See all

Regional Plans

Popular Countries

Privacy Policy

close icon

Learn about Qoolline’s Privacy Policy, ensuring transparency and data security.

Effective Date: March 4, 2026

1. Introduction

Qoolize LTD (“we,” “us,” or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Qoolline mobile applications (iOS and Android), our website at qoolline.com, and any related services (collectively, the “Services”).

This Privacy Policy applies to all users of our Services globally, including users located in the European Union/European Economic Area (“EU/EEA”), the United Kingdom (“UK”), the United States of America (“US”), and all other jurisdictions. By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please discontinue use of our Services immediately.

2. Data Controller and EU Representative

2.1 Data Controller

For the purposes of the UK General Data Protection Regulation (“UK GDPR”), the EU General Data Protection Regulation (Regulation (EU) 2016/679) (“EU GDPR”), the Data Protection Act 2018, and all applicable data protection laws, the data controller is:

Qoolize LTD

Registered in the United Kingdom

Company Registration Number: 14666749

Registered Office: 3rd Floor 86-90 Paul Street, London, England, EC2A 4NE

Contact: [email protected]

We have assessed the threshold for appointing a Data Protection Officer (DPO) in accordance with applicable GDPR requirements and determined that a mandatory appointment is not currently required.

 

2.2 EU Representative (Article 27 EU GDPR)

As Qoolize LTD is established in the United Kingdom and is not otherwise established in the European Union, we have designated an EU representative pursuant to Article 27 of the EU GDPR. Our EU representative acts as the point of contact for EU data protection supervisory authorities and for EU data subjects in relation to matters concerning the processing of personal data under the EU GDPR:

If you have any questions about this Privacy Policy, our data practices, or if you wish to exercise your data protection rights under applicable laws (including UK GDPR, EU GDPR, or relevant US state privacy laws), you may contact us at: [email protected]


For any privacy-related inquiries, including Data Subject Access Requests (DSARs), please contact us at the email address above.

3. Legal Bases for Processing (GDPR)

We process your personal data only where we have a lawful basis to do so. The following legal bases under Article 6 of the UK GDPR and EU GDPR apply to our processing activities:

       Contractual Necessity (Article 6(1)(b)): Processing necessary to perform our contract with you, creating and managing your account, processing eSIM purchases and activations, delivering eSIM profiles, managing top-ups, processing payments, and delivering customer support.

       Legitimate Interests (Article 6(1)(f)): Processing necessary for our legitimate business interests, including fraud detection and prevention, service improvement, analytics, security of our platform and advertising attribution, provided such interests are not overridden by your fundamental rights and freedoms. A Legitimate Interests Assessment (LIA) has been conducted and is available on request.

       Consent (Article 6(1)(a)): Where we rely on your consent, such as for non-essential cookies, certain marketing communications and specific tracking activities (including mobile app tracking). You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

       Legal Obligation (Article 6(1)(c)): Processing necessary to comply with applicable laws, regulations, and legal processes, including tax and accounting obligations, anti-fraud and anti-money laundering requirements, and response to lawful government or regulatory requests.

4. Information We Collect

4.1 Information You Provide Directly

       Account Information: When you create an account (which is required to make purchases), we collect your email address and password. Each email address may only be associated with one account; however, an individual may create separate accounts using different email addresses.

       Payment Information: When you make a purchase, payment data (e.g., credit/debit card numbers, billing details) is collected and processed directly by our third-party payment processors (Stripe, PayPal, Apple Pay, Google Pay, and Alipay). We do NOT store, process, or have access to your full credit card numbers or payment card data. We receive only transaction confirmation details, a truncated card identifier, and billing information necessary for order fulfillment.

       Customer Support: If you contact our support team (via in-app chat, email, or other channels), we collect information you provide in those communications, including your name, email, device information, and the content of your messages.

       Referral Information: If you participate in our referral programme, we collect the referral code used and information necessary to credit your QoolCash balance.

4.2 Information Collected Automatically

       Device Information: Device model, operating system and version, unique device identifiers (e.g., IDFV on iOS, Android Advertising ID), device language, time zone, and network information.

       Usage Data: Pages visited, features used, eSIM purchase and activation history, session duration, app interactions, crash reports, and performance data.

       Location Data: Approximate location derived from IP address. We do not collect precise GPS location.

       Log Data: IP address, browser type and version, access times, referring URLs, and interaction logs.

       Cookie and Tracking Data: Information collected through cookies, web beacons, pixels, and similar technologies on our website. Please refer to our separate Cookie Policy for full details.

