Privacy Policy
1. Who we are
Fuse Mobile is a UK multi-network data-only eSIM service operated by SIMOLOGY LIMITED, a company registered in England & Wales (company no. 15943349), trading as Fuse Mobile.
"We", "us", "our" and "Fuse Mobile" in this policy mean SIMOLOGY LIMITED. "You" and "your" mean the person whose personal data we hold.
We are the data controller for the personal data described in this
policy. Our Data Protection Officer can be reached at
privacy@fusemobile.co.uk.
2. What this policy covers
This policy describes the personal data we collect when you:
- Visit
fusemobile.co.uk(the public website) - Sign up for a Fuse plan
- Install and use the Fuse eSIM
- Use the Fuse mobile app
- Contact our support team
It applies to all customers and visitors in the UK. We do not knowingly collect personal data from children under 18.
What this policy does NOT cover: Fuse Mobile is a data-only eSIM. We do not issue phone numbers and we do not carry voice calls or SMS. Because of that, this policy does not describe data categories that telecom providers normally collect — call records, SMS content, voicemail, numbers dialled, call duration, etc. Those data categories don't exist within Fuse's systems because the service doesn't produce them.
3. The personal data we collect
| Category | Examples | Source |
|---|---|---|
| Account data | Name, email, password (hashed) | You provide it at sign-up |
| Billing data | Card details (held by Adyen, our payment processor — we receive only a token), billing address, invoice history | You provide it; Adyen processes the card itself |
| Device data | Device model, OS version, EID (eSIM identifier), IMEI, push-notification token | Read from your device by the Fuse app, with your consent |
| Usage data | Data volume per billing period, network in use (EE / Three / Vodafone / O2), session timestamps, signal-strength snapshots | Generated by your phone + the network you're connected to |
| Support data | Emails, chat transcripts, call recordings of any voice support calls you make to us | You provide it |
| Marketing data | Email preferences, marketing-consent flags | You set these in your account |
| Website data | IP address, browser, pages viewed, referrer | Captured by analytics (see section 9 + the Cookie Policy) |
We do not collect:
- Phone numbers (Fuse doesn't issue one)
- Call records, SMS content, MMS content (we don't carry voice/SMS)
- Voicemail recordings
- Location data more precise than "which UK cell the eSIM is registered to" (we never receive GPS)
- Special-category data (race, religion, health, biometrics, sexual orientation)
4. Why we use your data and our lawful basis
We process personal data on these UK GDPR lawful bases (Article 6):
| Purpose | Lawful basis (UK GDPR Art. 6) |
|---|---|
| Provisioning + delivering your eSIM service | 6(1)(b) — performance of a contract with you |
| Processing payments + sending invoices | 6(1)(b) — performance of contract; 6(1)(c) — legal obligation (tax records) |
| Account security + fraud prevention | 6(1)(f) — legitimate interests (protecting customers + the service) |
| Sending service notifications (usage alerts, billing, outage info) | 6(1)(b) — performance of contract |
| Marketing emails about Fuse plans + features | 6(1)(a) — consent (you can withdraw at any time) |
| Responding to support queries | 6(1)(b) + 6(1)(f) |
| Improving the product (anonymised analytics) | 6(1)(f) — legitimate interests |
| Complying with legal + regulatory requirements | 6(1)(c) — legal obligation |
You can withdraw consent for marketing at any time via Account →
Preferences in the Fuse app, the unsubscribe link in any marketing
email, or by emailing privacy@fusemobile.co.uk.
5. How long we keep your data
| Data category | Retention |
|---|---|
| Account data (active customer) | While your account is active + 7 years after closure (HMRC requires retention of transactional records) |
| Billing data | 7 years (UK statutory retention for financial records) |
| Device data (current eSIM profile) | Lifetime of the eSIM profile; deleted when you cancel and we revoke the profile |
| Usage data (data-volume + network-in-use telemetry) | 12 months rolling — required by Ofcom General Conditions for service-quality investigations |
| Support emails / tickets | 3 years after the ticket is closed |
| Marketing data | Until you withdraw consent; then deleted within 30 days |
| Website analytics (anonymised after 14 months) | 26 months (GA4 default) |
After these periods we either anonymise or securely delete the data.
