Keepgo Privacy Policy
Last updated: July 2, 2026
1. Who We Are
Keepgo ("we", "us", "our") is a global eSIM and mobile data connectivity provider.
For the purposes of the EU General Data Protection Regulation (GDPR) and UK GDPR, Keepgo is the data controller of the personal data described in this policy.
If you have questions about how we handle your personal data, you can contact us at the address above.
2. Scope of This Policy
This Privacy Policy applies to all personal data we process in connection with:
- Our website at keepgo.com and related subdomains
- Our mobile applications for iOS and Android (Keepgo app, App Store ID 6759191807, Google Play ID com.keepgo.myesim)
- Our web console at myaccount.keepgo.com
- Our affiliate program and partner integrations
- Any other services or products we offer
It applies to you whether you are a customer, prospective customer, affiliate partner, or website visitor.
3. Data We Collect and Why
3.1 Account and Registration Data
What: Full name, email address, password (hashed), preferred language, account creation date.
Why: To create and manage your account, authenticate you, and provide our services.
3.2 Purchase and Transaction Data
What: Order history, purchased eSIM bundles, payment method type (card type, last four digits, full card data is processed by our payment provider Stripe and never stored on our servers), billing currency, transaction amounts, refund history.
Why: To process your purchases, issue receipts, handle refunds, and maintain financial records.
3.3 eSIM and Connectivity Data
What: eSIM profile identifiers (ICCID, EID), eSIM activation status, data usage records, auto-refill settings, Bill Protection settings, device compatibility information.
Why: To provision, activate, and manage your eSIM; to enable auto-refill and other plan management features; to display your usage in the app.
3.4 Device and Technical Data
What: IP address, device type and model, operating system and version, browser type and version, app version, screen resolution, time zone, language settings.
Why: To operate our services correctly across different devices and platforms, to diagnose technical issues, and for security purposes.
3.5 Mobile App Data
When you use our mobile application, we additionally collect:
What:
- Device platform (iOS or Android)
- App version and build number
- Crash reports and error logs (via Firebase Crashlytics), including the state of the app at the time of a crash, device model, OS version, and non-personally identifiable diagnostic information
- App usage events and screen navigation (via Firebase Analytics): anonymized event logs such as screen views, button taps, and feature interactions
- Anonymous Device Attribution ID: a randomly generated UUID (universally unique identifier) stored locally on your device and transmitted to our servers solely for the purpose of affiliate attribution (see Section 3.7 below)
Why: To maintain app stability, diagnose crashes, understand how users interact with the app, and improve the product. The Device Attribution ID is used solely to attribute your install to the correct affiliate partner.
3.6 Communications Data
What: Messages you send us via support email, chat, or feedback forms; survey responses; your email address for transactional and marketing communications.
Why: To respond to your inquiries, provide customer support, and, where you have opted in, to send you product updates, promotions, and newsletters.
Legal basis:
- Support communications: Legitimate interests (Article 6(1)(f) GDPR)
- Marketing emails: Consent (Article 6(1)(a) GDPR). You may withdraw consent at any time by clicking "Unsubscribe" in any email or contacting us.
3.7 Affiliate Attribution Data
We operate an affiliate program through which partners earn commission when they refer new customers to Keepgo. To correctly attribute referrals, we collect the following data specifically for this purpose:
Web referrals
When you visit keepgo.com via an affiliate link (e.g., keepgo.com/ref/PARTNERCODE), our website reads the affiliate code from the URL. No additional personal data is collected beyond what is described in Section 3.4 (standard web server logs).
Mobile app referrals: Android (Play Install Referrer)
When you install our Android app after clicking an affiliate link, Google Play passes an install referrer string to the app on first launch. This string contains the affiliate code used in the original link. We read this string once on first launch and transmit it to our servers to record the attribution. The referrer string itself is not personal data; it is a partner code. We do not receive any additional data from Google Play beyond this string.
Mobile app referrals: iOS (Server-Side Fingerprinting)
Apple does not provide a deterministic install referrer mechanism like Android's. To attribute iOS app installs to the correct affiliate partner, we use a probabilistic fingerprinting approach:
When you click an affiliate link on iOS, our web server temporarily records your IP address, User-Agent string (device/browser identifier), Accept-Language header, and the affiliate code associated with the link. This record is retained for up to 24 hours and then permanently deleted from our systems.
When you first open our iOS app, the app sends a request to our servers. We compare the IP address and User-Agent of this request against our temporary fingerprint records to determine whether a match exists. If a match is found, we record the affiliate attribution against an anonymous Device Attribution ID (a UUID generated on your device) and immediately delete the temporary fingerprint record containing your IP address.
The Device Attribution ID (UUID only, no IP or other personal data) is stored on our servers for up to 90 days from the date of app install. If you register an account within this period, your account is attributed to the affiliate partner. After 90 days, the Device Attribution ID record is permanently deleted.
Your right to object: You have the right to object to this processing. See Section 7 for how to exercise your rights.
3.8 Cookies and Similar Technologies
We use cookies and similar tracking technologies on our website and web console. Cookies are small text files stored on your device.
Types of cookies we use:
| Cookie type | Purpose | Examples |
|---|---|---|
| Strictly necessary | Core site functionality (session management, shopping cart, authentication) | Session cookie, CSRF token |
| Affiliate attribution | Storing the affiliate/partner code associated with your visit for commission tracking (60-day lifetime) | promocode cookie |
| Analytics | Understanding how visitors use our site (aggregated, anonymised) | Google Analytics, Firebase |
| Marketing | Personalised advertising and remarketing | Google Ads, Meta (where applicable) |
You can control cookies through your browser settings. Disabling strictly necessary cookies may prevent some services from functioning. For more information about managing cookies, visit www.aboutcookies.org.
