rufly
Get a plan
Privacy

Privacy Policy

Last updated: 16 June 2026

Your trust matters to us. This policy explains, in plain terms, what personal data we collect when you use rufly, why we collect it, and the control you have over it.

Please read it alongside our Terms of Service, Acceptable Use Policy and Cookie Policy.

1. Who we are

rufly ("rufly", "we", "us", "our") provides travel eSIM data services and donates a share of every sale to dog shelters and street-dog welfare. This Privacy Policy explains what personal data we collect, why, how we use and protect it, who we share it with, and the rights you have.

The data controller responsible for your personal data is Rufly Ltd, registered at Suite RA01, 195-197 Wood Street, London, E17 3NU. For any privacy question or to exercise your rights, contact us at hello@rufly.co.

This policy applies to our website, account area, checkout, transactional emails and the in-account support assistant. It does not apply to third-party websites we link to, which have their own policies.

2. Personal data we collect

Information you give us

  • Account details: your email address and authentication credentials.
  • Order details: the plans and destinations you buy, order history, and the device you intend to use the eSIM on where you tell us.
  • Communications: messages you send to support or the in-account assistant, including any screenshots or details you choose to share.
  • Partner/recommendation submissions: details you provide if you ask to partner with us or recommend a shelter.

Information we collect automatically

  • Technical data: IP address, browser type, device type, operating system, and similar diagnostic data.
  • Usage data: pages viewed, actions taken, and how you reach and move through the site.
  • eSIM service data: activation status, the destination/plan associated with your eSIM, data allowance used, and connection/provisioning events needed to deliver and support the service.
  • Cookies and similar technologies: see our Cookie Policy for the full list and your controls.

Information from third parties

  • Payment confirmation and fraud signals from our payment processor (we do not receive or store your full card number).
  • eSIM provisioning, QR codes and connectivity status from our underlying connectivity supplier(s).
  • Authentication data if you sign in via a third-party identity provider.

We do not knowingly collect data from children. Our service is intended for adults able to enter a binding contract.

3. How and why we use your data

We use your personal data for the following purposes, each with a lawful basis:

  • To create and manage your account and provide the service (performance of a contract).
  • To process orders, deliver eSIMs and QR codes, and provision connectivity (performance of a contract).
  • To provide customer support, including the in-account assistant, and to resolve technical issues (performance of a contract; legitimate interests).
  • To take payment and prevent, detect and investigate fraud and abuse (legal obligation; legitimate interests).
  • To send service and transactional messages such as order confirmations and important notices (performance of a contract).
  • To administer our donation programme and publish anonymised, aggregated transfer totals (legitimate interests).
  • To improve, secure and maintain the site and service, including analytics where you consent (legitimate interests; consent).
  • To send marketing only where you have opted in, and you can withdraw consent at any time (consent).
  • To comply with legal, tax, accounting and regulatory obligations (legal obligation).

Where we rely on legitimate interests, we balance those interests against your rights and only proceed where yours are not overridden. You can object to such processing as described below.

4. Who we share your data with

We never sell your personal data. We share it only with:

  • Service providers (processors) who act on our instructions, such as payment processors, our connectivity/eSIM supplier(s), hosting and infrastructure providers, email delivery, and support tooling.
  • Professional advisers such as auditors, accountants and lawyers where necessary.
  • Authorities, regulators or law enforcement where we are legally required to do so or to protect our rights and users.
  • A successor entity in the event of a merger, acquisition or asset sale, subject to this policy.

All processors are bound by contracts that require appropriate security and confidentiality and restrict use of your data to the services they provide to us.

5. International data transfers

Delivering global connectivity means some of our providers may process data outside your country or region. Where we transfer personal data internationally, we put appropriate safeguards in place, such as adequacy decisions or Standard Contractual Clauses, to ensure your data remains protected to the standard required by applicable law.

You can request details of the safeguards we use by contacting hello@rufly.co.

6. How long we keep your data

We keep personal data only for as long as necessary for the purposes set out above:

  • Account data: for as long as your account is active, then deleted or anonymised after a reasonable inactivity period.
  • Order and transaction records: typically retained for the period required by tax and accounting law (commonly up to 6-10 years depending on jurisdiction).
  • Support communications: for as long as needed to handle your query and a reasonable period afterwards for quality and dispute handling.
  • Marketing consent records: until you withdraw consent, plus a short record that you did so.

When data is no longer needed we securely delete or irreversibly anonymise it.

7. How we protect your data

We use technical and organisational measures appropriate to the risk, including encryption in transit, access controls, least-privilege permissions, secure authentication, and monitoring. We restrict staff access to personal data on a need-to-know basis.

No method of transmission or storage is completely secure. While we work hard to protect your data, we cannot guarantee absolute security, and you are responsible for keeping your account credentials confidential.

8. Your privacy rights

Depending on where you live, you may have some or all of the following rights:

  • Access, request a copy of the personal data we hold about you.
  • Rectification, ask us to correct inaccurate or incomplete data.
  • Erasure, ask us to delete your data in certain circumstances.
  • Restriction, ask us to limit how we process your data.
  • Portability, receive certain data in a portable format.
  • Objection, object to processing based on legitimate interests or to direct marketing.
  • Withdraw consent, where we rely on consent, withdraw it at any time without affecting prior processing.

To exercise any right, email hello@rufly.co. We will respond within the timeframe required by law. We may need to verify your identity first. You also have the right to lodge a complaint with your local data protection authority, though we'd appreciate the chance to resolve your concern first.

If you are in California or another US state with privacy laws, you have the right to know, delete, correct and opt out of any 'sale' or 'sharing' of personal information. We do not sell personal information, and we will not discriminate against you for exercising your rights.

9. Cookies

We use cookies and similar technologies as described in our Cookie Policy. You can manage non-essential cookies at any time via the cookie settings link in the footer.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes we will update the 'last updated' date and, where appropriate, notify you. Continued use of the service after changes take effect means you accept the updated policy.

11. Contact us

Questions about this policy or your data? Email hello@rufly.co, or write to Rufly Ltd, Suite RA01, 195-197 Wood Street, London, E17 3NU.