PRIVACY POLICY

Last Updated: February 04, 2026

This Privacy Policy explains how Figo Technologies B.V., based in Zaventem, at Da Vincilaan 1, postal code 1930, Belgium, VAT Number BE1030753177, Registration Number 1030.753.177 (hereinafter referred to as the “Company,” “we,” “us,” or “fiGO”), collects, uses, and protects information when you access or use our Services, mobile app, and website hellofigo.com (collectively, the “Services”).

Respecting and protecting your personal data is our priority. We are committed to keeping your data secure and processing it lawfully with complete transparency. In this policy, “personal data” refers to any information relating to an identified or identifiable natural person.

Personal data is processed in accordance with the provisions of the General Data Protection Regulation (GDPR 2016/679), any specific national and European legislation for certain sectors, the Belgian legislation on the protection of personal data and privacy in the electronic communications sector, and the decisions of the Belgian Data Protection Authority.

By creating an account, accessing our app or website, or using any of our Services, you acknowledge that you have read and agree to this Privacy Policy. If you disagree with this policy, please do not use our Services. Please read this Privacy Policy alongside our Terms of Service.

1. WHO WE ARE

Under applicable data protection laws, Figo Technologies B.V. acts as the Data Controller of your personal data, responsible for determining how and why your personal data is processed.

We are a digital telecommunications service provider and eSIM reseller. Our goal is to make staying connected simple, no matter where you go. We empower people and businesses with instant, reliable, and affordable mobile data anywhere in the world. With our app, you can create, install, and manage eSIM data plans directly from your phone without the need for physical SIM cards or any roaming surprises. Our services are available in 120+ destinations, connecting you to trusted global networks through one easy-to-use app. Whether you’re traveling, working remotely, or managing teams across borders, we give you control, transparency, and confidence in your connectivity. Through our website we introduce ourselves, present our services and products, inform you about related topics, and give you the opportunity to contact us in various ways to have your questions answered and use our services, while through our app we offer you the opportunity to purchase the services/products of your choice remotely.

2. DEFINITION OF KEY TERMS

The following terms have specific meanings under this Privacy Policy and applicable data protection law:

Personal Data: Any information relating to an identified or identifiable natural person (the “data subject”), such as identification details (name, age, residence, occupation, marital status, contact details), physical characteristics (weight, height), education (degrees, grades), work (previous employment, work behavior), financial situation (income, assets, financial behavior), interests, activities, and habits.

Sensitive Personal Data: Special categories of personal data including racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data for the purpose of uniquely identifying a person, data concerning the subject’s health, data concerning sex life or sexual orientation, criminal prosecutions and convictions, as well as membership of associations related to the above.

Processing of Personal Data: Any operation performed with or without the use of computers, on personal data or sets of personal data, such as collection and recording, organization, structuring, storage, adaptation or alteration, retrieval and searching for information, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Data Controller: The natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data.

Data Processor: The natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.

Recipient: The natural or legal person, public authority, agency, or other body to whom personal data are disclosed, whether a third party or not.

Consent of the Data Subject: Any freely given, specific, informed and unambiguous indication by which the data subject declares, with a statement or a clear affirmative action, that they agree to the processing of personal data relating to them.

Personal Data Breach: A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

3. CATEGORIES OF DATA SUBJECTS

The personal data that is processed and covered by this Privacy Policy concerns users of the website and/or the app, our customers, participants in promotional activities, social media followers, those who contact us by any means, and business users accessing our Services through their employer or organization.

4. LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

We process your personal data only when we have a valid legal basis to do so. The Company relies on the following legal bases:

• Performance of a Contract or Preparatory Actions: In order for customers to complete their orders in the app or receive answers to their questions, it is necessary that we process the personal data they provide when registering on the app and/or entering their order and/or submitting their query. Your data is required for the execution of the purchase contract and the provision of our services, the issuance of tax documents, as well as for your support in case of problems with the order or for the purpose of your overall service by the customer service department.
• Legal Obligation: When required by law, such as tax and accounting records, and for the purposes of complying with national and/or European legislation.
• Consent: The processing of your personal data for marketing purposes, sending informational/promotional messages, participation in promotional activities, or for your convenience/service and provision of privileges, as well as the activation of non-essential cookies (see Cookie Policy) is based on your consent, which you can withdraw at any time.
• Legitimate Interests: The processing of certain personal data is necessary for business administration, the improvement of the Company’s products and services (processing of statistical and non-identifiable data), detecting fraud attempts, ensuring security and integrity of services, understanding how our Services are used, and generally safeguarding the Company’s legitimate interests—always balanced against your rights and interests. 

