Privacy Policy

This Policy applies to information handled in connection with:

1. the eSIM Commerce website, including esimcommerce.com;
2. reseller applications, account approval, onboarding, and account administration;
3. the Dashboard, APIs, documentation, technical materials, and operational support functions;
4. orders, eSIM issuance, eSIM management, support, troubleshooting, and security operations;
5. billing, payments, deposits, settlement, and related accounting records;
6. inquiries, notices, legal communications, and support communications; and
7. cookies, analytics, access logs, security logs, and similar technologies used on the eSIM Commerce website or related systems.

This Policy primarily covers business users, including Resellers, applicants, personnel of Resellers, Sub-Reseller contacts, Dashboard and API users, website visitors, and persons who contact us. We may also handle information relating to End Users when such information is provided to us by a Reseller or Sub-Reseller or is otherwise necessary for eSIM issuance, operation, support, troubleshooting, fraud prevention, security, legal compliance, or telecommunications network coordination.

For purposes of this Policy:

1. eSIM Commerce means the service operated by ROKKODE for eSIM resale, issuance, management, APIs, Dashboard access, documentation, operational support, and related functions.
2. Reseller means a business customer approved by ROKKODE to use eSIM Commerce for resale-related purposes.
3. Sub-Reseller means a person or entity that receives from a Reseller the right to sell Covered eSIMs to End Users or downstream sales channels.
4. End User means a person who purchases or uses a Covered eSIM from a Reseller or Sub-Reseller.
5. Covered eSIMs means eSIMs, eSIM profiles, activation information, and related information made available through eSIM Commerce.

Terms not defined in this Policy may have the meanings given in the applicable eSIM Commerce Reseller Terms and Conditions or other applicable terms between you and ROKKODE.

We may collect or receive the following categories of information.

3.1 Reseller application and account information

We may collect company name, business name, trade name, representative or contact person name, job title, email address, telephone number, business address, website URL, business description, sales channel information, application details, account status, approval status, and other information submitted during application, onboarding, account administration, or reseller review.

3.2 Service usage and technical information

We may collect Dashboard activity, API usage logs, API keys or related credential information, authentication logs, login records, order information, eSIM issuance information, ICCIDs and other eSIM identifiers, activation information, QR codes, activation codes, activation URLs, installation details, CSV files, API responses, Dashboard display records, delivery or provision records, usage status, status check results, suspension or operational records, sandbox, test, or staging environment usage logs and data, device or browser information, IP addresses, timestamps, error logs, security logs, and other technical information relating to eSIM Commerce.

3.3 End User-related information

We may receive or process End User-related information provided by Resellers, Sub-Resellers, or their systems where necessary for End User support, eSIM issuance, service operation, inquiries, troubleshooting, fraud prevention, security, telecommunications network coordination, legal compliance, or dispute response.

Resellers and Sub-Resellers must provide ROKKODE only the information necessary for the relevant purpose. Depending on the circumstances, End User-related information may include eSIM identifiers, activation information, usage status, inquiry details, support history, technical logs, device-related information, contact information, or other information submitted by a Reseller or Sub-Reseller for a permitted operational or support purpose.

3.4 Billing, payment, and settlement information

We may collect billing contact information, invoice information, bank account information, remittance information, payment status, payment history, deposit balances, settlement records, accounting records, tax-related information, and other information necessary for billing, payments, deposits, settlement, and accounting.

If payments are processed through third-party payment or remittance providers such as Stripe or Wise, those providers may process payment information in accordance with their own terms and privacy policies. ROKKODE generally does not directly store full credit card numbers or card security codes when payment card processing is handled by such third-party providers.

Where ROKKODE separately approves postpaid, invoice, credit, or other payment terms, we may collect and use information relating to credit review, credit limits, billing cycles, payment deadlines, issuance limits, payment disputes, chargebacks, collection status, and related risk or compliance assessments.