4.3 Information from Third-Party SDKs and Services

Our Services integrate the following third-party SDKs and services, each of which may collect data as described below. These providers act as data processors or independent controllers as applicable:

       Firebase (Google): Analytics, crash reporting (Crashlytics), push notification delivery (FCM), and performance monitoring. Firebase may collect device identifiers, usage data, crash logs, and IP addresses. Privacy: https://firebase.google.com/support/privacy

       Meta SDK (Facebook): Attribution analytics and advertising measurement to understand how users discover our Services. The Meta SDK may collect device identifiers, app events, and advertising IDs. Privacy: https://www.facebook.com/privacy/policy

       Kochava: Mobile attribution and analytics to measure advertising campaign effectiveness. Kochava may collect device identifiers, IP addresses, and app interaction data. Privacy: https://www.kochava.com/privacy

       Smartlook: Session recording and behavioural analytics to improve user experience. Smartlook captures screen interactions, gestures, and navigation patterns. Sensitive input fields (such as passwords and payment data) are automatically masked. A Data Protection Impact Assessment (DPIA) has been conducted prior to the deployment of this service to ensure that your fundamental rights and freedoms are strictly safeguarded. Privacy: https://www.smartlook.com/privacy

       OneSignal: Push notification delivery and management. OneSignal may collect device tokens, device identifiers, usage data, and notification interaction data. Privacy: https://onesignal.com/privacy_policy

       Stripe: Payment processing. Stripe collects payment card data, billing information, and transaction details directly. Privacy: https://stripe.com/privacy

       PayPal: Payment processing. PayPal collects payment account data and transaction details directly. Privacy: https://www.paypal.com/privacy

       Apple Pay / Google Pay: Tokenised payment processing handled by Apple and Google respectively, within their respective ecosystem privacy frameworks.

       Cookiebot (Usercentrics): Consent Management Platform (CMP) used on our website to manage cookie consent. Privacy: https://www.cookiebot.com/en/privacy-policy/

5. How We Use Your Information

We use the information we collect for the following purposes:

       Service Delivery: To create and manage your account, process eSIM purchases and activations, deliver purchased eSIM profiles via our wholesale providers, manage top-ups, and provide customer support.

       Payment Processing: To process payments through our third-party payment processors and manage billing, refunds, and chargebacks.

       Fraud Detection and Prevention: To detect, investigate, and prevent fraudulent transactions, account abuse, and other harmful activities, including analysing purchasing patterns and flagging suspicious behaviour.

       Communications: To send transactional communications (e.g., purchase confirmations, eSIM activation instructions, service updates) and, where you have opted in or where we have a legitimate interest, marketing communications.

       Analytics and Improvement: To analyse usage trends, measure service performance, diagnose technical issues, and improve our Services.

       Advertising Measurement: To measure the effectiveness of our advertising campaigns and understand user acquisition channels.

       Legal Compliance: To comply with applicable laws, respond to legal processes, and enforce our Terms and Conditions.

       Security: To maintain the security and integrity of our platform, detect vulnerabilities, and protect against unauthorised access.

6. eSIM Service Provision

Qoolline acts as a reseller of eSIM profiles sourced from third-party wholesale providers. The identity of our wholesale provider(s) may change from time to time. In the course of fulfilling your eSIM orders, we may share certain information (such as device compatibility data and activation details) with our wholesale providers to the extent necessary for eSIM provisioning.

Network connectivity, coverage quality, and service availability are dependent on third-party mobile network operators and our wholesale providers. These factors are outside our direct control, and we cannot guarantee uninterrupted, error-free, or continuous network service in any destination.

7. Data Sharing and Disclosure

We may share your personal data with the following categories of recipients:

       Payment Processors: Stripe, PayPal, Apple, and Google for the purpose of processing your payments. These processors are independent data controllers for the payment data they collect.

       eSIM Wholesale Providers: To provision and activate your eSIM profiles. The specific provider(s) may change over time.

       Analytics and Advertising Partners: Firebase, Meta, Kochava, and Smartlook for analytics, attribution, and service improvement, as described in Section 4.3.

       Push Notification Provider: OneSignal for delivering push notifications.

       Consent Management Provider: Cookiebot/Usercentrics for managing cookie consent on our website.

       Customer Support Platforms: Third-party customer support tools for managing support interactions.

       Legal and Regulatory Authorities: When required by law, regulation, legal process, or governmental request, or to protect our rights, property, or safety.

       Business Transfers: In connection with a merger, acquisition, reorganisation, asset sale, or bankruptcy, your data may be transferred as a business asset, subject to applicable privacy laws.

We do not sell your personal data to third parties.

8. International Data Transfers

Your personal data may be transferred to and processed in countries outside of the UK, EEA, or your country of residence. Many of our third-party service providers (including Firebase/Google, Meta, Kochava, OneSignal, Stripe, and PayPal) are based in the United States.

Where data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place, including:

       Standard Contractual Clauses (SCCs) approved by the European Commission or the UK Information Commissioner’s Office (ICO), as applicable.

       Adequacy decisions by the European Commission or the UK Government where the destination country provides an adequate level of data protection.

       Other legally recognised transfer mechanisms under applicable data protection laws.

9. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, tax, or reporting requirements. Specific retention periods include:

       Account Data: Retained for the duration of your account and for up to twenty-four (24) months after account closure to allow for account recovery, legal claims, or regulatory compliance.

       Transaction Data: Retained for a minimum of seven (7) years to comply with applicable tax and accounting laws.

       Support Communications: Retained for up to three (3) years after resolution of the support inquiry.

