s IP address. This additional information is necessary for our support to determine the user's country.
Information collected on our Website
Service usage. We collect information about specific Saily Services user use.
Access logs. Like most websites on the internet, our Website collects access logs (such as IP address, browser type, operating system) to operate our services and ensure their secure, reliable, and robust performance. This information is also essential for fighting against DDoS attacks, scanning, and similar hacking attempts.
Cookies. Cookies, pixels, and other similar technologies are usually small text or image files that are placed on the user's device when the user visits our Website. Some cookies are essential for our Website to operate smoothly; others are used to improve Websites’ functionality, analyze aggregated usage statistics to improve Website’s performance, and for advertising. We also use affiliate cookies to identify the customers referred to our Website by our partners so that we can grant the referrers their commission. Users can check what cookies we use in our Cookie policy.
Information collected on our mobile application
In-app event information. Our application collects information about the activity on the user’s Account. The in-app event information is necessary for us: (i) to know if the application is working properly (e.g. if the user was able to register or login successfully if the user was able to download and install eSIM); (ii) to know how users interact with our application (e.g., what kind of user interface items are the most or least used, are notifications we show of interest to users, etc.); and (iii) to identify problems related to our app performance and updates (e.g., crash error reports). The in-app event contains the following information:
General event information: event time, categorization, and limited routing information.
Device information: device’s operating system and its architecture, device type, model, brand, unique device identifier, device’s city, country, and time zone.
Application information: name, version, and source of the application, enabled/disabled features at the time of the event, network type, public internet service provider’s information, user preferences (e.g., notifications enabled/disabled, language).
Account information: active/inactive plans, current and past active/inactive plans.
Traffic data. We may hold data about the network usage, Services assigned to the user’s Account, and purchase history to grant user rights related to the refund policy.
Device information. We may collect some device information on our application too. Such information is logged automatically and may include the model of the user’s device, operating system version, and similar non-identifying information. We may use this information to monitor, develop, and analyze the use of Services. Additionally, aiding users in making the most of eSIM functionalities.
Device identifiers. In some cases, we may record the user’s device’s identifier for marketing or analytics purposes. These identifiers are assigned to the user’s device by the OS manufacturer and can be reset at any time from the user’s device's settings. For instructions, see the following policies for different devices: Advertising & Privacy on iOS devices and Managing Google Settings on Android devices.
Promotional games data
Information for participating in our promotional games (e.g., sweepstakes, giveaways, contests). When the user decides to participate in any promotional game that requires additional personal information, the user will be explicitly requested to provide it. The personal data we ask the user to provide typically includes the user’s full name, e-mail address, phone number, and information about the purchased subscription plan. However, users have the right to refuse to provide such information and cease user’s participation in the promotional game at any time. In certain cases, we also may share the mentioned data with third parties that help us to organize/coordinate such promotional games. Please carefully review the terms and conditions of each promotional game in which the user participates as they may contain specific additional information about the processing of user’s personal data. If the terms and conditions of such promotional games concerning the treatment of user’s personal data conflict with this Privacy Policy, the terms and conditions of such promotional games shall prevail.
Social networks data
Account data. To manage and administer our profiles on social networks (e.g., “Facebook”, “Instagram”, “Twitter”, “LinkedIn”, “YouTube” accounts), we may collect and process users personal data (e.g., full name, social network profile name, pictures, and/or public comments) users provided voluntarily.
GROUNDS FOR PROCESSING OF PERSONAL DATA
Your personal data is processed:
Where it is necessary to fulfill the contract with our users. Such cases include: i) to provide access to Services; ii) to process user’s purchase transactions; iii) to ensure the secure, reliable, and robust performance of Services and Website.
When we have a legal obligation to process certain personal data collected from users (e.g., to keep and process records for tax purposes and accounting).
Where users have provided consent to us. Such cases may include: i) to send marketing communication (unless applicable law permits us to contact the user without user’s prior consent); ii) to communicate with users and manage users’ participation in Saily’s contests, offers, referrals, or promotions. Please note that although Saily may also process the user’s personal data for marketing purposes when applicable law permits us to contact the user without separate consent if the user chooses not to receive marketing communication from us (i.e., if the user opt-out), we will honor the user’s request.
