This Privacy Policy explains how Trivecta Limited (“Company,” “we,” “us,” or “our”), a company duly incorporated under the laws of England and Wales, registered at 71-75 Shelton Street, Covent Garden, London, United Kingdom WC2H 9JQ, collects, uses, and protects your personal data when you use mySim.io (“Platform” or “Website”). By accessing or using our Platform, you agree to the terms of this Policy.
1. Scope of this Policy
This Policy applies to all users, visitors, and any others who interact with our Platform worldwide, including in the United Kingdom. We adhere to the Data Protection Act 2018 and, as applicable, the General Data Protection Regulation (GDPR) for users in the UK and EU.
2. Data We Collect
We may collect the following types of personal data:
- Contact Details: Full Name, Email Address, Phone Number.
- IP Address: Logged for security, analytics, and fraud prevention.
- Call Logs: Metadata and details related to telecommunication usage.
- Payment Information: Payment details are processed by third-party gateways such as Stripe, PayPal, and BTCPayServer. We do not store your payment card numbers on our servers.
- Device Information: Device type, operating system, browser version, and other technical data that helps us optimize the Platform.
- Call Recordings: If you enable call recording features, we store the audio recordings for quality control or compliance purposes.
3. Cookies and Tracking Tools
We use cookies to enhance user experience, remember preferences, and measure website performance. Additionally, we may use:
- Google Analytics: For analyzing user behavior in aggregate.
- PostHog / Sentry: For application performance monitoring and debugging.
You can control cookies through your browser settings. By continuing to use our Platform, you consent to the placement of cookies unless you disable them.
4. Purpose of Data Collection
We collect and process personal data for the following purposes:
- Account creation, verification, and user authentication.
- Call routing and telecommunication services (including fraud detection and compliance checks).
- Internal analytics, debugging, and app optimization.
- Marketing and promotional communication (only if you have explicitly opted in).
5. Legal Basis for Processing
We process your personal data under one or more of the following legal bases:
- Consent: Where you have explicitly given consent for specific processing activities (e.g., marketing emails).
- Contractual Necessity: Where processing is necessary to provide you with our services or to fulfill our contractual obligations.
- Legal Obligations: Where we are required to comply with a legal or regulatory obligation.
- Legitimate Interests: Where processing is necessary for our legitimate interests in providing and improving our services, except where such interests are overridden by your rights and interests.
6. Data Storage and Retention
We store user data on secure servers located in the United States, India, or additional regions as our infrastructure grows. We retain personal data, including call logs, for up to three (3) years, unless otherwise required by applicable law or legitimate business need. Call recordings, if any, will be retained for a timeframe in line with the intended purpose (e.g., quality control, compliance).
7. Data Sharing and Transfers
We do not sell or rent your personal data to third parties. We may share data with:
- Payment Processors: Stripe, PayPal, and BTCPayServer for handling payment transactions.
- Service Providers: Cloud storage, analytics, or telecom infrastructure providers who help us deliver our services.
- Legal or Regulatory Authorities: When we believe disclosure is necessary to comply with a legal obligation, protect our rights, investigate fraud, or respond to a government request.
Where personal data is transferred outside of the UK/EU, we ensure appropriate safeguards are in place in compliance with GDPR, such as Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms.
8. User Rights
Under the Data Protection Act 2018 and GDPR (where applicable), you have the right to:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate or incomplete data.
- Erasure: Request deletion of data when it is no longer required or if processing is unlawful.
- Restriction: Request that we limit how we use your data in certain circumstances.
- Objection: Object to processing for direct marketing or where we rely on legitimate interests.
- Data Portability: Request a structured, commonly used, and machine-readable format of certain data.
To exercise any of these rights, or if you have questions, please contact us at [email protected].
9. Children's Privacy
Our Platform is not intended for individuals under 18. We do not knowingly collect personal data from minors. If you believe that a child under 18 has provided us with personal data, please contact us immediately, and we will take steps to investigate and remove such information.
10. Data Security
We employ industry-standard security measures to protect personal data, including password encryption, secure access controls, and a Web Application Firewall (e.g., Cloudflare). However, no system is entirely impenetrable; we cannot guarantee absolute security. By using our Platform, you acknowledge and accept this inherent risk.
11. Changes to this Policy
We reserve the right to modify or update this Privacy Policy at any time. Any changes will become effective immediately upon posting on our Platform, unless stated otherwise. Your continued use of the Platform following the posting of revised Policy signifies your acceptance of the changes.
12. Contact Us
If you have any questions, concerns, or complaints about this Privacy Policy or your personal data, please contact our Data Protection Officer (DPO) at [email protected].