How we collect, use and protect your personal data — and the rights you have over it.
Last updated: Draft — June 2026 · Effective date: [effective date — pending publication]
beamSIM (“beamSIM”, “we”, “us”) is operated by Vecta Software Lab LLC, [registered address — pending company formation]. beamSIM is an online platform that sells eSIM data plans. We are the data controller for the personal data described in this Policy. Contact: privacy@beamsim.app. As a non-EU entity offering services to EU/EEA data subjects, where required we appoint a GDPR Art. 27 EU representative ([EU representative — to be appointed where required]) and, for Turkey, a KVKK representative, and will publish their contact details here as required by GDPR Art. 13.
We practise data minimisation. We collect only:
We do not collect: precise location, contacts, photos, advertising identifiers (IDFA), or any cross-app tracking data. beamSIM contains no advertising SDKs and does not track you across other apps or websites.
| Purpose | Data | Legal basis |
|---|---|---|
| Process your order, deliver the eSIM, provide support | Email, order, eSIM, identifiers | Performance of a contract (6(1)(b)) |
| Process payment | Payment (via Stripe) | Contract (6(1)(b)) |
| Keep tax/accounting & transaction records | Order/invoice data | Legal obligation (6(1)(c)) |
| Prevent fraud, secure the service | Order, identifiers, diagnostics | Legitimate interests (6(1)(f)) |
| Product analytics & crash diagnostics | Usage/crash | Legitimate interests (6(1)(f)) — improving, securing and stabilising the service and diagnosing crashes; you can object by contacting privacy@beamsim.app. |
| Marketing emails (if you opt in) | Consent (6(1)(a)) |
For Turkish users, equivalent KVKK bases apply (Art. 5: contract necessity, legal obligation, legitimate interest, explicit consent for marketing).
Card payments are handled by Stripe. Your card details are entered into Stripe’s secure payment sheet and are never stored by beamSIM. We receive only non-card data (payment status, a payment reference, amount). Stripe acts as an independent controller/processor for payment data under its own terms and privacy policy.
To deliver your eSIM, we send the necessary order/package information to our eSIM connectivity provider, which provisions the eSIM and returns activation data (ICCID, QR/activation details). We send the minimumdata required for fulfilment; under our current integration we do not transmit your email to the provider.
We share data only with service providers that help us run beamSIM. We put data-processing agreements in place with our processors where required; the controller/processor status and the agreement with each provider are being finalised before launch:
| Recipient | Purpose | Data |
|---|---|---|
| Stripe | Payment processing | Payment data + account/transaction identifiers (user_id, order_id, package_id sent as payment metadata; no email) |
| eSIM connectivity provider | eSIM fulfilment | Order/package data (no email under current integration) |
| Email delivery provider | Transactional emails | Email; transactional email content — delivery emails can include eSIM activation details (SM-DP+ / activation / manual-install codes) |
| Analytics provider | Product analytics | Scrubbed usage events (no PII) |
| Crash/error provider | Diagnostics | Scrubbed crash reports |
We do not sell your personal data and do not share it for third-party advertising.
Vecta Software Lab LLC is established in the United States. Where we process personal data of EU/EEA or Turkish users, transfers outside those regions rely on appropriate safeguards (e.g. EU Standard Contractual Clauses) and, for Turkey, KVKK-compliant transfer mechanisms.
We keep personal data only as long as necessary for the purpose collected, or as required by law. Where the law requires longer retention (e.g. tax and commercial-record laws), we keep the minimum required data for that period and then delete or anonymise it.
| Data | Retention | Basis |
|---|---|---|
| Invoice / payment / order transaction records (financial) | Up to 10 years (from the end of the year of the record) | Commercial/tax-record law (longest applicable; shorter where 10 yrs not applicable) |
| eSIM activation secrets (encrypted) | For the eSIM’s validity plus a short buffer, then destroyed | Storage limitation (financial record kept separately) |
| Support tickets | ~2–3 years | Establishment/defence of legal claims |
| Marketing-consent records | Until you withdraw consent, plus a reasonable proof period | Accountability |
| Product analytics | Short / anonymised | Storage limitation |
beamSIM is an eSIM reseller, not a telecommunications operator, and does not retain communications traffic or location data — that data, where retained at all, is held by the mobile network operator. We may disclose the transaction/identity records we hold (above) in response to a valid legal request, and may retain data where necessary for the establishment, exercise or defence of legal claims.
Subject to applicable law (GDPR / KVKK), you can: access your data; correct it; request erasure; restrict or object to processing; receive a portable copy; and withdraw consent at any time. You also have the right to lodge a complaint with your data-protection authority.
Important on erasure: we will delete your personal data on request except where we are legally required to keep it (e.g. tax/accounting records) or need it to establish, exercise or defend legal claims (GDPR Art. 17(3)(b)/(e); KVKK By-Law on Erasure). In that case we restrict the data and delete/anonymise it once the legal period ends.
Email privacy@beamsim.app (and, once available, the online form at [online data-deletion request — pending]). We respond within the legally required time (e.g. 30 days).
Data is encrypted in transit (HTTPS/TLS). eSIM activation secrets are encrypted at rest and are never written to logs, analytics, or crash reports.
beamSIM is not directed to children and we do not knowingly collect data from children.
We may update this Policy; we will post the new effective date and, for material changes, notify you.
Vecta Software Lab LLC, [registered address — pending company formation] · privacy@beamsim.app.