6. Who we share your data with
We do not sell your personal data to anyone. We share it only with the following categories of processor or recipient, and only as needed:
| Recipient | What they receive | Why | Where they process |
|---|---|---|---|
| Telnyx Inc. | EID, IMEI, eSIM profile metadata, usage volumes | Operates the multi-network eSIM platform Fuse runs on | USA (Standard Contractual Clauses) |
| Adyen N.V. | Card details (directly), tokenised reference to us | Processes payments — Fuse never sees the raw card | The Netherlands (UK adequacy decision) |
| AWS (Amazon Web Services) | All Fuse systems data | Hosts Fuse's infrastructure (region eu-west-2, London) | UK |
| AWS Cognito | Email, password hash | Authenticates customer logins | UK |
| Google (GA4) | Anonymised page-view + interaction events | Website analytics; we set IP-anonymisation | USA (SCCs + adequacy decision) |
| CookieChimp | Consent records only | Consent-management platform — records your cookie choices | EU |
| Amazon SES | Email address + email content | Sends transactional + marketing email | USA (SCCs + adequacy decision) |
| Our auditors / professional advisers | As required for audit or legal advice | Statutory and operational | UK |
| Law enforcement + regulators | Specific data, only on lawful request | Compliance with court orders, RIPA notices, etc. | UK |
In the unlikely event of a business sale or merger, your data may transfer to the acquiring entity under the same protections.
7. International data transfers
Some of our processors (notably Telnyx, Adyen, Google, AWS SES) sit outside the UK. Where data leaves the UK we rely on one of:
- The UK government's adequacy decision for the relevant country (currently includes the EEA, Switzerland, Japan, Canada, and others)
- The UK's International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses
These provide UK-GDPR-equivalent protection for your data wherever it's processed.
8. How we keep your data secure
- Encryption in transit — all connections use TLS 1.2+
- Encryption at rest — databases + backups are AES-256 encrypted
- Authentication — AWS Cognito with optional biometric login
- Access control — least-privilege; only staff who need data access have it; access is logged and reviewed
- PCI-DSS — card details handled exclusively by Adyen (PCI-DSS Level 1 certified); Fuse systems never store raw card data
We follow ICO guidance on security of processing (UK GDPR Article 32). No system is perfectly secure; if a breach affecting your data ever happens we will notify the ICO within 72 hours where required and notify you without undue delay where the breach is likely to result in high risk to your rights and freedoms (UK GDPR Articles 33 + 34).
9. Cookies + similar technologies
The Fuse website uses cookies and similar technologies for strictly-necessary functionality, performance analytics and (with your consent) marketing. Cookie choices are managed via CookieChimp banner — you can change them at any time via the "Cookie preferences" link in the footer.
Full detail of cookies, their purposes and the named third parties involved is in our separate Cookie Policy.
10. Your rights
Under UK GDPR and the Data Protection Act 2018, you have the right to:
- Access the personal data we hold about you (UK GDPR Art. 15)
- Rectify inaccurate data (Art. 16)
- Erase data we no longer have a lawful basis to hold (Art. 17 — the "right to be forgotten"; subject to our retention obligations above)
- Restrict processing in some circumstances (Art. 18)
- Data portability — receive your data in machine-readable form (Art. 20)
- Object to processing based on legitimate interests (Art. 21), including profiling
- Withdraw consent at any time where consent is the basis
- Not be subject to automated decisions with legal effect (Art. 22) — Fuse does not make any such decisions
- Lodge a complaint with the Information Commissioner's Office (ico.org.uk; tel 0303 123 1113)
To exercise any of these rights, email privacy@fusemobile.co.uk.
We respond within one month (UK GDPR Art. 12(3)) and ask only for
proof of identity where reasonably needed.
11. Changes to this policy
We may update this policy from time to time. The "Last updated" date at the top reflects the latest revision. Where a change materially affects your rights, we will email customers ahead of the change taking effect.
12. Contact us
- Email (privacy):
privacy@fusemobile.co.uk - Email (general support):
support@fusemobile.co.uk - Post: SIMOLOGY LIMITED, The Guildhall, Market Square, Cambridge CB2 3QJ, United Kingdom
For complaints about how we have handled your personal data, contact us first. If you remain dissatisfied, you have the right to complain to the Information Commissioner's Office (ico.org.uk).