Privacy Policy

Last updated: 1 September 2025

Our Privacy Policy

This Privacy Policy (“Policy”) sets out how Airalo collects, uses, discloses, transfers and stores your personal data, and your rights and choices with respect to your personal data. It should be read in combination with our General Terms and, if you are a user of our Services, our Terms of Use for our Services.

When we say “Airalo”, “we”, “our” or “us” we mean AirGSM Pte Ltd, a company registered in Singapore at 6 Raffles Blvd, #03-308 Marina Square, Singapore 039594.

Where you have been provided with access to Airalo’s Services by a third party (e.g. a travel agency, or your employer), Airalo may receive your personal data from them. You should also read their privacy policy, because they may collect, handle and process your personal data differently to Airalo.

Personal Data we collect, and how we collect it.

Personal data is any information that relates to an identifiable individual. We set out the information we collect in the table below, and describe how we use it.

We collect personal data in different ways, depending on how you use our Services and Platforms.

• Directly from you - when you provide it to us, such as when you register for an Airalo account, sign up to receive communications from us, make a purchase of an eSIM, contact us via email, or upload Content on one of our Websites.
• Through your use of the Services or Platforms - we will obtain information such as your IP address, cookie identifiers, location, the device and browser you're using, and how you use and interact with our website or other third-party websites. Some of this information is collected by cookies and similar technologies. For more information about this, see our Cookie Policy.
• From third parties - where this has been authorised by you or is legally permitted, or where it is necessary for us to provide the Services to you in certain scenarios. For instance: 
  • when you have purchased or been provided with the Services by a third party (such as an employer);
  • when have authorised a third party website to share your personal details with us (such as when you connect to your Airalo Account via Facebook);
  • when we collaborate with third parties for marketing purposes; and
  • third-party managed or public sources, such as information brokers (such as when we are required to perform eKYC checks to give you access to the Services.

Information we collect

When you use our Services or Platform, or you otherwise interact with us, we collect, use, store and share the personal data listed below:

If you are a User of our Services or Platforms*  *as applicable

Personal Data to set up your Account	First name, last name, email addresses, postal address/location (country, province/state, city), telephone numbers**. **If you are provided access to the Services by a third party, this might include data about your relationship with such third party (e.g. employment relationship)
Third Party Log In Info	If you choose to create an Account via a third-party platform (for example, Apple, Google or Facebook), we may automatically receive log in information from that third party. The information we receive will vary depending on the information that you have provided to the third party and your preferences within the third-party platform (for example, you may have enabled Apple's 'Hide My Email' functionality). Please refer to the relevant third party's privacy notice for further information.
Personal Data required for compliance checks (including biometrics)	If required by applicable laws and regulations, as for example in case of mandatory eKYC checks, Airalo may process data categories such as biometrics, date of birth, educational qualifications, identity cards (or other ID numbers), geographic location, relevant business partner information, as well as other information relevant to export control or customs compliance.
Personal data necessary for customer satisfaction	To the extent permitted by law or with your consent, Airalo may combine the information it collects directly or indirectly to ensure the completeness and accuracy of such data, to enable Airalo to better tailor its interactions with you, and to determine what information best meets your interests or needs.
Data generated by your use of or participation in Airalo’s Webpages and Apps	Usage Data: Airalo processes certain usage-related data, such as information about your browser, operating system or IP address with which you visit the Websites. Airalo also processes information about your use of its web services, such as the pages you visit, the amount of time you spend on a page, the page that refers you to Websites and the links you select on Websites. Device and Location Information: generic information from your device such as your IP address, make, model and operating system; non-specific location based on your IP address; specific location data derived from your mobile device. Preferences Information: specific consents provided or declined, email and push notification and cookie preferences; Preferred language, currency and airport for departures. Communications Information: the content of communications we send to and receive from you, including feedback, help requests and queries; Information about those communications, such as time and date sent and how you interact (for example open rate and click-through rate). User Contents: Content you upload to our websites or which relate to our websites (such as comments, photos, videos, recommendations, preferences, reviews) and information about the content, such as the time and date associated with that content; Your engagement with us on social media platforms (such as Instagram, Twitter or Facebook) or third party review platforms, such as Trustpilot, including comments, photos, videos, and publicly available information about your social media account. If we love your content, we might reach out to you to ask whether you're happy for us to repost it, or we may use any reviews you have left about Airalo for marketing and promotional purposes. When you participate in a survey, we collect information that you provide through the survey. If the survey is provided by a third party service provider, the third party’s privacy policy applies to the collection, use, and disclosure of your information.

