Last updated: 15 June 2026

This Privacy & Cookie Policy explains what personal information blocfone® (“blocfone®”, “we”, “us” or “our”) collects when you use our website and eSIM data services (the “Service”), why we collect it, how we use cookies, and the choices you have. It should be read together with our Terms of Service.

When we refer to blocfone®, we mean blocfone LLC, a company headquartered in Atlanta, Georgia 30305, United States. blocfone® is the data controller responsible for the personal information described in this Policy.

Our approach to privacy

We value privacy and we have designed the Service around a simple principle: we only ask for, and only keep, the information we need to deliver the Service to you. We do not make any special claim to provide more privacy than you would reasonably expect from a responsible provider — instead, we aim to handle the limited information we hold carefully, to comply with the laws that apply to us, and to be transparent about what we do.

In short:

  • We collect the minimum information needed to sell, deliver, and support your eSIM.
  • We do not sell your personal information, and we do not share it for third-party advertising.
  • We will never share personally identifiable information (“PII”) except as described in this Policy — most narrowly, with the service providers needed to operate the Service, and in response to valid legal or regulatory demands as set out below.
  • We adhere to the laws of the jurisdictions that apply to us and to you.

Information we collect

We collect information in three ways: information you provide, information generated when you use the Service, and information from the providers that help us deliver it.

Information you provide to us. Depending on how you use the Service, this may include:

  • Your Telegram account identifiers — such as your Telegram user ID, username, and the basic profile details Telegram shares with our bot when you interact with it. We use these to operate the bot, deliver your eSIM to your chat, and provide support. In the Beta release, Telegram is how we identify and reach you, so we generally do not need a separate account.
  • An email address or other contact method, if you choose to provide one (for example, for a receipt or a backup copy of your activation details).
  • The content of messages you send us, such as support questions and anything you choose to include in them.

Information generated by your use of the Service. To provision and support your eSIM, we process:

  • Technical identifiers for the eSIM itself, such as the ICCID, activation status, assigned plan, and the volume of data remaining or consumed (we use this to deliver the service and to help you with support requests).
  • Basic technical and log information, such as IP address, device and browser type, and timestamps, which our systems generate automatically. We use this to operate the Service, keep it secure, and detect and prevent fraud and abuse. We keep this information for no longer than we need it for those purposes.

Information from payment and connectivity providers. Payments and network connectivity are handled by third parties:

  • Cryptocurrency payments (USDC) pass through our on-chain escrow smart contract and are recorded on a public blockchain. We receive the wallet address you pay from, the transaction details, and the contract’s record of the payment and its release or refund. Blockchain data is public, permanent, and outside our control, and a wallet address can in some cases be linked to an individual.
  • Connectivity is provided through mobile network partners. Network usage is processed by those carriers under their own terms in order to deliver the data service.

Delivery through Telegram. Because the Beta release runs on Telegram, your interactions with the bot and the delivery of your eSIM pass through Telegram’s platform, which processes them under Telegram’s own privacy policy. We receive only the account identifiers and messages described above; we do not receive your Telegram phone number unless you choose to share it.

Identity verification. We do not require identity documents to deliver the Service in the ordinary course. Where the law of a relevant jurisdiction requires us to verify identity or perform other regulatory checks for a particular product or location, we will collect only the information that obligation requires, and we will tell you when that applies.

We do not seek to collect special categories of data (such as data about health, race, religion, or political opinions). Please do not send us this kind of information unless it is necessary, for example to handle an accessibility request.

Why we use your information

We use the information above only to:

  • provide the Service — sell, provision, deliver, and support your eSIM, and process payments and refunds;
  • keep the Service secure — detect and prevent fraud, misuse, and security incidents;
  • comply with the law — meet tax, accounting, regulatory, and other legal obligations that apply to us; and
  • send optional communications that you have asked to receive, which you can opt out of at any time.

We do not build advertising or behavioural profiles, we do not use your information for targeted advertising, and we do not make legally significant decisions about you by automated means.

If you are in the EEA or UK, the legal bases we rely on for these purposes are, in order: performance of our contract with you; our legitimate interest in keeping the Service secure and preventing fraud; compliance with a legal obligation; and your consent (which you can withdraw at any time). See EEA, UK, and other regions below for more.

How we share information

We do not sell your personal information, and we do not share it for cross-context behavioural advertising (a category that several US state privacy laws define and restrict). We share information only in these limited situations:

  • Service providers and partners that we need in order to deliver the Service — for example, hosting providers and mobile network/connectivity partners. They may only process your information to provide their service to us, under contractual obligations of confidentiality and security.
  • The Telegram platform, through which the Service is delivered to you. Your use of Telegram is also governed by Telegram’s own terms and privacy policy, over which we have no control.
  • Public blockchains. Crypto payment and escrow transactions are recorded on a public blockchain by design. This information — including wallet addresses and amounts — is visible to anyone and cannot be deleted or controlled by us.
  • Legal and regulatory demands. We will disclose personal information to a government, law-enforcement, or regulatory body only where we receive a valid, legally binding demand from an authority with proper jurisdiction, and where the demand is relevant and applies to us. We assess each request on its own terms, disclose only the information the request actually requires, and decline or challenge requests that are invalid, overbroad, or that do not apply to us. We adhere to the laws of the relevant jurisdictions in doing so.
  • Corporate transactions. If blocfone® is involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction; any recipient will remain bound by this Policy or a policy at least as protective.

International transfers

blocfone® is based in the United States, and we process personal information there. If you use the Service from outside the United States, your information will be transferred to and processed in the US, and may also be processed by our providers in other countries. US privacy laws may differ from those where you live. Where we transfer personal information across borders, we take steps to protect it in line with applicable law, including appropriate contractual safeguards where required (such as the EU/UK Standard Contractual Clauses for transfers out of the EEA or UK).

