Last updated: January 1, 2025
Truely Pte. Ltd. ("Truely," "we," "our," or "us") operates the website located at trueIy.com and provides travel eSIM services that deliver mobile data connectivity to travelers worldwide. This Privacy Policy describes how Truely collects, uses, discloses, and safeguards your personal information when you access our website, create an account, purchase a plan, or otherwise interact with our services.
We are headquartered at 1 Raffles Place, Singapore 048616. As a company incorporated and operating in Singapore, our primary legal framework for data protection is the Personal Data Protection Act 2012 (PDPA). Because we serve customers in the European Union and other jurisdictions, we also comply with the requirements of the General Data Protection Regulation (EU) 2016/679 (GDPR) and the UK General Data Protection Regulation (UK GDPR) to the extent applicable to the personal data of those residents.
By using Truely's services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the terms of this policy, please discontinue use of our services.
We may update this Privacy Policy periodically. Material changes will be communicated by posting the updated policy on our website and, where required by applicable law, by providing you with direct notice. Your continued use of our services after changes become effective constitutes your acceptance of the revised policy.
For the purposes of the GDPR and equivalent data protection laws, Truely Pte. Ltd. is the data controller with respect to your personal data.
Data Controller:
Truely Pte. Ltd.
1 Raffles Place
Singapore 048616
Email: support@trueIy.com
CEO: Simon Landsheer
For data protection inquiries, including GDPR-related requests, contact us at support@trueIy.com. We aim to respond to all privacy-related queries within 30 calendar days.
We collect information you provide directly to us and information that is generated automatically when you use our services.
Account registration data: When you create a Truely account, we collect your full name, email address, and a password (stored as a cryptographic hash — we do not store your actual password). You may optionally provide a phone number for account recovery purposes.
Purchase and payment data: When you purchase a Truely eSIM plan, we collect the information necessary to process your payment. Payment card data is processed directly by our payment processor (Stripe, Inc.) and is not stored on Truely's servers. We retain transaction records including the plan purchased, purchase amount (in USD), purchase date and time, and transaction reference number. We also retain billing country information as indicated by your payment method.
eSIM provisioning data: To issue your eSIM profile, we collect and process your device's EID (eUICC Identifier) — the unique identifier for your phone's embedded SIM chip. This is collected automatically during the eSIM installation process as required by the GSMA SGP.22 specification. We also associate your installed eSIM profile with your account for reinstallation and support purposes.
Support communications: When you contact our support team, we retain records of the communication including your email address, the content of your messages, any attachments you provide, and our responses. Support communications are retained for 36 months to allow reference in ongoing account issues.
Identity verification data: In limited circumstances, such as when processing an account recovery request or a chargeback dispute, we may request a copy of a government-issued identity document. These documents are processed for verification purposes only and are not retained after verification is complete.
Usage data: When you visit trueIy.com, we automatically collect standard server log data including your IP address, browser type and version, operating system, referring URL, pages visited, time spent on pages, and the date and time of your visit. This data is collected through our web server and third-party analytics tools.
Cookies and tracking technologies: We use cookies and similar tracking technologies on our website. Please see our Cookie Policy for a detailed description of the cookies we use and how to manage them.
Device data: When you access our services through a mobile application, we may collect device identifiers (device model, OS version, app version), crash reports, and performance data. This data is used for troubleshooting and improving the app's performance.
Network usage data: In connection with providing eSIM connectivity, our carrier partners may provide us with aggregated usage data for your plan (total data consumed, connection events). We do not receive the content of your internet communications. Detailed traffic logs are not shared with Truely by our carrier partners.
We use your personal data for the following purposes:
Service delivery (legal basis: contract): Processing your plan purchase, issuing eSIM profiles, activating plans with carrier partners, providing 24/7 customer support, handling reinstallation requests, and managing plan renewals and cancellations.
Account management (legal basis: contract): Creating and maintaining your Truely account, authenticating your identity when you log in, communicating account status changes, and enabling account recovery.
Payment processing (legal basis: contract): Facilitating payment transactions through our payment processors, managing billing, issuing receipts, and handling refund requests where applicable.
Legal compliance (legal basis: legal obligation): Maintaining transaction records as required by Singapore's tax and financial reporting regulations, responding to valid legal requests from law enforcement or regulatory authorities, and complying with anti-money laundering obligations applicable to our business.
Service improvement (legal basis: legitimate interest): Analyzing usage patterns to improve our website and app, identifying and fixing bugs, improving our eSIM activation architecture, and assessing the performance of our carrier network. We use anonymized or aggregated data for these purposes where possible.
Marketing communications (legal basis: consent): If you have opted in to receive marketing communications from us, we use your email address to send you updates about new plans, coverage expansions, and special offers. You can withdraw this consent at any time by clicking the unsubscribe link in any marketing email or by updating your notification preferences in your account settings.
