Privacy Policy

Last updated: January 8, 2026

dracotel is built on a simple principle: we collect only what we absolutely need. No tracking. No profiling. No selling your data. Ever.

1. Our Privacy Philosophy

We believe privacy is a fundamental right, not a feature. dracotel is designed from the ground up to minimize data collection. We don't require personal information to use our service, and we don't track your online activity.

2. Information We Collect

2.1 Information You Provide (Optional)

  • Email address — Only if you choose to provide one for balance alerts or account URL recovery. This is entirely optional.

2.2 Information Generated by the Service

  • eSIM identifiers — Technical identifiers (ICCID) required to provision and manage your eSIM.
  • Account balance and transactions — Records of top-ups and data usage charges to maintain your account.
  • Data usage metrics — Aggregated data consumption (in MB/GB) to bill your account. We do not log which websites you visit or what you do online.

2.3 Payment Information

  • Bitcoin/Lightning payments — We receive only the payment confirmation. We do not store wallet addresses or transaction IDs beyond what's needed for accounting.
  • Card payments — Processed entirely by Stripe. We never see or store your card number. Stripe may retain payment information per their privacy policy.

2.4 What We Do NOT Collect

  • Your name or physical address
  • Phone numbers
  • Government IDs or identity documents
  • Browsing history or online activity
  • Location data beyond what network operators require for connectivity
  • Device fingerprints or tracking identifiers

3. How We Use Your Information

We use the limited information we collect solely to:

  • Provision and activate your eSIM
  • Process payments and maintain your balance
  • Send low-balance alerts (if you provided an email)
  • Help you recover your account URL (if you provided an email)
  • Comply with legal obligations

We do not use your information for marketing, advertising, profiling, or any purpose beyond providing the service you paid for.

4. Information Sharing

We share information only when necessary:

  • Network operators — Technical identifiers required for connectivity. Network operators have their own privacy policies.
  • Payment processors — Stripe (for card payments) or Lightning Network nodes (for Bitcoin payments) to process transactions.
  • Legal requirements — When required by law, court order, or government request. We will notify you if legally permitted.

We do not sell, rent, or trade your information to third parties. We do not share data with advertisers or data brokers.

5. Data Retention

  • Account data — Retained while your account is active and for 90 days after account deletion.
  • Transaction history — Retained for 7 years to comply with financial regulations.
  • Email addresses — Deleted upon request or when your account is closed.

6. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption in transit (TLS) and at rest
  • Secure, access-controlled infrastructure
  • Regular security audits
  • Minimal data collection reduces attack surface

7. Your Rights

You have the right to:

  • Access — View all information we hold about your account through your unique account URL.
  • Correction — Update your email address at any time.
  • Deletion — Request deletion of your email and account data (subject to legal retention requirements).
  • Portability — Export your transaction history from your account page.

8. Cookies and Analytics

We do not use cookies. No tracking cookies, no session cookies, no cookies of any kind.

8.1 Privacy-Focused Analytics

We use Plausible Analytics, a privacy-focused analytics service, to understand how our website is used. Plausible:

  • Does not use cookies
  • Does not collect personal data or personally identifiable information
  • Does not track users across websites or devices
  • Collects only aggregate, anonymized data (page views, referrer, country, device type)
  • Is fully GDPR, CCPA, and PECR compliant

You can opt out of analytics by setting localStorage.plausible_ignore to "true" in your browser's developer console.

9. International Data

Your data may be processed in countries where our infrastructure or partners operate. We ensure appropriate safeguards are in place regardless of where data is processed.

10. Children's Privacy

Our service is not directed at children under 18. We do not knowingly collect information from minors. If you believe a child has used our service, please contact us.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced on our website. The "Last updated" date at the top indicates when this policy was last revised.

12. Contact Us

dracotel is a trading name of POLK Automation LLC. For privacy-related questions or requests, contact us at privacy@dracotel.com.

← Back to homeTerms of Service →