We sometimes may process user’s personal data under the legal basis of our or third parties’ legitimate interest. Such cases include: i) to properly administer business communication with user; ii) to detect, prevent, or otherwise address fraud, abuse, security, or technical issues with our Services and Website; iii) to protect against harm to the rights, property, and safety of Saily, our users, or third parties; iv) to improve or maintain our Services and provide new products and features; v) to receive knowledge of how our Website and applications are being used (crash reports, app store reviews, information about the channel from which our mobile application was downloaded, etc.).
SHARING YOUR PERSONAL DATA
We do not share our users’ Personal Data with third parties except as described in this Privacy Policy.
Technological partner. We act as an agent for our technological partner 1GLOBAL Software to deliver Services directly to user. Our partner is TP Global Operations Limited, a limited liability company incorporated and registered in England and Wales with company number 14109189 whose registered office is at 109 Farringdon Road, Farringdon, London, EC1R 3BW, UK (“1GLOBAL”). We share information (which may include information relating to Personal Data), with 1GLOBAL as a condition of our marketing agreement, to ensure the most appropriate and best service delivery. More information on how 1GLOBAL processes Personal Data can be found on 1GLOBAL Privacy Policy.
Service providers. We also use third-party service providers to help us with various operations, such as payment processing, email automation, Website and mobile application diagnostics, analytics, and others. As a result, some of these providers may process personal data. Some of our main service providers:
Live chat and support service platform, e.g., Zendesk (provided by Zendesk Inc.), Klaus (provided by Qualitista OÜ)
Emailing service providers, e.g., Iterable (provided by Iterable Inc.), Sendgrid (provided by Twilio Inc.)
Marketing, application analytics, and diagnostics, e.g., Google Analytics, Firebase Analytics (provided by Google), AppsFlyer (provided by AppsFlyer Ltd.)
Conversion attribution system, e.g., Hasoffers (provided by Tune Inc.)
Payment processing, e.g., NordSec B.V., Moonflash Limited, Lagosec Inc., nordvpn S.A., Stripe Inc., Stripe Payments Europe Ltd., Adyen N.V., PayPal Inc.
Other Saily partners. Sometimes our partners, for example, distributors, resellers, and app store partners will be independent data controllers of user’s personal data. In such cases, the procedures established by them (e.g., terms of service and privacy policies) will apply to such relationships. In other cases, we may collaborate with partners as joint controllers meaning that we jointly define the purpose and means of data processing with them. Both joint controllers are then responsible for the data processing and its compliance with applicable privacy laws.
We also partner with third parties to display advertising on our Website or to manage our advertising on other sites. These partners help us deliver more relevant ads and promotional messages to users, which may include behavioral, contextual, and generic advertising. We and our advertising partners may process certain personal data to help us understand users’ preferences so that we can deliver advertisements that are more relevant to users.
Users’ personal data may be processed in any country in which we engage service providers and partners. When users use our Services and Website, they understand and acknowledge that their personal data may be transferred outside of the country where they reside.
Business customers (B2B). When users are using our Services for business purposes (e.g., as employees, contractors or authorized personnel) under an insertion order or other type of commercial agreement that Saily has signed with their employer or contracting organization (“Business customer”), we may share certain data related to their usage of our Services with that Business customer. In this case, Saily and the Business customer act as separate and independent data controllers. This means that each party is responsible for its own compliance with applicable data protection laws and regulations. Saily may collect and share data such as service plans, usage patterns, and billing information for the purpose of managing, analyzing, and optimizing the Services provided. This data will be shared in accordance with a data sharing agreement between Saily and the Business customer, ensuring compliance with applicable privacy and data protection laws. The Business customer may process this data in accordance with their own privacy policies and agreements with their employees or contractors. Users are encouraged to review these policies directly with their employer or contracting organization for detailed information on how their data is handled. Saily shall not be liable for the Business customer’s processing of personal data, and the Business customer shall not be liable for Saily’s processing of personal data. Each party agrees to handle personal data in accordance with its own privacy policies and applicable legal requirements.
Other group companies. We share users’ personal data with other group companies Saily is part of to carry out our daily business operations and to enable us to maintain and provide Services to users.
Protection of user’s rights. We may disclose personal data to establish or exercise our legal rights or defend against any legal claims or other complaints. We may also share such information if we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, and violations of our Consumer Terms of Service and Business Terms of Service.
Investigations, courts & others. We may provide personal data to law enforcement and pre-trial investigation authorities, courts and other dispute resolution authorities, and other persons performing functions assigned by law, in accordance with the legislation of the State of Delaware, United States of America. We provide information to these entities as required by law or as specified by the entities themselves.
