Identity
Full name
StoredRetention: Permanent (contract)
Required for the customer contract.
We don't
Not requested. Email-only support.
eSIM checkout with less data
We use: your email.
Your carrier has 47 types of network data.
Mobile networks and internet infrastructure process traffic data. Our standard checkout stays limited to email for QR delivery, Stripe payment handling and technical security data.
Our checkout minimum
QR
(email for delivery)
What your carrier has
47+
(per Czech law § 97)
●DNS queries Czech ISPs are logging right now / s
0
What your carrier actually knows about you
One day. 12 cell-tower pings. All retained for 6 months.
This is a model day for a Prague user. Telecom providers process traffic and location data under electronic communications rules. Access by public authorities depends on the specific legal process and request.
§ 97 Czech EC Act · 6-month retention
Typical mobile data trail
00:00BTS HOME-7-12
Praha 7 — domov (Holešovice)
© OpenStreetMap · © CARTO
00:0023:59
Last 24h record
- 00:00Praha 7 — domov (Holešovice)BTS HOME-7-12
This panel is an educational simplification. Actual retention and access depend on law, the network provider and the service type.
What's actually collected
Side by side. What we hold and what the network handles.
15 data points showing exactly what we keep vs what your carrier keeps. Where we keep something (Stripe token, email, provider session), we admit it. No creative accounting.
Identity
Permanent address
StoredRetention: Permanent
For invoicing and contract registry.
We don't
Standard B2C checkout does not ask for address.
Identity
ID number
StoredRetention: Permanent
Identity verification at contract signing.
We don't
Standard checkout does not ask you to upload ID.
Identity
Phone number
StoredRetention: Permanent + traffic
Central key linking everything.
We don't
Not requested.
Identity
StoredRetention: Permanent
Invoicing, marketing, recovery.
We have
QR delivery and (optional) order communication.
Technical
Phone IMEI / IMSI
StoredRetention: 6 months (traffic)
Device + SIM identifier, paired with location.
We don't
eSIM provider technically sees the session; we don't have an identity link.
Location
Cell-tower (BTS) location
StoredRetention: 6 months
Each call / SMS / data session records the cell. Time series = movement trace.
We don't
We don't have it. Roaming runs through an Austrian provider not linked to your name.
Connections
Call metadata (who, when, how long)
StoredRetention: 6 months
Including called number, duration, conference parties.
We don't
We don't do voice. Zero call records.
Connections
SMS metadata (who-to-whom, when)
StoredRetention: 6 months
Without content, but full metadata.
We don't
We don't do SMS.
Connections
Session IP + timestamp
StoredRetention: 6 months
Pairs with identity + visited domains (DNS/SNI).
We don't
Provider technically sees, we don't. Provider has no identity link.
Connections
DNS queries / visited domains
StoredRetention: Logged in traffic
ISP DNS resolver sees every domain. TLS SNI handshake is plaintext.
We don't
DNS goes via our provider's APN (outside Czech ISP). We don't log it.
Payment
Bank account number
StoredRetention: Permanent
For direct debit. Pairs with identity.
We don't
Card via Stripe (PCI-DSS). We see only the Stripe token.
Payment
Card number
Not stored
Card flows via the carrier's payment gateway.
We don't
Stripe holds it, we don't see it. PCI-DSS Level 1.
Technical
Consents / marketing preferences
StoredRetention: Permanent
Segmentation, A/B campaigns.
We don't
No identified behavioral marketing.
Technical
Login / password / account
StoredRetention: Permanent
For self-service, recovery questions.
We don't
You don't have an account. No password, no security questions.
Source for the carrier column: Czech Act 127/2005 § 97 (mandatory traffic and location data retention, 6 months). Source for our column: our privacy policy + Stripe DPA + provider TOS.
HTTPS encrypts content; metadata is plaintext
Type a domain. See what your ISP sees.
Most people think HTTPS = private. Not true. SNI (Server Name Indication) in the TLS handshake is plaintext, so your ISP sees every domain you visit. The DNS query tells them the same thing.
Browser → HTTPS request
GET https://<doména>/account
[ ŠIFROVÁNO TLS ]
Request bodies (POST data, cookies, URL paths) are encrypted, but the ISP already knows where you went.
With our eSIM
Your data session rides our provider's APN (Austrian carrier). Czech ISPs / mobile carriers see neither SNI nor DNS — because you're not using them.
Pick an eSIM with less data sharingisp@operator-edge:~ # tail -f /var/log/dns_sni.logThis is what your carrier / ISP would see
Start typing a domain above…
Our privacy discipline
Less data, clearly scoped purposes.
We describe what checkout needs and where the limits are: email, payment, security logs and provider processing to deliver the service.
less data
Email is the main contact
Used for QR delivery, support and claims. Standard checkout does not ask for ID upload or phone.
processor list
EU-first infrastructure
We use European hosting and application partners where operationally suitable; processors are listed in the privacy policy.
security logs
No content inspection
Security logs are limited for incident response. No DPI and no keyword matching of communication content.
GDPR Art. 17
Erasure by email request
Send a mail from that address → we erase within 30 days per GDPR Art. 17. No queue, no paper.
PCI-DSS L1
Stripe holds the card, we don't
PCI-DSS Level 1. We only see the tokenized handle and paid / unpaid status.
Account = optional
No account, no password
Optionally create an account to manage multiple eSIMs. Default = no account.
Buy eSIM with less data sharing
iPhone 11+ and all eSIM Androids (from 2020)
Privacy questions
What we collect, what we do not promise, and where the limits are.
We primarily use the email address from checkout. If you contact us from that address, we can find the order through internal order data and payment metadata. No PIN or security questions.
- Email is the practical contact for delivery and support.
- A throwaway email can work if you keep access to it.
- Want purchases separated? Use different emails.
Less data in checkout
Buy eSIM without uploading ID.
For standard checkout, email for QR delivery and payment are enough. We do not ask for ID upload, national number, phone or Czech bank account.