3.5 Identity verification and compliance information

Where required or provided in connection with Covered eSIMs, applicable laws, telecommunications network provider requirements, security, fraud prevention, or operational procedures, we may collect or receive information relating to identity verification, user qualification verification, eKYC, verification status, verification results, verification provider records, consents, disclosures, and related compliance information.

3.6 Website, cookie, and analytics information

When you visit the eSIM Commerce website or use related online services, we may collect cookie identifiers, analytics information, device information, browser information, IP addresses, referrer URLs, pages viewed, actions taken, session information, approximate location derived from technical information, and security or performance logs.

3.7 Communications and inquiry information

We may collect information contained in emails, contact forms, support tickets, meeting records, call records, notices, legal communications, survey responses, feedback, and other communications with us.

We may collect information:

1. directly from you when you submit an application, create an account, contact us, use the Dashboard, place orders, or otherwise communicate with us;
2. from Resellers, Sub-Resellers, their personnel, or their systems;
3. through APIs, Dashboard operations, logs, cookies, analytics tools, and other technical means;
4. from payment, remittance, cloud, analytics, support, security, communication, and other service providers;
5. from KDDI Corporation, Okinawa Cellular Telephone Company, other mobile network operators (MNOs), or other telecommunications network providers where necessary for eSIM issuance, operation, support, security, or legal compliance;
6. from identity verification, eKYC, compliance, fraud prevention, or similar service providers where such verification or compliance checks are required or used; and
7. from public sources, business databases, sanctions lists, or other sources used for reseller review, compliance, fraud prevention, or security purposes.

ROKKODE may use information for the following purposes:

1. reviewing reseller applications and determining account approval;
2. creating, administering, authenticating, securing, and supporting accounts;
3. providing, operating, maintaining, and improving eSIM Commerce, the Dashboard, APIs, documentation, and related support functions;
4. processing orders and issuing, managing, checking, suspending, or otherwise operating Covered eSIMs;
5. administering billing, invoices, payments, deposits, settlement, accounting, tax, and financial records;
6. responding to inquiries, support requests, troubleshooting requests, legal notices, and other communications;
7. investigating defects, outages, errors, unauthorized use, suspicious activity, abuse, security incidents, and other operational issues;
8. enforcing rate limits, usage quotas, concurrency limits, access controls, technical restrictions, and other safeguards for capacity management, service stability, security, abuse prevention, and operational protection;
9. conducting identity verification, user qualification verification, eKYC, compliance checks, fraud prevention checks, or related procedures where required or used;
10. coordinating with telecommunications network providers for eSIM issuance, operation, communication-related support, fraud prevention, network protection, legal compliance, or other legitimate operational purposes;
11. preventing fraud, unauthorized access, spam, malware distribution, attacks on telecommunications facilities, sanctions violations, and other illegal or inappropriate activity;
12. complying with laws, regulations, administrative guidance, court orders, public authority requests, telecommunications-related requirements, sanctions, export controls, accounting requirements, tax requirements, and other legal obligations;
13. enforcing contracts, protecting rights, resolving disputes, and responding to claims;
14. analyzing use of eSIM Commerce and the eSIM Commerce website, including through tools such as Google Analytics or similar analytics technologies;
15. protecting, securing, maintaining, improving, and supporting eSIM Commerce, the Dashboard, APIs, documentation, Covered eSIM operations, and related business operations; and
16. performing any other purpose that is reasonably related to the purposes described above or separately notified to you.

End User-related information is used only to the extent necessary for purposes such as eSIM issuance, operation, End User support requested through a Reseller or Sub-Reseller, troubleshooting, fraud prevention, security, telecommunications network coordination, legal compliance, or dispute response.

Resellers and Sub-Resellers sell Covered eSIMs to End Users in their own name and at their own responsibility. ROKKODE does not generally act as the direct seller of products sold by Resellers or Sub-Resellers to End Users.

