SinaiTaxieSIM
Sign in
Privacy policy

We ask for only what we need.

No account creation. No marketing database. Your email gets your receipt; your card details stay with Stripe. That's most of the policy in two sentences — the rest is detail.

Effective 20 June 2026

1. Our principles

Privacy policies are usually written to protect the company. We've written ours to be honest. Three rules we hold ourselves to:

  1. Ask for the minimum. We only collect data we genuinely need to deliver an eSIM to you. No account creation, no phone number, no marketing questionnaire.
  2. Keep it briefly. Operational data (orders, receipts) is retained while it's useful for support and tax. Everything else is purged on a defined schedule, listed below.
  3. Never sell it. We have never sold customer data to anyone and we have no commercial interest in starting. There are no advertising trackers on this site.

2. What data we collect

From you, directly

  • Email address. Required at checkout so we can send the QR code receipt and provide support. We don't add it to a marketing list.
  • Order details. Which plan you bought, which country it's for, the price, and the date.
  • Payment confirmation. Whether the charge succeeded. Stripe sends us this; we never see your card number, CVV, or billing address.

Automatically, when you browse

  • Technical logs. Standard web server logs (IP, browser, page URL, timestamp) for security and abuse-prevention purposes. Retained for 30 days, then deleted.
  • Functional storage. A single cookie keeps you signed into the team dashboard when applicable. No advertising or tracking cookies.

From our network partner

  • eSIM identifiers. After purchase, the network partner returns the ICCID and QR code for your eSIM. These are stored against your order so we can re-issue the QR if you lose it, and so you can top up later.
  • Usage snapshots. When you load your receipt page, we fetch your live data usage and days remaining from the network partner. We don't log what websites you visit — only the aggregate "X MB of Y MB used" figure.

3. How we use it

Every piece of data above is used for one of three purposes:

  • Service delivery. Sending your QR code, fulfilling top-ups, showing your usage on the receipt page.
  • Customer support. When you email us about an order, we use your order data to investigate.
  • Legal compliance. Tax records, fraud-prevention checks, and responding to lawful requests from authorities.

We do not use your data for advertising. We do not profile you. We do not share your email with anyone outside the processors listed below.

4. Third parties

We rely on three external services to operate Sinai Taxi eSIM. Each one is independently certified and receives only the data they need.

Stripe (payments)

Stripe processes every payment on our site. They are PCI-DSS Level 1 certified — the highest tier in card-data security. Stripe sees your card details, billing address, and the order amount; we see only the charge ID and whether it succeeded. Stripe's privacy policy lives at stripe.com/privacy.

Airalo Partner API (network partner)

Airalo is our wholesale eSIM provider. We send them your order details (which plan, which country, an anonymous order reference) so they can provision the eSIM. They do not receive your email or any payment information. Airalo's policy lives at airalo.com/privacy-policy.

Vercel & Railway (hosting)

Our website is hosted on Vercel and our backend on Railway. Both are SOC 2 Type II certified. Server logs transit these providers as a normal part of HTTP request handling.

5. Cookies & local storage

This site uses one functional cookie: admin_token, an httpOnly session cookie for team members logged into the internal dashboard. It is not set for regular customers and does not appear on the public-facing site.

We do not use any of the following: advertising cookies, tracking pixels, analytics that fingerprint visitors, social-media share buttons that ping back to their host, or third-party scripts beyond Stripe.js on the checkout page (required to render Stripe Elements securely).

6. Data retention

  • Order records: retained for 7 years for tax and accounting purposes (mandatory under Egyptian commercial law).
  • Server access logs: retained for 30 days, then automatically deleted.
  • Email correspondence: retained for 2 years from the date of last contact, then deleted.
  • Stripe / Airalo data: subject to each provider's own retention policy.

7. Your rights (GDPR)

If you are an EU/EEA or UK resident, the General Data Protection Regulation grants you the following rights over your personal data. We honour all of them regardless of where you live.

  • Right of access (Art. 15). Ask us what we hold about you. We'll send a complete export within 30 days, free of charge.
  • Right to rectification (Art. 16).Ask us to correct inaccurate data.
  • Right to erasure (Art. 17). Ask us to delete your data, subject to legal retention periods (e.g. tax records).
  • Right to restrict processing (Art. 18).Ask us to pause processing while a dispute is open.
  • Right to data portability (Art. 20).Ask us to send your data to another provider in a machine-readable format.
  • Right to object (Art. 21). Object to processing for direct marketing — we don't do direct marketing, but the right exists if it ever changes.

To exercise any of these rights, email sales@sinaitaxi.com with the subject line "Data request". You may also lodge a complaint with your national supervisory authority if you believe we've mishandled your data.

8. International transfers

Sinai Taxi is based in Egypt. Our backend runs on Railway servers in the European Union; our website runs on Vercel's global CDN; our payment processor (Stripe) and network partner (Airalo) operate internationally with appropriate safeguards.

Where data crosses borders into jurisdictions not covered by an EU Commission adequacy decision, we rely on Standard Contractual Clauses (SCCs) with each processor to protect your data.

9. Security

We protect your data using industry-standard measures:

  • All site traffic is encrypted in transit with TLS 1.3.
  • Payment data never reaches our servers — Stripe handles it directly via tokenisation.
  • Database access is restricted to a small number of authorised employees, all logged.
  • Secrets (API keys, tokens) are stored in hardware-backed key vaults, not in source code.

No system is perfectly secure. If we ever experience a breach affecting your data, we will notify you and the relevant supervisory authority within 72 hours, as required by GDPR.

10. Children

Sinai Taxi eSIM is not directed at children under 16. We do not knowingly collect data from anyone under 16. If you believe a child has provided data to us, please contact us and we'll delete it.

11. Changes to this policy

We will update this policy when our practices change or when the law requires it. The "Effective" date at the top of this page always shows the latest version. Material changes (e.g. adding a new processor) will be highlighted at the top of the page for at least 30 days.

12. Contact us

Sinai Taxi Sole Proprietorship LLC
South Sinai Governorate, Egypt

Email: sales@sinaitaxi.com
Website: esim.sinaitaxi.com

Privacy policy · Sinai Taxi eSIM · Sinai Taxi eSIM