Privacy Policy

Last updated: 2026-05-16

This document is provided in English. Translations may be available for convenience; in case of conflict, the English version is authoritative.

1. Who We Are

The Wanderer mobile application and related services (the "Service") are operated by Softr Solutions d.o.o., a company registered in Bosnia and Herzegovina with its registered office at Jadranska br. 13/17, 71000 Sarajevo, Bosnia and Herzegovina ("Wanderer", "we", "our", "us").

For the purposes of the EU General Data Protection Regulation (Regulation (EU) 2016/679, the "GDPR") and equivalent national laws, Softr Solutions d.o.o. is the controller of the personal data we process about you. You can contact us about anything in this policy at support@wanderersim.com.

2. Scope

This Privacy Policy explains what personal data we collect about you when you use the Service, why we collect it, on what legal basis, with whom we share it, how long we keep it, and what rights you have. It applies to all use of the Service.

It does not cover personal data processed by third parties on their own account — for example, Paddle as merchant of record, your mobile network operator, or app-store providers — who act as separate controllers under their own privacy policies.

3. Data We Collect

We collect only the data we need to operate the Service.

Account data. Email address, display name, language preference, hashed password, email-verification status, and admin flag (where applicable).

Authentication data. One-way BCrypt password hashes (we never store or have access to your plaintext password); short-lived JSON Web Tokens for session access; SHA-256 hashes of refresh tokens; one-time passcodes for email verification and password reset.

Purchase data. Order history including the Data Packages you purchase, prices, currency, timestamps, payment status, applied promotional codes, and Paddle transaction identifiers. Payment-card data is collected and processed exclusively by Paddle and is never stored on our systems.

eSIM data. The eSIM profiles associated with your account, their activation status, validity dates, and aggregated data-usage figures reported back to us by upstream operators.

Wallet data. Your store-credit balance and a ledger of credits, debits, expiries, and forfeitures.

Device and notification data. Platform (iOS or Android), push-notification tokens issued by Apple or Google for your device, and basic device metadata required for delivery of notifications.

Audit logs. Records of security- and finance-relevant account actions (purchases, eSIM lifecycle events, wallet transactions, authentication events), retained for fraud prevention, support, and legal compliance.

Product analytics. Anonymised behavioural events about how the app is used — for example, which countries are viewed, when checkout starts and completes, and when crashes occur — tied to a pseudonymous identifier linked to your account. We do not collect advertising identifiers and do not build cross-app or cross-site profiles.

Support correspondence. When you email us, we keep the email content, your email address, and any attachments necessary to respond.

Source of data. Most of the categories above are collected directly from you when you register, place an Order, or use the Service. eSIM usage figures and network-attachment information are received from the connectivity partners that provision and operate the underlying eSIM profiles on our behalf. Payment-method details are collected directly by Paddle, not by us. Device push-token data is generated by your operating system and provided to us via Apple Push Notification Service or Firebase Cloud Messaging.

4. How We Use Your Data and the Legal Basis

We process your personal data only where we have a lawful basis under Article 6 GDPR (and equivalent national rules). The principal purposes and the lawful bases on which we rely are:

• Operating your account and delivering the Service — including authenticating you and delivering, activating, and managing your eSIMs and Orders. Lawful basis: contract performance (Art. 6(1)(b)).
• Processing payments through Paddle. Lawful basis: contract performance (Art. 6(1)(b)).
• Sending transactional communications — order confirmations, eSIM status updates, low-data and expiry alerts, security notices. Lawful basis: contract performance (Art. 6(1)(b)).
• Detecting and preventing fraud, abuse, and security incidents — including keeping audit logs. Lawful basis: legitimate interests in protecting the Service (Art. 6(1)(f)).
• Understanding how the Service is used and improving it — through anonymised product analytics. Lawful basis: legitimate interests in improving the Service (Art. 6(1)(f)); see Section 7 for how to object.
• Sending optional marketing or promotional messages. Lawful basis: consent (Art. 6(1)(a)), which you can withdraw at any time.
• Meeting tax, accounting, anti-money-laundering, and other legal obligations. Lawful basis: legal obligation (Art. 6(1)(c)).
• Establishing, exercising, or defending legal claims. Lawful basis: legitimate interests (Art. 6(1)(f)).

