Privacy Policy

Last Updated: January 14, 2026

1. Introduction and Scope

This Privacy Policy ("Policy") describes how VNSH ("we," "us," or "our") collects, uses, discloses, and protects information in connection with our ephemeral eSIM services ("Services"). This Policy applies to all users of our Services worldwide.

We are committed to protecting your privacy and have designed our Services with privacy as a core principle. Our architecture minimizes data collection and implements automatic data deletion.

2. Information We Collect

2.1 Information We Do NOT Collect

By design, we do not collect or store:

• Names, addresses, or contact information
• Email addresses or phone numbers
• Government-issued identification
• Payment card details (processed by third-party payment processors)
• Browsing history or usage patterns
• Device identifiers or fingerprints
• Location data
• IP addresses (our Services are Tor-only)
• Account credentials (no accounts exist)

2.2 Information Temporarily Processed

The following information is temporarily processed and automatically deleted upon payment confirmation:

Data Type	Purpose	Retention
Payment invoice	Payment verification	Deleted upon confirmation
Plan selection	Service fulfillment	Not stored after assignment
eSIM assignment	Random pool allocation	No record linking payment to eSIM

2.3 Server Logs

Our servers do not maintain access logs. Connection logs are disabled at the infrastructure level. No IP addresses are recorded (all access occurs via Tor hidden services).

3. How We Use Information

Temporarily processed information is used solely for:

• Verifying payment completion
• Assigning an eSIM from our random pool
• Delivering the eSIM activation code

We do not use any information for marketing, profiling, analytics, or any purpose other than immediate service fulfillment.

4. Data Sharing and Disclosure

4.1 Third-Party Payment Processors

Cryptocurrency payments are processed by third-party payment processors. These processors operate independently and have their own privacy policies. We do not receive or store your cryptocurrency wallet addresses or transaction details beyond a temporary payment reference.

4.2 No Sale of Data

We do not sell, rent, lease, or trade any personal information. We have never sold personal information and have no intention of doing so.

4.3 Legal Requests

Due to our data minimization architecture, we are generally unable to respond to legal requests for user data because such data does not exist. Payment invoices are deleted immediately upon payment confirmation, and no record links payments to eSIM assignments.

If we receive a valid legal request, we can only provide information that exists at the time of the request, which, by design, is minimal to none.

5. Data Retention and Deletion

Once payment confirms:

• The payment invoice is permanently deleted
• No record linking your payment to your eSIM exists
• No historical transaction data is retained
• Random pool assignment ensures unlinkability

6. Your Privacy Rights

6.1 Rights Under GDPR (European Economic Area, UK, Switzerland)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR) and equivalent laws:

• Right of Access: You may request access to personal data we hold about you. Due to our architecture, we hold no personal data after payment confirmation.
• Right to Rectification: Not applicable as we do not maintain personal data records.
• Right to Erasure: Automatically fulfilled through immediate invoice deletion upon payment confirmation.
• Right to Restriction: Not applicable as we do not process personal data beyond immediate service delivery.
• Right to Data Portability: Not applicable as we do not maintain personal data.
• Right to Object: You may decline to use our Services.
• Rights Related to Automated Decision-Making: We make no automated decisions about you.

Legal Basis for Processing: Where processing occurs, it is based on contract performance (fulfilling your eSIM purchase) under Article 6(1)(b) of the GDPR.

6.2 Rights Under CCPA/CPRA (California)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: You may request disclosure of personal information collected. We collect no personal information as defined under CCPA.
• Right to Delete: Automatically fulfilled through immediate deletion upon payment confirmation.
• Right to Opt-Out of Sale: We do not sell personal information.
• Right to Opt-Out of Sharing: We do not share personal information for cross-context behavioral advertising.
• Right to Non-Discrimination: We do not discriminate against users exercising privacy rights.
• Right to Correct: Not applicable as we do not maintain personal information.
• Right to Limit Use of Sensitive Personal Information: We do not collect sensitive personal information.

Categories of Personal Information: We do not collect personal information in any category defined under CCPA Section 1798.140(v).

"Do Not Sell or Share My Personal Information": We do not sell or share personal information for cross-context behavioral advertising.

Notice at Collection: We do not collect personal information from California consumers.

Financial Incentives: We do not offer financial incentives related to personal information.

6.3 Rights Under Virginia, Colorado, Connecticut, Utah Laws

If you are a resident of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), or Utah (UCPA), you have the following rights:

• Right to Access: No personal data is collected or retained.
• Right to Delete: Automatically fulfilled through immediate deletion.
• Right to Correct: Not applicable as we do not maintain personal data.
• Right to Data Portability: Not applicable as we do not maintain personal data.
• Right to Opt-Out of Targeted Advertising: We do not engage in targeted advertising.
• Right to Opt-Out of Sale: We do not sell personal data.
• Right to Opt-Out of Profiling: We do not profile consumers.

6.4 Rights Under Other US State Laws

For residents of other US states with privacy laws, including but not limited to Oregon, Texas, Montana, Delaware, Iowa, New Jersey, New Hampshire, Tennessee, and any other states that have enacted or will enact consumer privacy legislation, we provide equivalent protections: we collect no personal data, do not sell data, and do not engage in targeted advertising or profiling.

6.5 Rights Under Other Jurisdictions

Users in other jurisdictions (including but not limited to Brazil under LGPD, Canada under PIPEDA, and other applicable laws) have similar rights which are generally fulfilled automatically by our data minimization and immediate deletion architecture.

7. International Data Transfers

Our servers are located in Switzerland. Switzerland has an adequacy decision from the European Commission, meaning it provides adequate data protection under GDPR. However, because we collect no personal data, international transfer provisions are not applicable to our Service.

8. Security Measures

We implement security measures including:

• Tor-only access (no clearnet exposure)
• No persistent data storage
• Automatic data purge systems
• Random pool assignment (no linking between purchase and eSIM)
• No account system (eliminates credential theft risk)

9. Children's Privacy

Our Services are not directed to individuals under 18 years of age. We do not knowingly collect information from children. If you believe a child has used our Services, note that no personal information would have been collected or retained due to our architecture.

10. Cookies and Tracking

Our website does not use cookies, web beacons, pixels, or any other tracking technologies. We do not engage in behavioral tracking or cross-site tracking.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Material changes will be noted at the top of the policy. Your continued use of our Services after changes constitutes acceptance of the updated policy.

12. Contact Information

Due to our privacy-focused architecture, we do not maintain traditional contact channels. For privacy-related inquiries, you may submit a request through our Tor hidden service.

For users in the EEA, please note that due to the nature of our Services (no personal data collection or retention), the appointment of a Data Protection Officer or EU Representative is not required under GDPR Articles 37-27.

13. Transparency

This Privacy Policy fully discloses our data practices. Our architecture ensures that privacy is enforced technically, not just through policy.