5. WHAT PERSONAL DATA WE COLLECT

The Company has designed the website and the app so that users can visit without having to reveal their identity, unless they wish to do so. Visitors are asked to provide personal data only if they wish to order products, register with the app and/or our newsletter, participate in promotional activities, or contact us.

The specific types of data we collect depend on how you interact with us and the applicable legal requirements. We may collect your personal data through information you provide directly (e.g., when creating your account) or automatically while you use our Services (e.g., through cookies or app analytics).

5.1 Account Information

To carry out any transaction through the app and make a purchase, you first need to create a user account. When you create an account or log in, we collect:

• Email address
• Full name
• Date of registration
• Additional identification details, if you choose to log in via a third-party provider (e.g., Google, Apple), such as the username registered with the third-party provider, profile photo, email registered with the third-party provider, and any other information you have registered with the third-party provider and consent to be transferred to the Company

To secure your account during signup and login, we use authentication methods such as Google Authenticator and our device login authenticator feature. We do not store your Google account passwords; only the minimal information required to verify your identity is processed.

5.2 Order and Purchase Information

When you purchase our Services, we collect:

• Billing address
• Billing details (if you have selected the issuance of an invoice, additional details will be requested, such as company name, profession, tax identification number, and tax office)
• Telephone number
• Order documentation and order history
• Details regarding your purchase, including chosen plan type, duration, location, data capacity, subscription term, currency, and billing status
• Data usage, including network used and data consumed (GBs)
• Technical identifiers and network location data
• Approximate location based on your IP address

5.3 Payment Information

To complete purchases, you must provide valid payment information. The specific details collected depend on your chosen payment method and may include:

• Payment methods and related identifiers, such as card number segment (partial credit/debit card number)
• Card owner’s name and expiration date
• Digital payment tokens (Apple Pay/Google Pay payment tokens, or other identifiers provided by the authorized payment provider)
• Country, state, or province information (for VAT calculation)
• Purchase date, transaction details, amount, date, status, and IP address (for fraud prevention and dispute resolution)

Important Security Note: Your full credit card details (type, name on the card, number, CVV, expiry date) are not processed by the Company nor stored on its own storage media during the transaction. Card details are entered directly into the secure environment of our partner company Stripe Technology Company Limited, to which we have entrusted the routing of cards. The app also supports payment Apple Pay, Google Pay and other digital payment methods supported by Stripe. In all these cases, the Company does not receive or store the user’s full payment details, but only technical information necessary to complete the transaction (such as unique identifier, amount, date, and status of the payment) from the authorized payment provider. You may be redirected to their secure platforms to complete transactions.

We use fraud detection tools to verify payment transactions and may reject high-risk payments to protect both you and our business.

5.4 Communication Data

We use your email address to:

• Send important updates and announcements about your Services
• Respond to your requests and support inquiries
• Send marketing content, offers, and surveys (you can opt out at any time)

When you contact customer support or provide feedback, we keep the information you provided to help resolve your query, including comments, ratings, responses to customer satisfaction surveys, as well as text and/or audio and/or video messages you send us via any available means of communication with your questions, comments, suggestions, or requests.

If you contact us via our WhatsApp chatbot, we collect your contact information (WhatsApp number) and additional details necessary for our support team to assist you effectively.

We use tools to optimize our email campaigns, which may track events like opens and clicks, and identify your device’s operating system to improve communications.

If you choose to subscribe to our newsletter, we only require the email address to which you would like to receive our updates.

5.5 Device and Navigation Data

For each website and/or app user, we automatically collect:

Device Data: Data about your device, including IP address, device type, device model, operating system, browser type, brand, location, and timezone.

Browsing Data: Data about your internet browsing and use of the website and/or app. We monitor how you use the website and/or app, whether you open or forward our communications, your searches on the website and/or app, the products you click on, your interaction with the website’s and/or app’s features, your visits to partner websites/apps, technical issues related to errors and security of navigation and transactions, referral information (which website or link you used to access the website and/or app), advertising identifiers, statistical information, and other information we collect through cookies (see Cookie Policy).

In-App Events: Our app collects information about your activity to ensure the app works properly, understand how users interact with features, and identify performance issues. This includes event information, app information (version, features, preferences), and account information (active/inactive plans).

Access Logs: Like most websites, we collect access logs to operate our services securely and defend against attacks.

Service Usage: We collect information about which fiGO Services you use to improve our offerings.

Traffic Data: We may hold data about network usage and purchase history to support refund requests and service management.

