9Roam9Roam
Explore

Last updated: April 26, 2026

Privacy Policy

How we collect, use, and protect your information when you use 9Roam.

1. Introduction & data controller

This Privacy Policy explains how Dovantis Group LLC ("Dovantis", "we"), the entity operating 9Roam, collects, uses, and shares information when you use the Service. Dovantis acts as the controller of your personal data. We comply with applicable laws, including the EU General Data Protection Regulation ("GDPR"), the UK GDPR when we offer the Service in the United Kingdom, and the California Consumer Privacy Act ("CCPA") for California residents.

2. Information we collect

• Information you provide: the email address used at checkout and any contact details when you reach out for support. • Payment information: collected and processed directly by our payment processor (Stripe). We do not store full card numbers. • Technical information: IP address, approximate location (country), device/browser data, and usage logs. • Preferences: locale and currency stored in cookies on your device.

3. How we use information

• To deliver your eSIM (issuing the QR code and instructions). • To provide customer support. • To prevent fraud and abuse. • To operate and improve the Service. • To comply with legal and tax obligations.

4. Legal bases for processing (GDPR / UK GDPR)

Where GDPR or UK GDPR applies, we process your personal data on one of the following legal bases: • Performance of a contract (Art. 6(1)(b)): to process your purchase and deliver the eSIM. • Compliance with a legal obligation (Art. 6(1)(c)): tax retention and responses to authorities. • Legitimate interest (Art. 6(1)(f)): fraud prevention, securing the Service, and product improvement. • Consent (Art. 6(1)(a)): where we ask for it explicitly, e.g., marketing communications. You can withdraw consent at any time without affecting prior processing.

5. Sharing of information

We share data only with: • Our payment processor (Stripe), to complete your purchase. • Our eSIM connectivity provider, to provision your profile. • Hosting and infrastructure providers, acting as data processors. • Analytics providers, in aggregated or anonymized form. • Authorities, when required by law.

6. International transfers

Your information may be processed in the United States and other countries outside the EEA/UK. When such transfers originate from the EEA or the UK, we apply appropriate GDPR-compliant safeguards, in particular the European Commission's Standard Contractual Clauses (and the UK ICO Addendum where applicable). You may request a copy of the safeguards by contacting us.

7. Cookies

We use a small number of essential cookies to remember your locale and currency preferences. We do not use advertising or third-party tracking cookies.

8. Data retention

We retain order information for as long as needed to fulfill the purchase, comply with tax obligations, and address disputes. Typical retention is up to 7 years for transactional records. When data is no longer needed and no legal obligation requires us to keep it, we delete or anonymize it.

9. Your rights

If you are located in the European Economic Area or the United Kingdom (GDPR / UK GDPR), you have the right to: • Access your personal data. • Rectify inaccurate data. • Request erasure ("right to be forgotten"). • Restrict or object to processing. • Request data portability. • Withdraw consent at any time, where consent is the legal basis. • Lodge a complaint with the competent supervisory authority. If you are a California resident (CCPA/CPRA), you have the right to know what data we collect, request deletion, correct it, and not be discriminated against for exercising these rights. We do not "sell" or "share" personal information for cross-context behavioral advertising as defined under the CCPA. To exercise any of these rights, email support@9roam.com. We will respond within statutory timeframes (one month under GDPR; 45 days under CCPA, extendable).

10. Children

The Service is not directed at children under 13 in the United States, nor at children under 16 in the EEA (or the minimum age set by applicable national law, e.g., 14 in Spain). We do not knowingly collect data from children. If you believe we have, contact us and we will delete it.

11. Security

We use industry-standard measures to protect your data (encryption in transit, restricted access, vetted processors). No system is perfectly secure and we cannot guarantee absolute security. In the event of a personal data breach, we will notify the relevant authorities and affected individuals within the timeframes required by GDPR.

12. EU / UK representative

Pursuant to Art. 27 of the GDPR and the UK GDPR, we will designate a representative in the European Union and the United Kingdom to handle inquiries from data subjects and supervisory authorities. Their contact details will be published on this page once available. In the meantime, you may exercise your rights by writing to support@9roam.com.

13. Changes

We may update this Policy from time to time. Material changes will be reflected by updating the "Last updated" date above and, where required by law, communicated to you by email.

14. Contact

For privacy questions or to exercise your rights, email support@9roam.com.