Privacy Policy

Effective Date: 10/01/2025
Last Updated: 12/12/2025
Introduction & Scope

Fidelitel, Inc. and its affiliates (“Fidelitel”, “we”, “us”, “our”) respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how Fidelitel collects, uses, discloses, transfers, and protects personal data in connection with:

  1. Our Connectivity Management Platform (the “Platform”), including SIM and eSIM provisioning, global IoT connectivity services, device management, and related APIs and tools;
  2. Our websites, portals, dashboards, and online services; and
  3. Sales, support, marketing, contracting, and other business operations.

This Policy applies to:

  • Customers and prospective Customers
  • End Users of Customer devices
  • Website visitors and platform users
  • Any individual whose personal data we process as part of delivering our services

This Policy supplements — and does not replace — any Data Processing Addendum (DPA) or other agreements executed between Fidelitel and a Customer. In the event of conflict between this Policy and a Customer-specific DPA, the DPA will prevail for Customer-processed data.

Definitions

Personal Data: Information relating to an identified or identifiable natural person.

Customer: The entity that contracts with Fidelitel to use the Platform or connectivity services.

End User: Any individual using, interacting with, or associated with a device or service connected via a Customer’s account.

Processing: Any operation performed on personal data, including collection, storage, access, analysis, transfer, disclosure, and deletion.

Additional terms may be defined within specific sections of this Policy or within applicable DPAs.

Categories of Personal Data We Collect

We collect only the data necessary to deliver, secure, support, and improve our services. Depending on the interaction, Fidelitel may process:

  1. Account & Contact Information
  • Company name
  • Contact names, job titles
  • Business email addresses and phone numbers
  • Billing and shipping addresses
  • Tax or registration identifiers
  • Authorized representative information
  1. Identity & Verification Data
  • Corporate identity documents as required for onboarding, fraud prevention, or regulatory compliance
  • Information required for Know-Your-Customer (KYC) or Know-Your-Business (KYB) checks when legally required
  1. Device, SIM & Connectivity Identifiers
  • Device identifiers (IMEI, MEID)
  • SIM identifiers (IMSI, ICCID, EID)
  • Network, routing, and operator metadata
  • IP addresses assigned to devices
  • Session identifiers, firewall or routing attributes
  1. Usage, Network & Telemetry Data
  • Connectivity session logs
  • Data usage volumes, timestamps, connection events
  • Signal quality, network fallback events, error logs
  • Diagnostic telemetry, including coarse location metadata when required for routing, fraud prevention, or lawful compliance
  1. Support & Communications
  • Support tickets, emails, and chat transcripts
  • Call recordings where permitted by law and with required notices or consent
  • Internal notes necessary for issue resolution
  1. Billing & Payment Data
  • Invoicing records and transaction metadata
  • Payment card details processed only by our PCI-compliant third-party processors
  • Fidelitel retains no full card details

Special Categories of Data

Fidelitel does not process sensitive or special categories of personal data (such as biometric, medical, religious, or political information) unless explicitly agreed in writing with a Customer and only where required for Customer services.

How We Use Personal Data (Purposes of Processing)

Personal data is processed for the following purposes under applicable legal bases:

  1. Service Provision & Connectivity Delivery
  • Provisioning SIM/eSIM profiles
  • Enabling global IoT device connectivity
  • Activating/deactivating SIMs and routing traffic
  • Ensuring network reliability and performance
    Legal basis: Performance of contract; legitimate interests.
  1. Customer Account Management & Billing
  • Account setup, authentication, and user access
  • Invoicing, payment processing, dispute management
  • Financial and tax recordkeeping
    Legal basis: Performance of contract; legal obligation.
  1. Security, Abuse Detection & Fraud Prevention
  • Detecting unauthorized use or network abuse
  • Protecting the Platform and Customers
  • Incident detection, investigation, and mitigation
    Legal basis: Legitimate interests; legal obligation where applicable.
  1. Support, Troubleshooting & Service Quality
  • Diagnosing device or network issues
  • Providing operational support
  • Maintaining uptime and performance
    Legal basis: Performance of contract; legitimate interests.
  1. Legal, Regulatory & Compliance Requirements
  • Responding to lawful requests from authorities
  • Satisfying telecommunications, tax, and recordkeeping obligations
    Legal basis: Legal obligation.
  1. Product Development, Analytics & Improvement
  • Aggregating/anonymizing data to evaluate performance, capacity, and reliability
  • Enhancing the Platform and developing new features
    Legal basis: Legitimate interests; consent where required.
  1. Marketing & Communications
  • Sending product updates, newsletters, event invitations

Conducted only where permitted by law
Users may opt out at any time.
Legal basis: Consent; legitimate interests where allowed.