Business transfers. We may share users’ personal data in those cases where we sell or negotiate to sell our business or go through a corporate merger, acquisition, consolidation, asset sale, reorganization, or similar event. In these situations, Saily will continue to ensure the confidentiality of users’ personal data.
Cross-border transfers of personal data. To facilitate Services and the Website, we may store, access, and transfer personal data from around the world, including in countries where Saily has operations. These locations may not guarantee the same level of protection of personal data as the one in which the user resides. We assess the circumstances involving all cross-border data transfers and have suitable safeguards in place to ensure that users’ personal data will remain protected in accordance with this Privacy Policy. For example, in case a user’s personal data is transferred to countries outside the EEA, we make sure there is an adequacy decision from the European Commission with regards to the recipient country or we use standard contractual clauses approved by the European Commission for such transfer of user’s personal data.
CHOICES RELATED TO YOUR DATA
Please note that various data protection laws across different jurisdictions provide privacy rights to the user as a data subject. Subject to those applicable data protection laws, among others, user may have the following rights:
Delete: request us to erase the user’s personal data.
Access: know and access personal data Saily has collected about the user.
Rectify: rectify, correct, update, or complement inaccurate/incomplete personal data Saily has about the user.
Object: object to the processing of user’s personal data which is done based on our legitimate interests (e.g., for marketing purposes).
Portability: request us to provide a copy of user’s personal data in a structured, commonly used, and machine-readable format or to transmit (if technically feasible) user’s personal data to another controller (only where our processing is based on user’s consent and carried out by automated means).
Restrict: restrict the processing of user’s personal data (when there is a legal basis for that).
Withdraw consent: withdraw user’s consent where processing is based on a consent user has previously provided.
Lodge a complaint: exercise user’s rights by contacting us directly or, if all else fails, by lodging a complaint with a supervisory authority.
How to exercise your privacy rights
Rectification. If a user would like to edit their profile information (e.g., change email address), please contact our support team at [email protected].
Access/deletion. If a user wishes to delete their Account or their personal data that we process, or request to provide them with a copy of their personal data, please contact us at [email protected].
Please note that the user will need to pass through the Account verification process so that we can verify the user is the owner of the Account before taking further action on their request.
If user is using an Apple devices, to initiate deletion, please follow these steps and our support team will follow up with their request shortly:
Saily Account via Saily app on iPhone: open the Saily app and log intor Account, tap on the Profile icon, tap “Account settings”, under “Delete account”, click “Delete”, and tap “Delete” once again.
Opt-out. If a user wishes to unsubscribe from our communication, they can opt-out at any time by clicking the “unsubscribe” link at the bottom of each email or contacting us at [email protected].
Cookies. Users can control the use of cookies at the individual browser level on their device. To disable cookies, follow browser’s instructions on how to block or clear cookies.
If a user does not agree with the processing of their personal data by Saily, please do not use Services and Website. User can request us to discontinue processing of their personal data, in which case user’s data will be processed only as much as it is necessary to effect the discontinuation of user’s use of the Services (e.g., final settlement or deleting all personal data based on user’s email address), or finalizing other Saily’s legal relationship with user (e.g., record keeping, accounting, processing refunds). Please note that we or our third-party service providers may be obliged to retain certain user’s personal data as required by law.
To raise any other questions, concerns, or complaints about our privacy practices or our processing of user’s personal data, please contact us as provided below (Section “Contact Us”).
DATA SECURITY
We maintain tight controls over the personal data we collect. Our dedicated IT security team has implemented appropriate physical, technical, and organizational measures to protect information about user against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure, or access and against all other unlawful forms of processing:
Physical Measures. We control access to our facilities with access cards. We also use security alarm systems and CCTV. We store devices with personal data information only in locked rooms or cabinets. Our printers are protected by access control measures. A clean desk policy is implemented.
Technical Measures. We use layered defense with firewalls, anti-malware protection, intrusion detection, and prevention systems. Our infrastructure is regularly updated and regular vulnerability scans are in place to detect possible vulnerabilities. We have security event and incident management solutions to correlate and investigate signals in security tools. Servers are hardened and automated configuration tools are used to manage them. All workplaces are managed from a centralized endpoint management tool. Data at rest and in transit are encrypted. Encryption protocols are used according to the newest security practices.