4. Third-Party Services and Data Processors
We share your data with trusted third parties who process it on our behalf, subject to data processing agreements. These parties may only process your data for the purposes we specify.
| Service | Purpose | Data shared | Location |
|---|---|---|---|
| Stripe | Payment processing | Payment card data, transaction amounts | USA (EU SCCs in place) |
| Google Firebase | App analytics (Firebase Analytics), crash reporting (Firebase Crashlytics), authentication | Anonymised usage events, crash logs, authentication tokens | USA (EU SCCs in place) |
| Google Tag Manager | Tag and analytics management on website | Website usage data | USA (EU SCCs in place) |
| GoAffPro | Affiliate programme management and commission tracking | Affiliate code, transaction amounts, transaction ID | USA (EU SCCs in place) |
| Microsoft Clarity (where enabled) | Session recording and heatmaps for product improvement | Anonymised interaction data | USA (EU SCCs in place) |
| Reamaze | Customer support chat | Support messages, email address | USA (EU SCCs in place) |
| Shopify | E-commerce platform for keepgo.com store | Order data, account data | USA (EU SCCs in place) |
GoAffPro specifically: When you make a purchase that was referred by an affiliate partner, we share with GoAffPro: the affiliate partner's identifier, the transaction amount, the transaction ID, and the currency. We do not share your name, email address, or any other personal information with GoAffPro or with the affiliate partner.
We do not sell your personal data to third parties.
5. International Data Transfers
We are a global company and some of our service providers are based outside the European Economic Area (EEA) and the United Kingdom. Where we transfer personal data to countries that do not have an equivalent level of data protection to the EEA or UK, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- UK International Data Transfer Agreements (IDTAs) where applicable
You may request a copy of the relevant safeguards by contacting us at support@keepgo.com.
6. Data Retention
We retain your personal data only as long as necessary for the purposes described in this policy or as required by law.
| Data category | Retention period |
|---|---|
| Account data | Duration of account + 3 years after deletion (for legal/dispute purposes) |
| Transaction and payment records | 7 years (legal obligation for financial records) |
| eSIM and usage data | Duration of account |
| Support communications | 3 years from last contact |
| Analytics and crash data | 14 months (Firebase default) |
| Affiliate attribution: IP fingerprint (iOS) | Maximum 24 hours, deleted immediately on match |
| Affiliate attribution: Device ID (iOS) | Maximum 90 days from app install |
| Affiliate attribution: promocode/ref_code | 60 days from the attribution date |
| Marketing consent records | Until consent is withdrawn + 3 years |
When data is no longer required, we securely delete or anonymize it.
7. Your Rights Under GDPR
If you are located in the European Economic Area, the United Kingdom, or another jurisdiction with equivalent data protection laws, you have the following rights:
- Right of access. You may request a copy of the personal data we hold about you.
- Right to rectification. You may request that we correct inaccurate or incomplete personal data.
- Right to erasure ("right to be forgotten"). You may request that we delete your personal data, subject to certain conditions (e.g. where we are required to retain data by law).
- Right to restrict processing. You may request that we restrict how we process your data in certain circumstances.
- Right to data portability. You may request that we provide your personal data in a structured, commonly used, machine-readable format, or transmit it to another controller.
- Right to object. You may object to processing based on legitimate interests (including affiliate attribution fingerprinting) or to direct marketing. We will stop processing unless we have compelling legitimate grounds that override your interests.
- Right to withdraw consent. Where processing is based on consent (e.g. marketing emails), you may withdraw consent at any time without affecting the lawfulness of prior processing.
- Right not to be subject to automated decision-making. We do not use automated decision-making or profiling that produces legal or similarly significant effects.
To exercise any of these rights, contact us at support@keepgo.com. We will respond within 30 days. We may request verification of your identity before processing your request.
Right to lodge a complaint: If you believe we have not handled your data lawfully, you have the right to lodge a complaint with a supervisory authority. In the EU, you can contact your local data protection authority. In the UK, this is the Information Commissioner's Office (ICO): ico.org.uk.
8. Children's Privacy
Our services are not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected data from a child under 16, please contact us at support@keepgo.com, and we will delete it promptly.
9. Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, or alteration. These include:
- Encryption of data in transit (TLS/SSL) and at rest
- Access controls limiting who can access personal data
- Secure storage of authentication credentials (JWT tokens in iOS Keychain and Android Keystore)
- Regular security monitoring and vulnerability management
- Data minimization: we collect only what is necessary
No system is completely secure. If you believe your account has been compromised, contact us immediately at support@keepgo.com.
In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay and no later than required by applicable law.
10. Do Not Track
Some browsers transmit "Do Not Track" signals. As there is no consistent industry standard for responding to these signals, we do not currently adjust our data collection practices in response to DNT signals. However, you can control tracking through your browser cookie settings and through the rights described in Section 7.
11. Email Communications
We send transactional emails (order confirmations, eSIM activation instructions, and account notifications) to all registered users. These are necessary for service delivery and cannot be opted out of while you hold an active account.
We send marketing emails only with your consent. You may unsubscribe at any time by clicking the "Unsubscribe" link in any marketing email or by emailing support@keepgo.com. We will process your request promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last updated" date at the top of this policy
- Notify registered users by email or in-app notification when the changes materially affect how we process your data
We encourage you to review this policy periodically. Continued use of our services after changes are posted constitutes acceptance of the updated policy.
13. Contact Us
For any questions, concerns, or requests related to this Privacy Policy or your personal data:
For data protection inquiries specifically: support@keepgo.com (subject line: "Data Protection Inquiry")