Privacy policy

Last updated: 29 May 2026

1. Who is responsible for your data

Telecomer OÜ is the data controller for personal data processed when you visit surfroam.com, use the Surfroam app, buy or use Surfroam services, contact support, or interact with us.

Telecomer OÜ
Registry code: 14072246
Registered address: Kolde pst. 96-31, Tallinn 10316, Estonia
Email: support@surfroam.com

Where your local data-protection law gives you stronger rights, those rights continue to apply.

2. Personal data we collect

We collect personal data you provide to us, including your name, email address, phone number, billing and shipping address, account details, order details, support messages, and information needed to provide the service.

We collect service data needed to provide and manage connectivity, including SIM and eSIM identifiers, activation status, usage records, connection records, balance, package, product, plan, account status, and technical support information.

We collect payment-related information such as payment status, transaction ID, payment method type, currency, amount, risk checks, refund status, and limited card or payment metadata provided by payment processors. We do not store full card numbers or card security codes.

We may collect technical and device data such as IP address, device type, operating system, browser, app version, language, time zone, cookie identifiers, diagnostics, logs, crash data, and approximate location derived from network or technical data.

We do not knowingly collect personal data from anyone under 18. If we learn that we have collected such data, we will delete it where required.

3. Why we use your data and our legal basis

We use personal data to perform our contract with you, including creating your account, processing orders, delivering SIMs or eSIMs, activating service, applying balance or packages, billing, providing support, handling refunds, and managing the service.

We use personal data to comply with legal obligations, including tax, accounting, telecom, consumer protection, sanctions, fraud prevention, and lawful authority requests.

We use personal data for our legitimate interests, including service security, fraud prevention, abuse prevention, troubleshooting, improving the service, keeping records, protecting our rights, and communicating with you about your account or service.

We use consent where required, including for non-essential cookies, certain analytics, marketing communications, and push notifications. You can withdraw consent at any time.

4. Sharing your data

We share personal data only where needed to provide, secure, support, improve, or legally operate the service.

Recipients may include payment processors, ecommerce and account platforms, telecom and roaming partners, SIM/eSIM providers, hosting and cloud providers, email and support tools, analytics providers, fraud-prevention providers, couriers, fulfilment partners, professional advisers, banks, and authorities where required by law.

We do not sell your personal data.

5. International transfers

Some providers and network partners may process data outside your country, the EEA, or the UK. Where required, we use lawful transfer safeguards such as adequacy decisions, Standard Contractual Clauses, or other legally recognized safeguards.

6. Cookies, analytics, and marketing

We use essential cookies and similar technologies to run the website, app, checkout, account, security, and service functions.

We use non-essential cookies, analytics, advertising, or similar technologies only where permitted by law and, where required, with your consent. You can manage cookies through our cookie banner, browser settings, or device settings.

We send marketing only where permitted. You can unsubscribe using the link in any marketing message or by contacting support@surfroam.com.

7. How long we keep data

We keep personal data only as long as needed for the purposes described in this policy, including providing the service, keeping business records, resolving disputes, preventing fraud or abuse, and meeting legal obligations.

Some records, such as tax, accounting, transaction, and legal records, may need to be kept for the period required by law. We may delete or anonymize inactive accounts, support, or contact data when it is no longer needed.

8. Your rights

Depending on where you live, you may have the right to access, correct, delete, restrict, transfer, or object to the processing of your personal data, and to withdraw consent where processing is based on consent.

To exercise your rights, contact support@surfroam.com. We may need to verify your identity before acting on your request. We respond within the timeframe required by applicable law.

EU, EEA, and UK residents may also complain to a data-protection supervisory authority. In Estonia, the supervisory authority is the Andmekaitse Inspektsioon.

9. Security

We use technical and organizational safeguards designed to protect personal data, including encrypted transmission where appropriate, access controls, service monitoring, and security procedures. No system is perfectly secure, but we work to protect your data and to notify you and authorities where required by law if a data breach occurs.

10. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date shows when the current version took effect. Material changes take effect when posted, unless mandatory law requires another process.