Privacy Policy — Simless

Last updated: 28 May 2026 · Effective: 28 May 2026

Summary: Simless collects only the data required to operate the service — account info, purchase records, and optional roster data processed entirely on your device. We do not sell your personal data to third parties. Payments are handled by Paddle and never touch our servers.

1. Who We Are

Simless ("we," "us," or "our") is operated by Simless Ltd. Our registered address and data controller contact is:

Email: support@simless.com.tr
Website: https://simless.com.tr

2. Information We Collect

2.1 Account Information

When you create a Simless account, we collect:

Email address
Display name
Crew role and airline/company (optional, for personalised recommendations)
Base airport (optional)

2.2 Purchase & Billing Information

All payment processing is handled by Paddle as Merchant of Record. Simless does not store your card number, CVV, or full payment details. We receive from Paddle:

Order confirmation and transaction ID
eSIM package purchased (country, provider, data amount)
Billing email address
Country of purchase (for tax purposes)

2.3 Roster & Flight Data

If you use the roster upload feature, PDF files are processed entirely on your device using on-device machine learning. Roster data is stored locally in your device's secure storage (SwiftData) and is never transmitted to our servers unless you explicitly sync your schedule. Flight legs and destination codes are used solely to generate eSIM recommendations.

Rail Crew: Train schedules are parsed on-device identically to aviation rosters.

2.4 eSIM Usage Data

Data balance and usage metrics are fetched directly from your eSIM provider's API and displayed in-app. We cache this data temporarily on-device to reduce API calls. We do not store historical usage data on our servers.

2.5 Location Data

With your permission, Simless accesses your approximate location to suggest relevant eSIM plans for your current country. Location data is used only at the moment of the request and is not stored or shared.

2.6 Device & App Analytics

We collect anonymised, aggregated analytics to understand how the app is used — such as which features are most popular and crash reports. These analytics contain no personally identifiable information and cannot be linked back to you.

3. How We Use Your Information

Service delivery: to create your account, process eSIM purchases, and provision plans
Personalisation: to show relevant eSIM recommendations based on your destinations
Notifications: to send data usage alerts and order confirmations (only if you opt in)
Support: to respond to your help requests and resolve billing issues
Improvement: anonymised analytics to improve app features and fix bugs
Legal compliance: to meet tax, regulatory, and legal obligations

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area and United Kingdom, our legal bases are:

Contract: processing your account and purchase data to deliver the service you signed up for
Legitimate interests: anonymised analytics, fraud prevention, and service security
Consent: location access and marketing communications (you can withdraw consent any time)
Legal obligation: VAT records and regulatory compliance

5. Third-Party Services

Simless integrates with the following third-party services. Each has its own privacy policy:

Paddle — payment processing and subscriptions. Paddle Privacy Policy
Airalo, Celitech, Mobimatter, GigSky, Simbase — eSIM provisioning. Your email is shared with the active provider only at the time of eSIM purchase, to issue your QR code.
eSIM Go, eSIM Access — additional eSIM provisioning providers.
Apple — push notifications, Sign in with Apple, and App Store distribution. Apple Privacy Policy

We do not sell, rent, or trade your personal data with any other third parties for advertising purposes.

6. Data Retention

Account data: retained while your account is active, deleted within 30 days of account deletion
Purchase records: retained for 7 years as required by financial and tax regulations
Roster/flight data: stored locally on your device; cleared when you delete the app or reset the app data
Analytics: aggregated data retained for 24 months; no individual data is retained

7. Your Rights

Depending on your location, you may have the right to:

Access the personal data we hold about you
Correct inaccurate data
Request deletion of your account and associated data
Object to processing based on legitimate interests
Data portability — receive your data in a machine-readable format
Withdraw consent (e.g. location access) at any time via iOS Settings

To exercise any of these rights, email support@simless.com.tr. We'll respond within 30 days.

8. Data Security

We use industry-standard safeguards including TLS encryption in transit, encrypted storage at rest, and strict access controls. API keys for eSIM providers are stored in your device's Keychain, not on our servers. Paddle handles all card data in a PCI-DSS compliant environment.

9. Children's Privacy

Simless is not directed to children under 13. We do not knowingly collect data from children. If you believe a child has provided personal data, contact us at support@simless.com.tr and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Significant changes will be notified via the app or email. Continued use of Simless after changes constitutes acceptance of the updated policy. The "Last updated" date at the top of this page reflects the most recent revision.

11. Contact

For privacy questions or to exercise your rights:

Email: support@simless.com.tr
Response time: within 30 days