Cookies: We use cookies and similar technologies to improve website functionality, analyze usage, and deliver advertising. Some cookies are essential for our website to operate; others help us improve performance. Please see our Cookie Policy for details.

5.6 Third-Party Features and Social Media

When using third-party features within the website and/or app, such as social media login mechanisms, share buttons, embedded widgets (e.g., Facebook, Google, Instagram, LinkedIn, YouTube, TikTok), we may receive information that the respective third parties transmit to us, in accordance with their own privacy policies and your account settings.

To manage our social media profiles (Facebook, Instagram, Twitter, LinkedIn, YouTube), we may collect and process personal data you voluntarily provide, such as your name, profile name, pictures, and public comments.

5.7 Promotional Activities

When you participate in promotional activities like sweepstakes, giveaways, or contests, we may request additional personal information such as your full name, email address, and subscription details. You have the right to refuse to provide such information and can cease participation at any time. Please review the specific terms and conditions of each promotional activity, as they may contain additional information about data processing.

6. PROCESSING PURPOSES

We use your personal data for the following purposes:

• Provision of Our Services: To enable us to provide you with our services in the best possible way, ensuring their quality and the secure use of the website and the app, process purchases, and ensure secure and reliable performance.
• Customer Service: To assist you with any issues related to the provision of our services, respond to requests and support inquiries.
• Marketing and Promotional Activities: For marketing, promotion, and public relations purposes, including sending updates, offers, and surveys (with your consent, which you can withdraw at any time).
• Service Improvement and Legitimate Interests: To improve our services and satisfy our legitimate interests, such as keeping statistics, conducting market research and customer/user satisfaction surveys, understanding how our Services are used, business administration, fraud prevention, and security.
• Organizational Functions: In the context of organizational and auxiliary functions necessary for the proper functioning of the Company.
• Legal Compliance: Compliance with our legal obligations, such as the issuance of documents for each transaction, tax and accounting records, and other regulatory requirements.
• Legal Protection: Legal protection of the Company, to establish or exercise our legal rights or defend against legal claims.

7. WHEN AND HOW WE SHARE YOUR PERSONAL DATA WITH OTHERS

We do not sell your personal data. We share information only as described in this policy.

As part of our activities, we contract with third-party partners who provide services on our behalf. We only share with them the personal data that is necessary for them to provide the services we request, and we require them to protect your data and not use it for other purposes.

7.1 Service Providers and Data Processors

We work with trusted third-party service providers who process data on behalf of the Company. These third parties may include:

• Accounting firms and legal firms
• Payment processing: Stripe, PayPal
• Internet and e-commerce service providers
• Web hosting providers
• Telecommunication services providers
• Data storage and security service providers
• Analytics and diagnostics: Google Analytics, Firebase Analytics
• Cloud Hosting & Infrastructure: Amazon Web Services (EU), Hostinger International Limited and other parties.
• Support platforms: WhatsApp (Meta Platforms)
• E-shop performance analysis and measurement service providers
• Customer service providers
• Marketing and advertising service providers
• Other categories of partners to whom data may need to be transferred from time to time in the context of the operation of the website and the app

These service providers are subject to specific strict conditions for the processing of personal data that they have agreed with the Company as the data controller.

7.2 Business Partners

We may share some basic data with commercial partners (distributors, resellers, app store partners). In these cases, the Company can act as a data processor or data controller depending on what the agreement with such partners specifies. In some cases, our partners may act as independent data controllers with their own privacy policies. We may also work with partners as joint controllers or engage third-party processors who follow our instructions and comply with data protection laws.

We partner with advertising platforms to display relevant ads and promotional messages based on your preferences. This may include behavioral, contextual, and generic advertising.

7.3 Business Customers (B2B)

If you use our Services through your employer or organization, we may share service usage data with that business customer to help them manage, analyze, and optimize the Services. Both fiGO and the business customer act as independent data controllers, each responsible for their own compliance with data protection laws.

7.4 Legal and Regulatory Authorities

Your personal data may be transferred to the competent authorities, and exclusively to them, when required. We may disclose personal data:

• To tax authorities, judicial authorities, police, and supervisory bodies when required by law or court order or prosecutor’s order/decree
• To establish or exercise our legal rights or defend against legal claims
• To investigate, prevent, or address illegal activities, fraud, or violations of our Terms of Service
• For the protection of the Company’s rights

7.5 Business Transfers

We may disclose personal data in connection with business transfers such as mergers, acquisitions, or asset sales. We will continue to protect confidentiality during and after such transfers.

