Privacy Policy

Last updated: April 2026

1. Who we are

Roam is an eSIM data service operated by Dimva Ltd (company number 16068163), registered in England and Wales, with registered office in Loughborough, England. We trade as Ordera. If you have any questions about this policy or how we handle your data, contact us at [email protected].

2. What data we collect

We collect only the data necessary to provide the service:

Email address — provided by you at checkout.
Payment information — processed directly by Stripe; we never see or store your card details.
IP address and country — detected automatically to show localised pricing. We do not store this.
Order details — the plan you purchased, amount paid, and the eSIM activation code issued to you.

3. Why we collect it

To process your payment and fulfil your order (legal basis: performance of a contract).
To send you your eSIM activation code and any order-related communications (legal basis: performance of a contract).
To comply with financial and legal record-keeping obligations (legal basis: legal obligation).

4. Third parties we share data with

We share the minimum data required with the following processors:

Stripe — payment processing. Your email address and order amount are shared with Stripe to create a checkout session. Stripe's privacy policy applies to data they hold.
eSIM Access — eSIM provisioning. Your purchased plan details are passed to eSIM Access to generate and deliver your activation code.

We do not sell, rent, or share your data with any other third parties for marketing purposes.

5. Data retention

We retain your email address and order record for 12 months from the date of purchase. After that period, personal data is deleted from our systems. We may retain anonymised, non-identifiable records (e.g. sales counts) for longer for business reporting.

6. Your rights (UK GDPR)

Under UK GDPR you have the right to:

Access — request a copy of the personal data we hold about you.
Correction — ask us to correct inaccurate or incomplete data.
Deletion — ask us to delete your personal data (the "right to be forgotten").
Restriction — ask us to restrict how we process your data in certain circumstances.
Objection — object to processing based on our legitimate interests.
Portability — receive your data in a structured, machine-readable format.

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have mishandled your data: ico.org.uk.

7. Cookies

We use a single cookie to remember your language preference (lang). This cookie does not track you across other websites and contains no personal information. We do not use advertising or analytics cookies unless you have a configured analytics integration (e.g. Google Analytics or Meta Pixel) that we may optionally enable — if so, those third parties' cookie policies apply.

8. Security

All data is transmitted over HTTPS. We do not store payment card details — these are handled entirely by Stripe. Access to our systems is restricted to authorised personnel only.

9. Changes to this policy

We may update this policy from time to time. We will always show the date it was last updated at the top of this page. Continued use of the service after changes are published constitutes acceptance of the updated policy.

10. Governing law

This policy is governed by the laws of England and Wales and complies with the UK GDPR and the Data Protection Act 2018.

Questions? Email us at [email protected].