Legal

Privacy Policy

Last updated: 2 June 2026

SimQuota is built on a simple principle: collect as little as possible, never sell what we have. Free-tier usage stays on your device. If you opt into a paid plan or family monitoring, only the data needed for those features syncs to our servers — and only to power the feature you turned on. We never sell, rent, or share your personal information with advertisers or data brokers.

Quick jump

→ Cookies → Security → Data retention → Your rights (GDPR)

1. Who we are

SimQuota is developed and operated by Marco Curcio ("we", "us", "our"). For privacy enquiries contact [email protected].


2. What data we collect

2a. Data you provide

2b. Data generated by your use

2c. Data collected automatically

2d. What we do NOT collect

We do not collect browsing history, app usage logs, contacts, GPS location, advertising identifiers, or any behavioural tracking data. Cellular data readings are computed entirely on-device by iOS — we never receive raw network interface statistics.


3. How we use your data

PurposeData usedLegal basis (UK/EU GDPR)
Providing the service (auth, sync, family dashboard)Email, session tokens, SIM config, snapshotsContract performance
Transactional emails (verification, password reset, weekly digest)Email addressContract performance
Rate limiting and abuse preventionIP address (ephemeral)Legitimate interest
Processing subscriptions and promo codesAccount ID, subscription tierContract performance
Improving the serviceAggregate, anonymised metricsLegitimate interest

We do not use your data for advertising, profiling, or any purpose beyond operating SimQuota.


4. Third-party services

ServicePurposeData sharedPrivacy policy
CloudflareAPI hosting, database, KV storage, CDNAll server-side data transits Cloudflare infrastructurecloudflare.com/privacypolicy
ResendTransactional email deliveryYour email address and email contentresend.com/legal/privacy-policy
AppleApp distribution, Apple Sign In, paymentsGoverned by Apple's own privacy policyapple.com/legal/privacy

Geist is now self-hosted on simquota.com under /fonts/geist/; we do not send any visitor data to Google for webfont delivery.

We do not sell data to any third party. We do not use advertising SDKs, Facebook Pixel, or Google Analytics.

See our Data Processing Agreement page for the current subprocessor list and how to request our standard DPA terms.


4a. Cookies and similar technologies

SimQuota.com uses cookies and local storage sparingly. We do not use third-party advertising or tracking cookies. Here is the complete list:

Name / keyTypePurposeLifetime
access_tokenlocalStorageKeeps you signed in to the web dashboard.1 hour (auto-renewed)
refresh_tokenlocalStorageIssues new access tokens without re-login.30 days or until sign-out
simquota_referral_codelocalStorageRemembers a referral code from /refer for use during signup.Until used or cleared
__cf_bm / cf_clearanceCookie (Cloudflare)Bot management / DDoS protection. Strictly necessary, set by our CDN.Session

You can clear all of these by signing out, clearing your browser's site data for simquota.com, or using private browsing. We do not use analytics cookies, advertising pixels, social-media trackers, or session replay tools.


5. Data storage and security


6. Data retention

Data typeRetention
Account (email, password hash, display name)Until you delete your account
SIM configurationUntil you delete your account or remove the config
Usage snapshots30 days (auto-pruned daily)
Sessions30 days, or until sign-out
Email verification tokens24 hours
Password reset tokens1 hour

7. Your rights (UK & EU GDPR)

To exercise any right contact [email protected]. We respond within 30 days. You may also lodge a complaint with the UK ICO at ico.org.uk or your local EU supervisory authority.


7a. Data collected indirectly (Art. 14)

Some data we hold about you was not provided by you directly:


8. Children's privacy

SimQuota is not directed at children. We do not knowingly collect personal data from children under the applicable digital-age-of-consent in your jurisdiction:

Family Kids Mode — Pro Family includes a "Kids Mode" feature that lets a family admin restrict another member's data limit and disable monitoring toggles. Kids Mode requires the child member's own consent to receive the invite (they click an emailed link), but it is the parent / family admin's responsibility to ensure the child meets the local digital-age-of-consent. We do not independently verify parental consent for users below the local age of consent, so SimQuota's Family feature should not be used for children below that threshold.

If you believe a child below the applicable age has registered, contact [email protected] and we will delete the account.


8a. Data Protection Officer

SimQuota is operated by a single self-employed developer and our processing does not meet the thresholds in GDPR Art. 37 that mandate appointment of a Data Protection Officer (large-scale systematic monitoring of data subjects or large-scale processing of special-category data). We have therefore not appointed a DPO. All privacy enquiries are handled by the controller directly at [email protected].


8b. EU representative (Art. 27)

SimQuota is operated from the United Kingdom. For data subjects in the European Economic Area, an Article 27 representative is being appointed; the name and contact details will appear here once registered. In the interim, EEA data subjects may exercise their rights by contacting [email protected] directly, or by lodging a complaint with their local supervisory authority.


9. International transfers

Your data may be processed in the United States and elsewhere via Cloudflare infrastructure. We rely on:


10. Changes to this policy

We will notify you by email of any material changes. The "last updated" date at the top of this page always reflects the current version. Continued use after changes constitutes acceptance.


11. Contact

Email: [email protected] — subject line "Privacy Request"