       Analytics and Log Data: Retained in identifiable form for up to twenty-four (24) months, after which it is anonymised or deleted.

       Marketing Consent Records: Retained for the duration of consent and a for up to five (5) years after consent withdrawal to demonstrate compliance.

When data is no longer required, for the purposes for which it was collected and no legal retention obligation applies, it is securely deleted or irreversibly anonymised so that it can no longer be associated with you.

10. Your Rights

10.1 Rights Under GDPR (UK and EU)

If you are located in the UK or EU/EEA, you have the following rights under applicable data protection law:

       Right of Access: Request a copy of your personal data that we hold.

       Right to Rectification: Request correction of inaccurate or incomplete personal data.

       Right to Erasure: Request deletion of your personal data, subject to legal retention requirements.

       Right to Restrict Processing: Request limitation of how we process your data in certain circumstances.

       Right to Data Portability: Receive your personal data in a structured, commonly used, machine-readable format.

       Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.

       Right to Withdraw Consent: Where processing is based on consent, withdraw that consent at any time.

       Right to Lodge a Complaint: File a complaint with your local supervisory authority (e.g., the ICO in the UK or the relevant Data Protection Authority in your EU Member State).

10.2 Rights Under US State Privacy Laws

If you are a US resident, depending on your state of residence, you may have additional rights under laws such as the California Consumer Privacy Act (CCPA/CPRA), Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), and similar state legislation. These may include:

       Right to Know: Request information about the categories and specific pieces of personal information collected.

       Right to Delete: Request deletion of personal information, subject to exceptions.

       Right to Opt-Out: Opt out of the “sale” or “sharing” of personal information (as defined by applicable law). We do not sell your personal data. Sharing with analytics partners may constitute “sharing” under certain state laws; you may opt out via our cookie consent mechanism or by contacting us.

       Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

       Right to Correct: Request correction of inaccurate personal information.

To exercise any of these rights, please contact us at [email protected]. We will respond within the time frame required by applicable law (typically 30 days for GDPR, 45 days for CCPA).

11. Children’s Privacy

Our Services are not directed at individuals under the age of 16 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without appropriate parental or guardian consent, we will take steps to delete that data promptly. If you believe a child has provided us with personal data, please contact us at [email protected].

12. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption of data in transit (TLS/SSL), secure payment processing through PCI DSS-compliant third-party processors, access controls, regular security assessments, and monitoring for suspicious activity.

Despite our efforts, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data. You are responsible for maintaining the confidentiality of your account credentials.

13. Mobile App Privacy

13.1 iOS (App Tracking Transparency)

On iOS devices, we comply with Apple’s App Tracking Transparency (ATT) framework. Before any tracking that would require your permission under Apple’s policies, you will be presented with a system-level prompt requesting your consent. You may change your tracking preferences at any time in your iOS device’s Settings > Privacy & Security > Tracking.

13.2 Android

On Android devices, we use the standard Android Advertising ID for analytics and advertising attribution purposes. You may reset or opt out of personalised advertising through your device’s Settings > Google > Ads.

14. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies. We use Cookiebot (by Usercentrics) as our Consent Management Platform (CMP) to obtain and manage your cookie preferences in compliance with applicable privacy laws.

For comprehensive information about the types of cookies we use, their purposes, and how to manage your preferences, please refer to our separate Cookie Policy, available on our website alongside this Privacy Policy and our Terms and Conditions.

15. “Do Not Track” Signals

Some web browsers transmit “Do Not Track” (DNT) signals. There is currently no universally accepted standard for how companies should respond to DNT signals. We honour browser-level Global Privacy Control (GPC) signals where required by applicable law (e.g., under the CCPA). For other DNT signals, please use our cookie consent mechanism to manage your preferences.

16. Personal Data Breach Notification

In the event of a personal data breach, we will comply with our notification obligations under applicable data protection law:

·       Where a personal data breach is likely to result in a risk to the rights and freedoms of individuals, we will notify the relevant supervisory authority (e.g., the UK ICO) without undue delay and, where feasible, within 72 hours of becoming aware of the breach, in accordance with Article 33 of the UK GDPR and EU GDPR.

·       Where a personal data breach is likely to result in a high risk to the rights and freedoms of individuals, we will communicate the breach to the affected data subjects without undue delay, in accordance with Article 34 of the UK GDPR and EU GDPR, unless an exemption applies.

·       We maintain an internal register of personal data breaches regardless of whether they are required to be notified externally, in accordance with Article 33(5) of the UK GDPR.

If you become aware of, or suspect, a data security incident involving our Services, please contact us immediately at [email protected].

17. Third-Party Links and Services

Our Services may contain links to third-party websites, applications, or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through our platform.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated Privacy Policy on our website and, where appropriate, by email or in-app notification. The “Last Updated” date at the top of this document indicates the date of the most recent revision. Your continued use of our Services after any changes constitutes acceptance of the updated Privacy Policy.

19. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: [email protected]

Website: https://qoolline.com

For GDPR-related requests, please include “DSAR” or “Privacy Request” in your subject line to ensure prompt handling