How long we keep information

We keep personal information only for as long as we need it to deliver and support the Service, and for any period we are legally required to retain it. For example, we keep records relating to your orders and payments for as long as we need them to support you and to meet our tax and accounting obligations — generally up to seven years in the United States — and we keep basic technical logs for only a short period, for security and fraud-prevention purposes. When we no longer have a reason to keep information, we delete it or anonymise it so that it no longer identifies you.

How we protect information

We use reasonable technical and organisational measures designed to protect personal information against loss, misuse, and unauthorised access, and we limit access to those who need it to do their work. As part of this, we pseudonymise the Telegram identifiers we store — we keep a one-way cryptographic hash rather than your raw account ID — and we encrypt sensitive delivery information, such as your eSIM activation details, at rest. No method of transmission or storage is completely secure, so while we work to protect your information we cannot guarantee absolute security.

Your rights

Depending on where you live, you may have some or all of the following rights over your personal information:

  • to know and access the information we hold about you;
  • to have inaccurate information corrected;
  • to have your information deleted, where there is no overriding legal reason for us to keep it;
  • to receive your information in a portable format;
  • to opt out of the sale of personal information or its use for targeted advertising — note that blocfone® does neither; and
  • (EEA/UK) to restrict or object to certain processing, and to withdraw consent where we rely on it.

Several US states — including California, Virginia, Colorado, and Connecticut — grant residents rights along these lines, and we extend them regardless of your state of residence. We will not discriminate against you for exercising a privacy right.

To exercise a right, contact us at hello@blocfone.io. We will verify your request and respond within the time required by applicable law. If you are in the EEA or UK and are unhappy with our response, you may also lodge a complaint with your local data protection authority.

EEA, UK, and other regions

Because we offer the Service to customers around the world, more than one data protection law may apply to how we handle your information. We aim to meet the requirements of whichever applies to you.

EEA and UK (GDPR / UK GDPR). blocfone® acts as the data controller for your personal information. We process it on the legal bases described under Why we use your information; we transfer it to the US and other countries only with appropriate safeguards such as the EU/UK Standard Contractual Clauses (see International transfers); and we keep it only as long as needed (see How long we keep information). In addition to the rights listed under Your rights, you may object to processing based on our legitimate interests, object at any time to any use of your data for direct marketing, and ask not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects (we do not make such decisions). You may also lodge a complaint with your local supervisory authority — EEA authorities are listed by the European Data Protection Board, and in the UK by the Information Commissioner’s Office (ICO).

  • Privacy contact (including EEA/UK enquiries): hello@blocfone.io. If you are in the EEA or UK, you can use this address to contact us about your personal information, to exercise your rights, or to reach us about any data protection matter.

Other regions. Where other data protection laws apply to you — for example Brazil’s LGPD, Canada’s PIPEDA, or Australia’s Privacy Act — we handle your information in line with those laws and honour the rights they give you. Contact us at hello@blocfone.io to exercise them.

Children

The Service is not directed to children, and we do not knowingly collect personal information from anyone under the age of 13 (consistent with the US Children’s Online Privacy Protection Act). Where local law sets a higher minimum age for consent — in parts of the EEA, the age of digital consent is up to 16 — we apply that higher age. If you believe a child has provided us with personal information, please contact us so we can delete it.

Cookies and similar technologies

In the Beta release, the browse-and-purchase flow runs inside Telegram through our bot and mini app rather than a traditional website. The Telegram mini app runs in a webview and may use on-device storage (such as local storage) to function; your use of Telegram is governed by Telegram’s own policies, which we do not control. This section covers the cookies and similar technologies used on the blocfone® website.

What cookies are. Cookies are small text files placed on your device when you visit a website. “Similar technologies” include things like local storage and pixels that perform comparable functions. They let a site work properly, remember your choices, and understand, in aggregate, how the site is used.

How we use them. We keep our use of cookies to a strict minimum. The blocfone® website is primarily an informational site, and we do not currently use any analytics or advertising cookies on it. We do not build advertising profiles, and we do not sell or share information collected through cookies for cross-context behavioural advertising. Any cookie that is set is strictly necessary — used only to keep the site secure and working (for example, by our hosting or security provider); these are required for the site to function and cannot be switched off through consent controls.

If we add website analytics in the future, we will use a privacy-respecting, cookieless analytics tool that measures usage only in aggregate, does not identify you, and is never used for advertising — and we will update this Policy before doing so.

Your choices and consent. Because we currently set no preference, analytics, or advertising cookies, there is no non-essential cookie consent to manage on the blocfone® website today. If we introduce any non-essential cookies or similar technologies in the future:

  • EEA, UK, and other regions that require it. We will ask for your consent before setting them, through a cookie banner you can accept or reject and change at any time. Strictly necessary cookies do not require consent.
  • United States. Where required, we will honour browser-based opt-out signals such as Global Privacy Control (GPC) for the categories US state laws cover. As noted elsewhere in this Policy, we do not sell your information or use it for targeted advertising in any case.
  • Browser controls. You can also block or delete cookies through your browser settings at any time; blocking strictly necessary cookies may stop parts of the website from working.

Third-party cookies. Any cookies on the site would be limited to those set by the providers that help us run it securely (such as our hosting or security provider), under their own policies. We do not permit third parties to use cookies on our site for their own advertising.

Changes to this Policy

We may update this Policy from time to time. When we do, we will change the “Last updated” date above and, where the change is significant, take reasonable steps to bring it to your attention. The version in effect at the time you use the Service applies to that use.

Contact us

If you have any questions about this Policy or how we handle your information, contact us at hello@blocfone.io, or write to us at Atlanta, GA 30305.