5. Third-Party Processors and Recipients

We share personal data only to the extent necessary to operate the Service. Each recipient processes data on our behalf under a written data-processing agreement, or as a separate controller under its own policy.

• Paddle (payment processor and merchant of record). Receives the data necessary to process your transactions, charge your payment method, and issue invoices. Paddle is the merchant of record for purchases through the Service and processes your data under its own privacy policy.
• Mobile network operators and eSIM aggregator partners. Receive the minimum data necessary to provision, activate, and manage the eSIM profiles you purchase. We do not share your email or password with them.
• Apple Push Notification Service and Firebase Cloud Messaging. Receive your device push token and the contents of notifications we send you. These services route push notifications to your device.
• Expo Push Service. Acts as an intermediary that forwards push notifications to APNs and FCM on our behalf.
• PostHog (product analytics and crash reporting). Receives anonymised behavioural events and exception traces tied to a pseudonymous account identifier. We use PostHog's EU Cloud (eu.i.posthog.com) so that this data is processed within the European Economic Area. PostHog does not receive your password, payment card data, plaintext authentication tokens, ICCIDs, email address, or phone number; these are filtered at source.
• Amazon Web Services (AWS). Hosts our infrastructure and email-delivery services. Personal data is encrypted in transit and at rest.
• Professional advisers and authorities. Lawyers, accountants, auditors, and competent public authorities, where disclosure is necessary to comply with the law or to defend our legal rights.

We do not sell your personal data. We do not share your personal data with advertisers, ad networks, or data brokers.

6. International Data Transfers

Some of the recipients listed above may process personal data outside the European Economic Area. Where this happens, we rely on appropriate safeguards under Chapter V of the GDPR — most commonly the European Commission's Standard Contractual Clauses, or an adequacy decision where one is in force. You can request a copy of the safeguards we rely on by emailing support@wanderersim.com.

7. Analytics and Your Choices

We use product analytics to understand which features are used, where users encounter friction, and where the Service crashes, so we can improve it. The events are anonymised at source — personally identifiable values such as email address, phone number, payment-card data, eSIM identifiers, and authentication tokens are filtered before being sent.

The legal basis for product analytics is our legitimate interest in operating and improving the Service. You have the right to object to this processing at any time. To opt out, email support@wanderersim.com and we will disable analytics events for your account. We are working on a self-service opt-out toggle that will be available in the account settings; this Privacy Policy will be updated when it ships.

8. Marketing Communications and Push Notifications

Transactional push notifications. We use push notifications to deliver Service-critical messages — for example, low-data alerts, eSIM expiry warnings, and order updates. These are processed under contract performance and as a legitimate interest in keeping you informed about the eSIMs you have purchased. You can turn off all push notifications in your device's operating-system settings at any time.

Marketing emails and push. We do not send marketing or promotional messages — whether by email or by push — without your separate, explicit opt-in. Where you have opted in:

• Every marketing email contains a one-click unsubscribe link in the footer
• You can withdraw your marketing consent at any time by emailing support@wanderersim.com, by toggling the preference in your account settings (where available), or by replying STOP to a promotional message
• Withdrawing marketing consent does not affect transactional or Service-critical communications, which remain necessary to deliver what you have purchased
• Withdrawing marketing consent does not affect the lawfulness of any processing carried out before the withdrawal

9. Cookies and Similar Technologies

The Service is a native mobile application and does not set cookies on your device for our own purposes. When you complete a payment, the Paddle checkout screen may use cookies and similar technologies under Paddle's own privacy policy. Our website (where applicable) may use a small number of strictly necessary cookies; we will publish a separate cookie notice if and when we introduce any non-essential web cookies.

10. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, plus any period required by law.