If you are an employee of a partner or prospective partner of Airalo

Personal data relating to your business relationship with Airalo	Your employer’s company name and industry, your title, role, department and function, and the history of your company's relationship with Airalo.
Signature and contact information	If we need to send you documents for signature, we will store your contact details, your title and role with the company. We might ask you and store additional information to confirm that you are authorised to sign for your company

If you are applying for a job at Airalo

Personal data received in connection with your application

First name, last name, email addresses, postal address/location (country, province/state, city), telephone numbers, and any other personal data that you provide us with your CV, Cover Letter, or during the interview and selection process

Special categories of personal data. These are more sensitive types of data, such as information relating to your health, religion or ethnic origin. We don’t usually collect these categories of information, but you may choose to reveal this type of data, such as when you contact our support team, or if you provide feedback about the accessibility of our Platform. 

Why and how we use your personal data.

We may use your personal data for the following purposes, or a combination of these purposes:

Where we are performing a contract with you or a third party, such as your employer. This includes providing our services to you.

Where it is necessary to conduct our business or pursue Airalo’s legitimate interests. For example:

• Improving our Services and Platform and developing product features, or correcting faults in our Platform.
• Enhancing security and preventing fraud, including assessing compliance with our Acceptable Use Policy.
• Responding to your questions and providing support, where you are eligible to receive support from Airalo.
• Personalising your experience, for example to tailor content and recommendations.
• Performing surveys and market research, and sending marketing communications, or requesting that you leave a review about us on a third party review platform, such as Trustpilot (where consent has been provided).
• Engaging in various internal business purposes, such as data analysis, audits, fraud detection, developing new products or services, improving or modifying our Services or Platform, identifying usage trends and insights, determining effectiveness of marketing campaigns and operating our business.

Where it is necessary to exercise or comply with our own legal rights and obligations, for example we may be required to retain information by law, or carry out eKYC checks in certain countries.

Where we have obtained your consent. In circumstances where you have expressly given your consent for us to process your personal data, you are free to revoke that consent at any time, by either using the functionality provided to provide and revoke consent, or by contacting us at [email protected]. However, please be aware that may have the right to continue to process your personal data if it can be justified on one of the following basis:

• To perform our contract with you or your company
• To exercise and comply with our own legal rights and obligations
• To pursue our legitimate business interests, including but not limited to operating our Platform and business, and providing Services to you. Where we process your personal data based on a legitimate interest we will only do so where the processing is relevant, adequate, and limited to what is necessary for the purpose it was collected for.
• To establish, exercise or defend legal claims where necessary.
• To perform a task carried out in the public interest.

Who may have access to your personal data

Airalo employees. Some Airalo employees will have access to your data to help facilitate everything within the ‘Why and how we use your data’ section of this privacy policy.

Companies and employees of the Airalo Group. Airalo is a global company, and our workforce is spread all over the globe. Access is limited to those who have a genuine work-related need.

External service providers. Airalo relies on third parties to provide certain elements of our Services or support the technical operation of our Platform, including our providers of network connectivity, providers of hosting services, the processing of payments, etc. We will only rely on service providers that provide appropriate contractual safeguards for the transfer and processing of the information they process.

Independent third party services, websites and businesses. This could be in connection with a promotion, marketing event, or webinar. Airalo also uses a third party review platform, Trustpilot, who may contact you to collect feedback about your experiences with Airalo.

Distribution Partners. Airalo uses distribution partners to sell its Services, and we may need to share information with them, particularly if you have purchased services from them rather than from Airalo directly.