Organizational Measures. We adopted information security and data processing policies according to best practices. We have external audits to prove our information security and data processing policies are up to standards. We adopted a constant development culture of security and data protection awareness among our employees (including organizing regular and ongoing training and other awareness activities). We analyze the threat landscape and attack surface and constantly update our security measures. Access to databases containing personal data is granted on a need-to-know basis.
If we detect something suspicious, we will notify users immediately and guide them through steps to stay better protected. However, no company can guarantee the absolute security of internet communications as no technology is completely bulletproof. By using the Services and Website, users expressly acknowledge that Saily cannot guarantee the 100% security of personal data provided to or received by us through the Services and that any information received from users through Website or our Services is provided at users’ own responsibility. If users have any reason to believe that their interaction with us is no longer secure, please notify us at [email protected].
DATA RETENTION AND DELETION
Saily will keep the user’s personal data only as long as necessary to provide the user with the Services, or for as long as we have another legitimate ground to do so, but not longer than permitted or required by law. Some of more specific data retention terms are provided below:
Personal data related to the provision of the Services is kept for 3 years from the last usage of the data plan.
Personal data related to data usage is kept for 30 days or as long as required by legislation.
Customer billing information and payment details are kept by Saily for 10 years from the last payment transaction.
Customer support records are kept for 3 years.
Saily will use the user’s email for marketing communication for 1 year after the end of the user’s last data plan or until the user exercises their right to opt-out, whichever comes first.
When we no longer have a legal ground to keep user’s personal data, it will either be securely disposed of, or de-identified through appropriate anonymization means. Saily will destroy personal data recorded or stored in the form of electronic files using method(s) that would prevent the recovery of the data.
COUNTRY-SPECIFIC PROVISIONS
For users in the European Economic Area (“EEA”)
If the user is a resident of EEA countries, the user can exercise their rights as provided in the European Union's General Data Protection Regulation (“GDPR”) by contacting us at [email protected].
For users in California
If the user is a California resident, the user can exercise their rights as provided in the California Consumer Privacy Act (“CCPA”) by contacting us at [email protected]. As per definitions in the CCPA, please note that Saily does not sell, share, lease, or rent user’s personal information.
CONTACT US
If the user has questions, requests, concerns, or complaints about this Privacy Policy or our personal data processing practices, or wish to exercise their data subject rights, please contact us via [email protected] or by writing to us at the following address:
“peakstar technologies Inc.”, registered address 16192 Coastal Highway, Lewes, Delaware 19958, County of Sussex, United States of America
CHILDREN’S DATA
Saily does not knowingly collect or solicit personal data from anyone under the age of 18. If you are under 18, please do not attempt to send any personal data about yourself to Saily. If we acknowledge that we have collected and processed personal data from a child under the age of 18, we will delete that data as quickly as possible.
OTHER TERMS
Limitation of liability. To ensure the security of personal data, Saily employs various technical, physical, and organizational security measures; however, it is the user’s responsibility to exercise caution and reason when using the Services and Website. User will be personally liable if their use of the Services and Website violates any third-party privacy or any other rights or any applicable laws. Under no circumstances is Saily liable for the consequences of user’s unlawful, wilful, and negligent activities, and any circumstances that may not have been reasonably controlled or foreseen (please read the Consumer Terms of Service and Business Terms of Service for more information).
Links to other websites. Our Website may include links to other websites (e.g., social media websites, partner’s websites, etc.) whose privacy practices may be different from ours. If users access any of those websites via such links and/or submit their personal data to any of those websites, the user’s personal data is processed by the procedures established by them and governed by their privacy policies. We encourage users to carefully read the privacy policy (or other respective privacy notices) of any website they visit.
Prevailing language. For all purposes, the English language version of the Privacy Policy shall be the original, governing instrument and understanding between users and us. In the event of any conflict between this English language version of the Privacy Policy and any subsequent translation into any other language, the English language version shall govern and control.
Updates to the Privacy Policy. Both our and our technology partner’s Services and Website constantly introducing new features or being modified. Therefore, we may need to amend the Privacy Policy from time to time. If the amendments to the Privacy Policy materially affect the activities of our processing of user’s personal data, we will notify user in advance of such changes by reasonable means (e.g., notification through the respective applications, our Website, or via email), and we will always indicate the date of the last update. Unless it is stated by us otherwise, each update of the Privacy Policy comes into force as of the moment when the amended Privacy Policy is published on this Website. Users are expected to check this Privacy Policy regularly so that they are familiar with the most current wording of the Privacy Policy. User’s continued use of the Services and Website will be deemed acceptance thereof.