Privacy Policy

Tbilisi — Edition of 22.04.2026

This Privacy Policy (hereinafter — the "Policy") sets out the procedure for the processing and protection of personal data of users of the "ESIMKA" service (hereinafter — the "Service"), provided by Kolofi LLC (Limited Liability Company, Identification Number 402285424, registered on 26/07/2023 by the LEPL National Agency of Public Registry (Georgia), registered office: Georgia, Tbilisi, Didube district, Archil Kurdiani street, N16, apartment N12) (hereinafter — the "Operator").

Use of the Service (including the Telegram bot, website, mobile application, and other channels) constitutes the User's unconditional consent to this Policy and to the conditions of processing of their personal data set forth herein.

1. Terms and Definitions

Personal Data — any information relating to a directly or indirectly identified or identifiable natural person (data subject).

Processing of Personal Data — any action or set of actions performed on personal data, including collection, recording, organization, accumulation, storage, clarification, retrieval, use, transfer, anonymization, blocking, deletion, or destruction.

User — a natural person using the Service.

Service — a hardware-and-software complex including the Telegram bot @esimka, the website esimka.io, and related interfaces through which the User is provided with the ability to purchase and activate eSIM profiles.

Cookie Files — small text files saved on the User's device by the website and used to identify the session.

2. Categories of Personal Data Processed

The Operator processes the following categories of personal data, provided by the User voluntarily or obtained automatically when using the Service:

  • surname, first name (where voluntarily provided);
  • phone number;
  • email address;
  • Telegram user identifier (user ID), username, interface language;
  • country of stay and selected tariff plan;
  • payment information (amount, date, transaction identifier, last 4 digits of the card — without storage of full card details);
  • technical information: IP address, device type, model, operating system version, browser data, cookie files, event log files;
  • information about activated eSIM profiles (ICCID, activation status, volume of traffic consumed).

The Operator does not process special categories of personal data (racial or ethnic origin, political, religious, or philosophical beliefs, health data, data concerning sex life) and does not process biometric personal data.

3. Purposes of Processing of Personal Data

3.1. Registration and identification of the User in the Service.

3.2. Provision of access to the Service, sale and activation of eSIM profiles, technical support of Users.

3.3. Receipt and processing of payments through payment agents.

3.4. Sending informational and service notifications (regarding order status, eSIM activation, completion of the traffic package, etc.).

3.5. Sending advertising materials — solely subject to the User's separately expressed consent, with the option to opt out at any time.

3.6. Analysis of the quality of the Service, error correction, ensuring information security, prevention of fraud.

3.7. Compliance with the requirements of applicable law, including tax, accounting, and anti-money-laundering legislation.

4. Legal Grounds for Processing

4.1. The User's consent, expressed by conclusive actions when using the Service, as well as in any other form provided for by law.

4.2. Performance of a contract to which the User is a party (public offer), including taking steps to enter into such a contract at the User's initiative.

4.3. Compliance with legal obligations imposed on the Operator by applicable law.

4.4. Protection of the legitimate interests of the Operator or third parties, provided that the rights and freedoms of the data subject are not infringed.

5. Procedure and Conditions of Processing

5.1. Processing of personal data is carried out both with the use of automated tools and without them.

5.2. The Operator takes the necessary legal, organizational, and technical measures to protect personal data against unauthorized access, destruction, modification, copying, or distribution.

5.3. The Operator does not take legally significant decisions based solely on automated processing.

5.4. Personal data retention periods are determined by the purposes of processing and the requirements of applicable law. Upon achievement of the purposes of processing, or upon withdrawal of consent by the User, personal data shall be destroyed or anonymized within 30 (thirty) days, unless another period is established by law.

5.5. The Operator stores and processes personal data using infrastructure located in jurisdictions that ensure an adequate level of protection of data subjects' rights.

6. Transfer of Personal Data to Third Parties

The Operator is entitled to entrust the processing of personal data to third parties on the basis of contracts containing confidentiality and data protection clauses, for the following purposes:

  • payment aggregators — for processing payments;
  • telecommunications operators and eSIM profile providers — for activation of communication services;
  • cloud infrastructure and hosting providers — for hosting the Service;
  • Telegram Messenger Inc. — to the extent necessary for the operation of the bot;
  • competent state authorities — in cases expressly provided for by law.

Cross-border transfer of personal data is carried out only to countries that ensure an adequate level of protection of data subjects' rights, in accordance with applicable data protection laws.

7. Rights of the User

The User has the right: to obtain information about the Operator and access their personal data; to request the rectification, blocking, or destruction of their personal data where such data is incomplete, outdated, inaccurate, or unlawfully obtained; to withdraw consent to the processing of personal data; to lodge a complaint with the competent supervisory authority and the courts.

Data subject requests shall be sent to the email address sup@esimka.io. The deadline for reviewing a request is no more than 10 (ten) business days from the date of receipt.

8. Use of Cookies and Similar Technologies

The Service uses cookie files and similar technologies to ensure the operation of the Service's functions, save user preferences, and collect anonymized analytics. The User is entitled to disable cookies in browser settings; in this case, some functions of the Service may become unavailable.

9. Amendments to the Policy

The Operator is entitled to unilaterally introduce amendments to this Policy. The current version of the Policy is published on https://esimka.io and enters into force from the moment of its publication, unless a different date is specified in the new version.

10. Operator Details and Contact Information

Name: Kolofi LLC

Legal Form: Limited Liability Company

Identification Number: 402285424

Registration Number and Date: 26/07/2023

Registering Authority: LEPL National Agency of Public Registry (Georgia)

Registered Office Address: Georgia, Tbilisi, Didube district, Archil Kurdiani street, N16, apartment N12

Email: sup@esimka.io

Telegram: @esimka

Website: https://esimka.io

This version of the Policy is in force from 22.04.2026.