Each Reseller is responsible for providing appropriate privacy notices, obtaining required consents, securing necessary rights and permissions, responding to End User inquiries, and complying with applicable privacy and data protection laws in relation to its own sales, marketing, support, and End User relationships.

If a Reseller or Sub-Reseller provides End User-related information to ROKKODE, the Reseller must ensure that it has a lawful basis, required authority, necessary notices, and required consents for doing so. Resellers and Sub-Resellers must provide only the minimum End User-related information necessary for the relevant purpose.

If an End User contacts ROKKODE directly regarding a product purchased from a Reseller or Sub-Reseller, ROKKODE may direct the End User to the relevant Reseller or Sub-Reseller, request information from the relevant Reseller or Sub-Reseller, or handle the request only to the extent ROKKODE determines necessary or appropriate.

ROKKODE may share or disclose information with the following categories of recipients where necessary or appropriate for the purposes described in this Policy:

1. Resellers, Sub-Resellers, and their authorized personnel;
2. KDDI Corporation, Okinawa Cellular Telephone Company, other mobile network operators (MNOs), and other telecommunications network providers;
3. payment, remittance, banking, billing, accounting, tax, and settlement service providers, including providers such as Stripe and Wise;
4. identity verification, eKYC, compliance, fraud prevention, risk assessment, and security service providers;
5. cloud hosting, infrastructure, database, security, monitoring, analytics, email delivery, customer support, communication, and business operations service providers;
6. professional advisers, including attorneys, accountants, auditors, consultants, and other advisers;
7. administrative agencies, investigative authorities, courts, telecommunications regulators, law enforcement agencies, and other public authorities;
8. counterparties or potential counterparties in a merger, acquisition, financing, business transfer, reorganization, or similar transaction; and
9. other persons where you have instructed us to disclose the information, where disclosure is necessary to perform a contract, where disclosure is permitted by law, or where disclosure is necessary to protect ROKKODE, eSIM Commerce, telecommunications networks, End Users, Resellers, Sub-Resellers, or third parties.

KDDI Corporation, Okinawa Cellular Telephone Company, other MNOs, and other telecommunications network providers may provide or control telecommunications networks, network availability, network conditions, maintenance, capacity, restrictions, or communications-related terms for Covered eSIMs. Nothing in this Policy means that those parties directly sell, guarantee, recommend, approve, partner with, or endorse any Reseller, Sub-Reseller, product, service, sales terms, privacy practices, or support conditions.

eSIM Commerce may involve business users, Resellers, Sub-Resellers, service providers, cloud infrastructure, analytics providers, support tools, payment providers, or other recipients located outside Japan. As a result, information may be transferred to, stored in, or accessed from countries or regions outside Japan.

Where required by applicable law and to the extent applicable to ROKKODE, ROKKODE will take steps intended to support lawful international transfers, such as providing required information, obtaining required consents, using appropriate contractual arrangements, or confirming appropriate protective measures by recipients.

Resellers are responsible for obtaining any notices, consents, approvals, or other measures required for international transfers arising from their own sales, Sub-Reseller relationships, End User relationships, systems, or instructions to ROKKODE.

ROKKODE may use cookies, pixels, local storage, analytics tools, security technologies, and similar technologies on the eSIM Commerce website and related online services.

These technologies may be used to:

1. operate the website and related services;
2. remember settings or session information;
3. improve performance and usability;
4. analyze visits, traffic sources, page views, and user interactions;
5. detect, prevent, and investigate fraud, abuse, unauthorized access, and security incidents; and
6. improve eSIM Commerce, support, documentation, and business operations.

We may use analytics tools such as Google Analytics or similar services. These tools may collect information through cookies or similar technologies and may process information in accordance with their own terms and privacy policies.

You may be able to disable or restrict cookies through your browser settings. If you disable cookies or similar technologies, some website or service functions may not work properly.