• Account data: retained for as long as your account is active. On deletion, removed within thirty (30) days, except where retention is required by law.
• Purchase records (Orders, invoices, payment metadata): retained for the period required by applicable tax and accounting law in Bosnia and Herzegovina — typically up to ten (10) years.
• Audit logs: retained for two (2) years.
• Authentication tokens (refresh tokens, JWT identifiers): automatically purged on expiry or after rotation.
• One-time passcodes: automatically purged after use or after fifteen (15) minutes.
• Push notification tokens: retained until the token becomes invalid or you uninstall the app.
• Product-analytics events: retained according to PostHog's standard retention policy (currently seven years by default, configurable).
• Support correspondence: retained for up to three (3) years after the case is resolved.

11. Security

We implement technical and organisational measures designed to protect your personal data:

• Passwords are hashed using BCrypt with a cost factor of 12; plaintext passwords are never stored
• Sessions use signed JSON Web Tokens with short expiry windows
• Refresh tokens are stored only as SHA-256 hashes; the plaintext is never persisted server-side
• All data in transit is encrypted using TLS
• Database and infrastructure access is restricted, logged, and audited
• Sensitive operational changes require multi-factor authentication

No system is perfectly secure. If we become aware of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority within seventy-two (72) hours and you without undue delay, as required by Articles 33–34 GDPR.

12. Your Rights

Subject to applicable conditions and exemptions, you have the following rights under the GDPR and equivalent laws:

• Access — to obtain confirmation of whether we process your data and a copy of it
• Rectification — to correct inaccurate or incomplete data
• Erasure — to have your data deleted (the "right to be forgotten")
• Restriction — to limit how we process your data in specified circumstances
• Portability — to receive your data in a structured, commonly used, machine-readable format and to have it transmitted to another controller where technically feasible
• Objection — to object, on grounds relating to your particular situation, to processing based on our legitimate interests, including profiling
• Withdraw consent — where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing before the withdrawal
• Not be subject to solely automated decisions that produce legal or similarly significant effects on you; we do not currently make such decisions

Some of these rights are not absolute — for example, we may decline to delete data that we are required by law to retain.

13. How to Exercise Your Rights

Email support@wanderersim.com from the email address registered to your account. We will respond within thirty (30) days of receipt and, where strictly necessary because of the complexity or number of requests, may extend that period by a further two (2) months with notice to you.

We may ask you for information to verify your identity before acting on a request. We will not charge you a fee for exercising your rights unless your request is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse to act.

You also have the right to lodge a complaint with the data-protection supervisory authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement. A list of supervisory authorities is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en.

14. Account Deletion

You can delete your account at any time from the Account section of the Service. Deletion is immediate and permanent for the data categories listed below — there is no grace period or recovery window. Please make sure you have used or transferred anything important before initiating deletion.

Deleted on account closure:

• Your account record (email, display name, password hash, preferences)
• Active authentication tokens
• One-time passcodes
• Push-notification tokens

Retained after account closure (with personal identifiers minimised where possible):

• Orders, invoices, and payment metadata — for the period required by tax and accounting law
• Wallet-transaction ledger entries — for audit and tax purposes
• Audit logs — for the retention period in Section 10
• Active eSIMs may continue to function on devices on which they are already installed until they expire, but you will no longer be able to manage them through the Service

Any remaining Wallet balance is forfeited on account closure and is not refundable as money.

15. Children's Privacy

The Service is not directed to children under the age of sixteen (16), and we do not knowingly collect personal data from children under sixteen. If we learn that we have collected personal data from a child under sixteen without verified parental consent, we will delete it promptly. If you believe a child has provided us with personal data, please contact support@wanderersim.com.

16. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes — for example, to the categories of data we collect, the purposes of processing, or the recipients of data — we will notify you through the Service or by email, and update the "Last updated" date at the top of this document. Continued use of the Service after the change takes effect constitutes acceptance of the updated policy where consent is not required; where consent is required, we will obtain it before the change applies to you.

17. Contact

For any question, request, or complaint regarding this Privacy Policy or your personal data:

• Email: support@wanderersim.com
• Postal: Softr Solutions d.o.o., Jadranska br. 13/17, 71000 Sarajevo, Bosnia and Herzegovina

You also have the right to lodge a complaint with your local data-protection supervisory authority, as described in Section 13.