7.6 Data Protection Requirements

In any case, the Company requires its employees and third-party partners to take all necessary technical and organizational measures, including appropriate policies and procedures, to protect and prevent the disclosure of the personal data of its customers that they process.

8. AUTOMATED DECISION-MAKING

We use automated decision-making in particular circumstances to protect the integrity and security of our services. These processes are important for our contract performance.

Service Abuse: Data consumption is monitored in our systems to ensure it is in line with your purchased data plan. Your account will be automatically blocked if the system detects technical measures like firewalls used to bypass data consumption beyond the purchased plan. This all falls under “Service Abuse.”

Failed Payments: Payment transactions are monitored automatically in our systems. Your account will be temporarily suspended if five consecutive payment attempts fail from your account. You will not be able to use our eSIM service until the payment is processed successfully.

Important: You have the right to request human intervention, to express your point of view, and to contest any automated decision that significantly affects your access to our services.

9. TRANSFER OF PERSONAL DATA OUTSIDE THE EU

In principle, your personal data that we collect and process is not transferred outside the European Union. However, your personal data may be stored, accessed, and transferred globally, including in countries where fiGO operates.

We assess all cross-border transfers and implement appropriate safeguards to ensure your data remains protected. We undertake that your personal data will not be transferred outside the EU without ensuring an adequate level of protection in accordance with applicable law, including transfers based on an adequacy decision from the European Commission, transfers subject to appropriate safeguards such as standard contractual clauses, binding corporate rules, or explicitly defined derogations for specific situations (CHAPTER V GDPR).

10. YOUR RIGHTS AND CHOICES

Subject to applicable data protection laws, you have the following rights regarding your personal data:

Right to Be Informed: You have the right to receive clear information about how we use your personal data, including why we collect it, where it is stored, for how long, and for what purpose.

Right of Access: You have the right to know and access the personal data we have collected about you.

Right to Rectification: You have the right to request that we rectify or correct your personal data if it is incorrect, inaccurate, or out of date.

Right to Erasure/Right to Be Forgotten: You have the right to request the deletion of your personal data from our computers and files, provided that this does not conflict with our legal and regulatory obligations.

Right to Withdraw Consent: You may withdraw your consent to the processing of your personal data at any time, even if the processing was carried out with your consent. If this withdrawal prevents us from performing the contract we have agreed with you, you should contact us again so that we can find a new way of working together that is beneficial to both parties.

Right to Object to Data Processing: If you believe that you have a legitimate interest, you have the right to object to the processing of your data based on legitimate interests (e.g., marketing).

Right to Data Portability: You have the right to transfer your data from our database to another, or to receive a copy of your data in a structured, machine-readable format.

Right to Restrict Processing: You have the right to request that we restrict the processing of your data (e.g., we can store it but not use or process it) when legally justified in accordance with the provisions of the General Regulation.

Right to Disable Cookies: You have the right to choose whether and which cookies you accept, with the exception of the essential cookies that are absolutely necessary for the operation of the website and app. Control cookies through your browser settings.

Right to Lodge a Complaint: You have the right to contact us directly or file a complaint with the competent Belgian independent authority, which is the Belgian Data Protection Authority.

10.1 How to Exercise Your Rights

Edit Profile: Contact our support team at support@hellofigo.com or hello@hellofigo.com to update your information.

Delete Account: To delete your account or request a copy of your data, email support@hellofigo.com or use the in-app deletion feature:

1. Open the fiGO app and log in
2. Tap the Profile icon
3. Go to Account Settings
4. Under Delete Account, click Delete and confirm

Marketing Opt-Out: Unsubscribe by (1) disabling marketing in your app profile, (2) clicking the unsubscribe link in emails, or (3) contacting support@hellofigo.com.

Please note: You must verify your account ownership before we can process certain requests. We or our service providers may be legally required to retain some of your data even after you request deletion.

11. RETENTION PERIOD AND STORAGE OF PERSONAL DATA

The Company retains and processes personal data in accordance with the following principles:

Registered-user data is retained and processed until the user requests the deletion of their account.

Data processed on the basis of the data subject’s consent is retained and processed until the relevant consent is withdrawn or the period for which consent was given expires.

Necessary personal data relating to the customer’s transactions with the Company, as well as to the notification, consent and withdrawal of consent for the processing of their data, shall remain as customer information in accordance with the law and for as long as is necessary to ensure proof of the legitimacy of the processing of their data by the Company, safeguarding the legal claims of the parties and the Company’s compliance with its legal obligations or, in the event of a claim, until the irrevocable resolution of any dispute.

