TripoSIM

Privacy Policy

Last updated: April 2026

1. Who We Are

TripoSIM is operated by BroadNet Technologies LLC, headquartered in New Jersey, USA. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website (triposim.com) and services.

2. Information We Collect

We collect the following types of information:

  • Account information: Name, email address, and password when you create an account.
  • Payment information: Processed securely by Stripe. We do not store full card numbers — only the last four digits, card brand, and expiration for your reference.
  • Usage data: eSIM data consumption and status, used to display your dashboard and monitor service quality.
  • Technical data: IP address, browser type, device information, and pages visited for security and analytics.
  • Communications: Messages you send to our support team.

Mobile Application Data

When you use the TripoSIM mobile application (Android or iOS), we may additionally collect:

  • Push notification tokens (FCM for Android, APNs for iOS) — used exclusively to deliver incoming call alerts and service notifications. Tokens are stored on our server and removed when you log out.
  • SIP/VoIP credentials — generated server-side for HomeLink call forwarding. Stored securely on-device (Android SharedPreferences, iOS Keychain) and on our server. Never shared with third parties.
  • Phone contacts (HomeLink feature only) — if you enable HomeLink and grant permission, we sync your contact names and phone numbers (normalized to E.164 format) to our server. This data is used solely to route incoming calls to the correct subscriber. Contact sync is completely optional and can be disabled at any time in Settings. Contacts are deleted from our server when you disable the feature or delete your account.
  • Device identifiers — device model, OS version, and a vendor-assigned device ID for push notification delivery and debugging.

HomeLink (VoIP Call Forwarding)

HomeLink allows you to receive calls to your home phone number on the TripoSIM app over data. When you activate HomeLink:

  • We assign you a virtual DID phone number and store your SIP registration credentials.
  • Call detail records (caller number, call duration, timestamp) are logged for your call history and billing purposes.
  • Voice calls are transmitted over encrypted SIP/UDP protocol. Audio is processed in real-time and is NOT recorded or stored.
  • If you enable contact sync, caller names are matched locally on our routing server to deliver calls without delay.

TripoSIM Shield & Parental Controls

Shield provides DNS-level ad blocking and content filtering. Parental Controls extend this with child-safety filtering (Kids Safe / Teen Friendly modes).

  • DNS queries are routed through our secure DNS proxy server (shield.triposim.com) which forwards to upstream filtering providers (CleanBrowsing). We do NOT log individual DNS queries or browsing history.
  • Parental control settings (filter level, PIN hash) are stored in our database associated with your user account.
  • The PIN is stored as a bcrypt hash and cannot be reversed. We cannot recover your PIN.
  • No browsing activity data is collected, stored, or shared with any third party.

Location Data

We collect location data only with your explicit consent:

  • WiFi Map feature — if you grant location permission and accept cookies, we use your coordinates to show nearby WiFi hotspots. Location is sent to our server and to Google Places API for hotspot lookup.
  • IP-based geolocation — only when you have accepted cookie consent, we may use your IP address to detect your country for currency display and emergency number lookup. This uses the ipapi.co service.
  • If you decline cookies or deny location permission, NO location data is collected. The app functions normally without location access.

Third-Party Services

We use the following third-party services that may process your data:

  • Stripe (stripe.com) — payment processing. Stripe receives your payment card details directly. We never see or store full card numbers.
  • Google Analytics — website analytics, loaded ONLY after you accept cookie consent. Tracks page views and user behavior anonymously.
  • Firebase Cloud Messaging — push notification delivery for Android devices.
  • Apple Push Notification service (APNs) — push notification delivery for iOS devices.
  • CleanBrowsing — upstream DNS filtering for Shield and Parental Controls. DNS queries are forwarded but not logged by our proxy.
  • Cloudflare Turnstile — CAPTCHA verification during login and registration to prevent automated attacks.
  • eSIM Vendors (eSIM Access, Airalo, eSIM Go, eSIMCard, MobiMatter) — we share your plan selection and ICCID with the vendor that fulfills your eSIM order. Vendor selection is automatic via our routing engine.

3. How We Use Your Information

  • To provide, maintain, and improve our services
  • To process your orders and deliver eSIM profiles
  • To communicate order confirmations, usage alerts, and support responses
  • To detect and prevent fraud and unauthorized access
  • To comply with legal obligations

4. Information Sharing

We do not sell your personal information. We share data only with:

  • eSIM vendors: To provision and manage your eSIM (ICCID and plan details only).
  • Payment processors: Stripe, to process your payments securely.
  • Legal authorities: When required by law or to protect our rights.

5. Data Security

We use industry-standard security measures including SSL/TLS encryption, password hashing (bcrypt), and secure server infrastructure. However, no method of electronic transmission is 100% secure, and we cannot guarantee absolute security.

6. Data Retention

We retain your account information for as long as your account is active. Order and transaction records are retained for up to 7 years for legal and accounting purposes. You may request deletion of your account and personal data at any time.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your personal data
  • Withdraw consent for marketing communications
  • Request a copy of your data in a portable format

To exercise these rights, contact us at [email protected].

8. GDPR and International Users

If you are located in the European Economic Area (EEA), United Kingdom, or other jurisdictions with data protection laws, you have additional rights under the General Data Protection Regulation (GDPR) or equivalent legislation. These include the right to access, rectification, erasure, restriction of processing, data portability, and the right to object.

For GDPR-related inquiries or to exercise your rights, contact our Data Protection Officer at [email protected].

9. Cookies

We use essential cookies to maintain your login session and preferences. We may use analytics cookies (Google Analytics) to understand how visitors interact with our website. By continuing to use our website, you consent to the use of essential cookies. You can control cookie settings through your browser. For full details, see our cookie preferences in your browser settings.

Account Deletion

You can delete your account at any time from Settings → Delete Account in the TripoSIM app or website. When you delete your account:

  • Your personal information (name, email, phone) is permanently deleted.
  • Your SIP credentials, push tokens, and contact sync data are removed.
  • Your HomeLink number is released and call forwarding stops.
  • Order and payment records are retained for 7 years as required by law, but are anonymized.
  • Active eSIM profiles may continue to function until their validity expires, but are disassociated from your account.

Account deletion is irreversible. You will receive a verification code via email before deletion is confirmed.

Children's Privacy

TripoSIM is not directed at children under 13. We do not knowingly collect personal information from children under 13. The Parental Controls feature is designed for parents to manage their children's internet access — it does not require children to create accounts or provide personal information. If you believe a child has provided us with personal data, contact us to request deletion.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of significant changes via email.

11. Contact

For privacy-related inquiries: [email protected]

BroadNet Technologies LLC
New Jersey, United States