Other disclosures. Including:

• to comply with laws or respond to legal claims(including subpoenas and court orders) and requests from government or public authorities
• to cooperate with regulatory bodies
• to third parties for us to investigate, prevent or take action for actual or suspected prohibited activities, including fraud or misuse of our Services or Platform
• third parties to whom we may choose to sell, or merge parts of our business or assets. Alternatively we may seek to acquire other businesses or assets. If a change like this happens, the new owners of the business may use your personal data in the ways set out in this Privacy Policy.

How long we keep your personal data for

We keep your personal data only for as long as we need it, or are required legally to retain it. This depends on why it was collected, and if we have a continuing legal basis to do so (such as for our legitimate interests, or to perform our contract with you). When we no longer have a reason to keep your data, we will either delete it or anonymise it so it doesn’t identify you. You can delete your personal data or ask us to do that for you at any time. Details of how to do this are in the ‘Know your Rights’ section below. Please note that, in certain circumstances, Airalo may be required by law to retain and process some or all of your personal data, or have compelling legitimate interests to keep the data, even after a deletion request. For instance, Airalo is required to retain certain personal data to satisfy our Know Your Customer (eKYC) legal obligations.

How we keep your personal data secure

We have put in place appropriate security measures to prevent your personal data from being lost, used or accessed in an unauthorised way, altered or disclosed. In addition we limit access to your personal data to those employees,contractors and other third parties who have a business need to know. They will only process your data on our instructions, and they are subject to a duty of confidentiality. However, no method of transmission over the internet, mobile technology, or method of electronic storage, is completely secure. Therefore, while we endeavor to maintain appropriate safeguards, we cannot guarantee the absolute security of your personal data.

International Transfer of your Personal Data

Please note that your data will be stored and processed globally. More specifically, your personal data will be securely stored in data centres around the world, and not necessarily in the country where you are resident. The exact location of the data centers depends on where you are when you use the Platform or Services, and the locations of the third parties with whom we share personal data (see the section ‘Who may have access to your personal data’). The laws and regulations in the countries where the processing happens may not provide the same level of protection of personal data as the regulations in your own country. However, we'll put safeguards in place to protect your data when it is transferred. Please check the section ‘Compliance with local regulations’ below for more information.

Know your Rights.

If we hold personal data about you, you may have certain rights (depending on your location). These include:

• Requesting access to your personal data. This enables you to receive a copy of the personal data we may have about you, and to check that we are lawfully processing it.
• Requesting correction of the personal data we have about you if there are inaccuracies (which we can ask to validate).
• Requesting erasure of your personal data where there is no good reason for us to continue holding it. We may not always be able to comply with this if there is a specific legal reason preventing us.
• Requesting a restriction on the processing of your personal data, or in other words, requesting that we only process your personal data for selected purposes.
• Objecting to processing of your personal data where we are relying on a legitimate interest to do so. In some cases we may demonstrate that we do in fact have a legitimate interest.
• You have the absolute right to object at any time to the processing of your personal data for direct marketing purposes.
• You can withdraw consent at any time, where we are relying on your consent to process your personal data.
• Requesting transfer of your personal data to a third party.

If you wish to exercise any of these rights, our websites and apps will have functionality to allow you to perform most of the actions listed above. If you wish to exercise a right that isn’t available through those functionalities, please contact us using the Contact Information below.

Children. Our Services and Platforms are not directed towards children under the age of 13 and we do not knowingly collect personal data from those under the age of 13. If you become aware that anyone under the age of 13 has provided their personal data to us, please notify us at [email protected].

Contact information.

If you have any questions about how we process your personal data or would like to exercise your rights under this Privacy Policy, please contact [email protected].

If you need to access this Privacy Policy in an alternative format due to having a disability, please contact our support team via the in-app functionalities or by using the email address [email protected] or using the US toll-free phone number: +1 (888) 870-2848.

If you are not satisfied with our response, and are in the European Union or United Kingdom, you may have a right to lodge a complaint with your local data protection supervisory authority.