Your personal data is stored securely, as appropriate, in electronic and physical files, in our email account, on the website and the app server and cloud backup, and in software that we use for organizational and communication purposes.

12. SPECIAL CATEGORY DATA

The Company does not collect or require the disclosure of sensitive personal data (special categories of personal data as defined in Article 9 of the GDPR).

13. CHILDREN’S PERSONAL DATA AND PRIVACY

fiGO does not knowingly collect or request personal data from children or anyone under the age of 18. If you are under 16, please do not send us any personal information. If we become aware that we have inadvertently collected or received personal data from a child under the age of 16, we will immediately delete that data from our records as quickly as possible. If you believe that a child under the age of 16 may have provided us with personal data, please contact us as set out in the “How to Contact Us” section of this Privacy Policy.

14. SECURITY – MEASURES WE TAKE TO PROTECT YOUR DATA

In order to protect your personal data, we take physical, technical, and organizational measures, whether it is in physical or electronic form. We update and review the security technology we use on an ongoing basis. We restrict access to your personal data to those employees who need to know that data in order to provide benefits or services to you. In addition, we train employees on the importance of confidentiality and maintaining the privacy and security of your personal data.

Among other things, we have implemented the following technical and organizational measures and procedures to protect your personal data from any loss, alteration, unlawful processing, or modification:

• Anonymization/pseudonymization, where possible
• Use of antivirus software
• Access to the Company’s electronic media only with a password
• Detection and management of security breaches
• Procedure for managing data subject requests
• Keeping backup copies
• Data minimization
• Sending emails using security protocols that guarantee, as far as possible, the prevention of data leakage
• Cooperation with payment service providers that ensure state-of-the-art 3D Secure security measures
• Fraud detection tools to verify payment transactions and reject high-risk payments
• Measures for the physical security of printed material and IT devices, such as locking cabinets with documents, fire protection system, alarm system

TLS Certificate: The website and the app have a TLS certificate. The TLS (Transport Layer Security) protocol is currently the global standard on the internet for certifying websites to internet users and for encrypting data between internet users and web servers. Encrypted TLS communication requires all information sent between a client and a server to be encrypted by the sending software and decrypted by the receiving software, thus protecting personal information during transmission. Furthermore, all information sent using the TLS protocol is protected by a mechanism that automatically verifies whether the data has been altered during transmission.

Password Security: The password you enter when registering with the app is your personal security. In order to view any of your personal information, you must first enter your username and password. For this reason, you must keep this information safe so that it does not fall into the hands of third parties. In addition, we advise you to create passwords using symbols along with alphanumeric characters.

Payment Information Security: Credit card details are not stored on the Company’s storage media during the transaction, but are entered directly into the secure environment of the partner company that handles card routing.

15. OTHER ELECTRONIC SERVICES AND THIRD-PARTY FUNCTIONS

The website and the app may provide links to other online services and websites for your convenience and information, and may include third-party features such as applications, tools, graphics, and plug-ins (e.g., Facebook, Google, Instagram, LinkedIn, YouTube, TikTok). These services, websites, and third-party features operate independently of us. The privacy practices of these third parties, including details about the information they may collect about you, are governed by the privacy policies of those parties, which we encourage you to read. The Company is not responsible for the information practices of these third parties.

16. LIMITATION OF LIABILITY

While we employ various security measures, you are responsible for exercising caution when using our Services. You will be personally liable if your use violates third-party privacy rights or applicable laws. fiGO is not liable for consequences of your unlawful, willful, or negligent activities, or circumstances beyond our reasonable control. Please refer to our Terms of Service for complete details.

17. HOW TO CONTACT US

You can contact us with any questions regarding the processing of your personal data, our use of cookies, to exercise your rights, or if you have concerns or complaints about this Privacy Policy:

Email:

• Support: support@hellofigo.com
• Data Protection Officer: hello@hellofigo.com

Mailing Address:

   Figo Technologies B.V.

   Da Vincilaan 1

   1930 Zaventem, Belgium

18. CHANGES AND UPDATES TO THIS POLICY

This Policy was last updated on February 04, 2026. We may update this Privacy Policy as our Services evolve. We reserve the right to modify and update this Policy at any time, for any reason.

If changes materially affect how we process your data, we will notify you in advance through reasonable means (e.g., app notification, website notice, or email), other than by posting the updated Policy on the website and the app. We will always indicate the date of the last update.

Unless stated otherwise, updates take effect when published. Your continued use of our Services constitutes acceptance of the updated policy. We encourage you to check this page often to stay informed about the current and applicable Privacy Policy.

*The English version of this Privacy Policy is the governing document.