Legal Basis & International Transfers

For individuals located in the EEA, UK, Switzerland, or other regulated jurisdictions, Fidelitel relies on the following legal bases:

  • Performance of contract (to deliver the service)
  • Legitimate interests (balanced against data subject rights)
  • Legal obligations (statutory requirements, regulatory filings)
  • Consent (for marketing or optional analytics where required)

International Transfers

When personal data is transferred outside the EEA/UK, Fidelitel uses appropriate safeguards such as:

  • EU Standard Contractual Clauses (SCCs)
  • UK Transfer Addendum
  • Binding Corporate Rules (if adopted)
  • Lawful transfer mechanisms permitted under local regulations

Customers may request details of transfer safeguards at any time.

Sharing, Disclosure & Sub-Processors

We disclose personal data only when necessary to operate our services or when required by law. Recipients may include:

  • Mobile network operators (MNOs/MVNOs), roaming partners, and carrier aggregators
  • Cloud hosting, data storage, and infrastructure providers
  • Payment processors and billing partners
  • Technical support, managed service, and professional vendors
  • Auditors, legal counsel, and compliance advisors
  • Regulators, law enforcement, or courts when legally required

Sub-Processor Management

  • Fidelitel engages subprocessors under written agreements with equivalent data protection obligations.
  • When Fidelitel acts as a processor for a Customer, all processing follows the Customer’s documented instructions.
  • A current sub-processor list is available upon request.
Data Retention

We retain personal data only as long as necessary for the purposes described in this Policy or as required by law. Typical periods:

  • Account & contract records: duration of relationship + up to seven (7) years
  • Connectivity logs & network records: two (2) years by default, or as contractually agreed
  • Support interactions: as necessary for audit and service history
  • Legal, regulatory, and tax obligations: retention required by applicable law

Retention periods may vary by jurisdiction or Customer-specific contractual requirements.

Data Subject Rights

Depending on applicable law, individuals may have rights to:

  • Access their personal data
  • Correct inaccurate or incomplete data
  • Restrict or object to processing
  • Request deletion (erasure)
  • Obtain a copy or request portability of data
  • Withdraw consent for processing (where applicable)

End Users

For End Users of Customer devices, requests should first be directed to the Customer (the data controller). Fidelitel will support the Customer in fulfilling such requests consistent with contractual and legal requirements.

Requests can be submitted to: compliance@fidelitel.com

Security Measures

Fidelitel employs administrative, organizational, and technical safeguards designed to protect personal data, including:

  • TLS encryption for data in transit
  • Encryption at rest where appropriate
  • Role-based access controls and least-privilege access
  • Multi-factor authentication (MFA) for administrative accounts
  • Logging, monitoring, and anomaly detection
  • Regular vulnerability scanning and penetration testing
  • Documented incident response and breach notification procedures

Information on our security program is available to Customers under NDA or per the DPA.

Cookies & Tracking Technologies

Our websites use cookies and similar technologies to:

  • Provide essential site functionality
  • Support analytics and performance measurements
  • Enable personalized experiences or marketing (with consent where required)

Users can manage preferences through our cookie banner or browser settings.
More details are available in our separate Cookie Policy.

Children & Sensitive Data
  • Our Platform and services are not intended for individuals under 16.
  • We do not knowingly collect personal data from children.
  • We do not process sensitive or special category data unless expressly agreed in writing and required for a Customer’s lawful use case.
Changes to This Policy

We may update this Privacy Policy to reflect changes in technology, regulation, or our operations. When updates are material, Fidelitel will:

  • Provide notice via the Platform or website, and
  • Update the “Last Updated” date at the top of this document.
Contact & Complaints

For questions, concerns, or data subject requests, contact:

19125 N Creek Pkwy #120, Bothell, WA 98011, USA
Compliance: compliance@fidelitel.com | General: info@fidelitel.com | Phone: (425) 365-4200

Individuals in the EEA/UK may lodge complaints with their local supervisory authority if they believe their data protection rights have been violated.