ROKKODE retains information for as long as reasonably necessary for the purposes described in this Policy, including service operation, contract performance, reseller administration, eSIM issuance and management, billing, payment administration, accounting, tax, legal compliance, security, fraud prevention, dispute resolution, enforcement of rights, and business recordkeeping.

Retention periods may vary depending on the type of information, the purpose of use, applicable legal requirements, contractual requirements, operational needs, and whether retention is necessary for security, investigation, audit, accounting, tax, dispute, or claim-related purposes.

When information is no longer reasonably necessary, ROKKODE may delete, anonymize, archive, restrict access to, or otherwise handle it in accordance with applicable law and internal procedures.

ROKKODE takes commercially reasonable technical, organizational, and administrative measures designed to protect information handled through eSIM Commerce against unauthorized access, leakage, loss, misuse, alteration, and destruction.

However, no system, network, transmission method, or storage method is completely secure. Resellers and Sub-Resellers are responsible for appropriately managing their own systems, API keys, login IDs, passwords, tokens, authentication information, End User information, and other information under their control.

If you become aware of unauthorized access, information leakage, leakage of authentication information, unauthorized issuance, unauthorized use, or any other security incident relating to eSIM Commerce, you should promptly notify ROKKODE.

To the extent provided by applicable law and depending on the nature of the relevant information, individuals may have rights to request disclosure, correction, addition, deletion, suspension of use, erasure, or suspension of third-party provision of retained personal data concerning them.

To make a request, please contact us using the contact information set out in this Policy. We may request information necessary to verify your identity, confirm your authority, identify the relevant information, and process the request.

If a request relates to End User information that was provided to ROKKODE by a Reseller or Sub-Reseller, ROKKODE may need to coordinate with the relevant Reseller or Sub-Reseller. In some cases, the End User may need to contact the Reseller or Sub-Reseller from which the End User purchased the relevant product.

ROKKODE may decline or limit a request where permitted by applicable law, including where disclosure or action would violate law, harm the rights or interests of another person, seriously impede proper business operations, compromise security, interfere with investigations, or where ROKKODE is not legally required or able to comply with the request.

Individuals in certain jurisdictions, including the European Economic Area, the United Kingdom, and certain U.S. states, may have additional privacy rights under applicable data protection or privacy laws. Such rights may include, depending on the applicable law and the relevant circumstances, rights to access, correct, delete, restrict, object to, or receive a copy of personal information, withdraw consent, opt out of certain processing activities, or lodge a complaint with a competent authority.

ROKKODE will respond to such regional privacy rights requests only to the extent required by applicable law and to the extent such law applies to ROKKODE’s handling of the relevant information.

Where ROKKODE processes End User-related information provided by a Reseller or Sub-Reseller, ROKKODE may act on instructions from, or coordinate with, the relevant Reseller or Sub-Reseller. The relevant Reseller or Sub-Reseller may be the primary party responsible for the End User relationship, privacy notices, consents, and responses to End User requests.

Nothing in this Policy is intended to grant rights beyond those required by applicable law or agreed in a separate written agreement with ROKKODE.

The eSIM Commerce website, Dashboard, documentation, emails, or support communications may contain links or references to third-party websites, services, tools, payment providers, analytics providers, or other external services.

This Policy does not apply to third-party websites or services that are not operated by ROKKODE. Such third parties may handle information in accordance with their own terms and privacy policies.

ROKKODE may update this Policy from time to time. Updated versions will be posted on the eSIM Commerce website at esimcommerce.com or otherwise made available by ROKKODE.

If we make material changes, ROKKODE may provide notice by an appropriate method, such as website posting, email, Dashboard notice, or other communication through eSIM Commerce, where required by applicable law or where ROKKODE considers appropriate.

If you have questions, requests, complaints, or other inquiries regarding this Policy or ROKKODE’s handling of personal information in connection with eSIM Commerce, please contact us by email at support[at]esimcommerce.com or through the contact form at https://esimcommerce.com/contact.