Compliance with local regulations

If Airalo privacy provisions apply in	Then the following applies
EU/EEA or a country with national legislation comparable to the GDPR	Who is the data protection officer of the controller? You can contact the Airalo Group Data Protection Officer at any time at [email protected]. Who is the relevant data protection authority? The contact details of your specific data protection supervisor can be found on the website of the European Data Protection Board. How does Airalo justify international data transfers? As an international group, Airalo also has affiliated companies and third-party service providers in countries outside the European Economic Area (the "EEA"). Airalo may transfer your personal data to countries outside the EEA in the course of its international business activities. If Airalo transfers personal data from a country within the EU or the EEA to a country outside the EEA for which the European Commission has not issued an adequacy decision, Airalo uses the EU Standard Contractual Clauses to contractually require that the data importer applies a level of protection to your personal data that is equivalent to the level in the EEA. You can also obtain further information and their views on international data protection issues at the European Commission's International Dimension of Data Protection webpage.
Colombia	If Airalo is subject to the provisions of Colombian Law 1581 of 2012 and Decree 1377 of 2013, the following shall apply: Within Colombia you have the right to: to view, update and correct your personal data; to ask for proof of your consent; to receive information on request about how Airalo processes your personal data; to file a complaint with the Superintendence of Industry and Commerce (“SIC”) regarding a violation of applicable laws; to withdraw your consent and/or request deletion of your personal data, provided that there is no additional legal or contractual obligation for Airalo to retain your personal data in its databases.
Kingdom of Saudi Arabia (KSA)	To the extent the provisions of the Personal Data Protection Act (“PDPL”) apply to Airalo, the following applies: Airalo processes your Personal Data by electronic means for collection, storage and other processing operations as described above. Airalo will destroy your Personal Data by electronic means where necessary for the purposes described above. Your Personal Data will be stored and saved by Airalo in a country other than Saudi Arabia, for our general business purposes, such as outsourcing and data processing. Depending on the purpose, Personal Data may be shared on a regular or ad hoc basis. Compensation can only be claimed if the courts have determined that you have suffered material or moral damage as a result of a breach as referred to in the PDPL and its Implementing Regulations. If Airalo does not comply with the PDPL, you can file a complaint with our support team. If you are not satisfied with the way we handle your complaint, you can lodge a complaint with the competent authority: Saudi Data and Artificial Intelligence Authority (SDAIA), Digital City, Riyadh, 12382, Kingdom of Saudi Arabia, Website: sdaia.gov.sa
Malaysia	To the extent Airalo is subject to the provisions of the Malaysian Personal Data Protection Act (“PDPA”), the following shall apply: Airalo has implemented technology, security features, and strict policies to protect the privacy of users' personal data, including a Malay (Bahasa Malaysia) version of this privacy statement.
Philippines	Within the Philippines you are entitled to: bring a claim for compensation as finally ordered by the National Privacy Commission or a competent court if you have suffered damage as a result of incorrect, incomplete, outdated, erroneous, unlawfully obtained or unauthorised use of personal data and your rights and freedoms as a data subject have been violated; lodge a complaint with the National Privacy Commission if your privacy has been breached, your personal data has been compromised or you have otherwise personally been affected by a breach of the Data Privacy Act. your portability rights. Your legal heirs and assigns may invoke your rights at any time after your death or when you are unable or incompetent to exercise your rights.
South Africa	To the extent Airalo is subject to the provisions of the South African Protection of Personal Information Act, 2013 (“POPIA”) the following applies: “Personal Data” in this Privacy Statement refers to Personal Data as this term is defined in the POPIA. “You” and “Your” in this Privacy Statement refer to a natural person or legal entity as these terms are used in the POPIA. You may request details of personal data which we hold about you under the Promotion of Access to Information Act 2 of 2000 (“PAIA”). If you as a natural person or legal entity believe that Airalo as the responsible party has used your personal data in violation of POPIA, you should first attempt to resolve the matter with Airalo. If you are not satisfied with this process, you have the right to complain to the Information Regulator who can be contacted as follows: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001, PO Box 31533, Braamfontein, Johannesburg, 2017 Email: [email protected] Enquiries: [email protected]
United States	To the extent that Airalo is subject to the provisions of the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Acts of 2020 (CPRA), hereinafter referred to as “CCPA,” or to the laws of other U.S. states with comparable provisions, the following shall apply: You have the right to: know what personal data the business has collected about the consumer, including the categories of personal data, the categories of sources from which the personal data is collected, the business or commercial purpose for collecting, selling, or sharing the personal data, the categories of third parties to which the business discloses the personal data, and the specific pieces of personal data that the business has collected about the consumer; delete personal data that the company has collected from the consumer (with some exceptions); correct incorrect personal data that a company holds about a consumer; no longer give consent for the company to sell or share their personal data (where applicable); to place restrictions on the company's use or disclosure of sensitive personal data (subject to certain exceptions, where applicable); to be treated equally in the exercise of these rights. California Sensitive Information Disclosure. We collect the following categories of sensitive personal data (as defined under California law): biometric information, geolocation, social security number or other government issued ID information, account log-in, payment information. This information is collected in order to process transactions, comply with laws, manage our business, or provide you with services. Note that we do not use such information for any purposes that are not identified within the California Privacy Rights Act Section 1798.121.