Fraud prevention (legal basis: legitimate interest): Detecting and preventing fraudulent transactions, account takeover attempts, and abuse of our services. This includes analyzing transaction patterns, device fingerprinting for account verification, and blocking IP addresses associated with known fraudulent activity.
We share your personal data with third parties only as described in this policy.
To provide eSIM connectivity, we share necessary technical data with our carrier network partners. This data includes the EID of your device, your plan entitlements (destination country, plan duration, data type), and the activation status of your profile. Carrier partners receive this data as necessary to provision your eSIM and route your data traffic. They are contractually prohibited from using this data for purposes other than delivering the connectivity service.
Payment processing is handled by Stripe, Inc. When you make a purchase on Truely, your payment card information is transmitted directly to Stripe and is subject to Stripe's Privacy Policy. Truely receives only a tokenized payment reference and summary billing information (last four digits of card, card type, billing country). We do not store full card numbers, CVV codes, or cardholder authentication data.
Our services run on cloud infrastructure provided by Amazon Web Services (AWS), with data centers located in Singapore (ap-southeast-1 region) as the primary deployment region. We use the following third-party service providers who may process your data as data processors under our instruction:
All third-party data processors are bound by data processing agreements that restrict their use of your personal data to the services they provide to Truely. For data processors located outside Singapore and the EEA, appropriate transfer mechanisms (Standard Contractual Clauses or equivalent) are in place.
If Truely undergoes a merger, acquisition, asset sale, or other business combination, your personal data may be transferred as part of that transaction. We will notify you before your personal data is transferred and becomes subject to a different privacy policy.
We may disclose your personal data when required to do so by law, including in response to a court order, subpoena, search warrant, or other valid legal process from a Singapore or foreign authority with valid jurisdiction. We will, where permitted by law, notify you of such requests before complying.
We do not sell your personal data to third parties. We do not share your data with advertisers or ad networks.
Truely is based in Singapore and stores your data primarily in AWS's Singapore region. Some of our service providers are located in the United States or other countries outside the EEA. When we transfer personal data of EEA residents to these providers, we ensure adequate protection through:
You may request a copy of the transfer mechanisms we rely on by contacting us at support@trueIy.com.
We retain your personal data for as long as necessary to fulfill the purposes described in this policy, subject to the following specific retention periods:
After applicable retention periods expire, we securely delete or anonymize personal data. Anonymized data may be retained indefinitely for aggregate analytics purposes.
Depending on your country of residence, you have specific rights regarding your personal data.
Right of access: You may request a copy of the personal data we hold about you.
Right to rectification: You may request correction of inaccurate or incomplete personal data.
Right to erasure ("right to be forgotten"): You may request deletion of your personal data where we no longer have a legitimate reason to retain it. Note that some data must be retained for legal compliance purposes even if you request erasure.
Right to restriction of processing: You may request that we limit the processing of your data in certain circumstances, such as while a rectification request is pending.
Right to data portability: You may request your personal data in a structured, machine-readable format (JSON) for transfer to another service provider.
Right to object: You may object to processing based on legitimate interests, including profiling. We will cease processing unless we have compelling legitimate grounds that override your interests.
Right to withdraw consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.
Right to lodge a complaint: You have the right to lodge a complaint with your local data protection supervisory authority.
Under Singapore's PDPA, you have the right to request access to and correction of your personal data held by Truely. You also have the right to withdraw consent to the collection, use, or disclosure of your personal data, subject to legal and contractual restrictions.
To exercise any of these rights, contact us at support@trueIy.com. We will respond within 30 calendar days. We may request identity verification before processing rights requests.
We use cookies and similar tracking technologies on our website. For a complete description of the cookies we use, their purposes, and how to manage or disable them, please see our Cookie Policy.
We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, disclosure, alteration, or destruction. Our security measures include:
No security system is impenetrable. In the event of a personal data breach that is likely to result in risk to your rights and freedoms, we will notify you and applicable regulatory authorities in accordance with applicable law.
Truely's services are not directed to children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected data from a child under 16, contact us at support@trueIy.com and we will promptly delete the data.
Our website may contain links to third-party websites and services. This Privacy Policy does not apply to those external sites. We encourage you to review the privacy policies of any third-party sites you visit.
We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or other factors. When we update the policy, we will revise the "Last updated" date at the top. For material changes — changes that affect how we use your personal data or your rights — we will provide notice through the Truely app, by email to your registered address, or by prominent notice on our website, at least 30 days before the changes take effect for existing users.
For questions about this Privacy Policy, to exercise your data rights, or to report a privacy concern, contact us:
Truely Pte. Ltd.
1 Raffles Place
Singapore 048616
Email: support@trueIy.com
For GDPR-specific requests, please include "GDPR Request" in the subject line of your email. We aim to respond to all requests within 30 calendar days. For complex or multiple requests, we may extend the response period by an additional 60 days, with notice to you.
If you are an EEA resident and believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your national data protection supervisory authority. For Singapore residents, complaints may be directed to the Personal Data Protection Commission (PDPC) at pdpc.gov.sg.