Our Cookie Policy

This Cookie Policy (“Policy”) describes how Airalo uses cookies and similar technologies to collect and store information when you visit our websites or our apps.It should be read in combination with our General Terms and, if you are a user of our Services, our Terms of Use for our Services.

When we say “Airalo”, “we”, “our” or “us” we mean AirGSM Pte Ltd, a company registered in Singapore at 6 Raffles Blvd, #03-308 Marina Square, Singapore 039594.

What are ‘cookies and similar technologies’? Cookies are small text files that are placed on your device (which could be your computer, tablet, or smartphone) at the request of the websites or apps that you use. They can be first party or third party cookies, and essential or non-essential cookies. We describe what these terms mean and how we use the different types of cookies below.

Similar technologies, such as ‘tags’, ‘tracking pixels’, ‘web beacons’, ‘clear gifs’, and ‘social plug-ins’, are often used in conjunction with cookies to help website owners gain a better understanding of users.

First Party Cookies. These are cookies that are set by the website you visit - in our case, the Airalo website. These provide information to us, to help us provide you with a consistent and relevant experience. They also record information about experiments or new improvements that we may test, to track how you use them and whether they are effective.

Third-party cookies. These are cookies set by someone other than the owner of the website you are visiting, for example to look at how consumers use different websites. This information is wholly controlled by that relevant third party, and their privacy policy will apply. For more information about these cookies, please click the “Manage Cookies” link in the footer of the webpage.

Essential Cookies. These are required for the basic functions of our website. For that reason, you can’t opt out of these. For example, we use these to remember information such as your geographic location, or to remember the other cookies you have opted in or out of.

Non-Essential cookies can be broken down into different types of cookies:

• Functionality Cookies - are used to collect information about your device and any settings you configure on the website. For example, remembering your preferred language. We use this information to provide customized content.
• Marketing Cookies - are used to determine what promotional content is most relevant to you, based on information related to your use of our websites on your devices.

How to opt out of Cookies. You can always say no to cookies that aren’t Essential Cookies. You can check what cookies we are using and update your preferences via the “Manage Cookies” link in the footer of the webpage.

It is also possible to instruct your browser to refuse cookies from our website. Most browsers allow you to refuse cookies altogether, or notify you when a website is trying to apply or update a cookie. If you use multiple devices, you may need to update your browser on all devices. Further information can be found in the Help function of your browser.

What are web beacons and how are they used by Airalo? Webpages and HTML emails may contain a small snippet of code called a web beacon. Web beacons allow a website to transfer or collect information through a graphic image request. Airalo may use web beacons - similarly to cookies - for many purposes, including site usage analytics, advertising auditing and reporting, and content and advertising personalisation.

Can you manage web beacons? Each browser provides users with functionality in their respective technical settings that can be used to prevent the automated download of images, pixels, beacons or other tracking technologies. If you wish to prevent your browser from communicating directly with the sender of an e-mail, you can set your browser to do so.