Privacy policy
Privacy Policy
Last updated: June 2026 · Version 1.0
get/lost Ltd is registered in England and Wales (Company number: [CRN]). We are registered with the Information Commissioner's Office (ICO) as a data controller under registration number [ICO reference]. Our registered office is [registered address].
get/lost operates this store and website, including all related information, content, features, tools, products and services (the "Services"). get/lost is powered by Shopify, which enables us to provide the Services to you.
This Privacy Policy describes how we collect, use, and disclose your personal information when you visit, use, or make a purchase using the Services, or otherwise communicate with us. If there is a conflict between our Terms of Service and this Privacy Policy, this Privacy Policy controls with respect to the collection, processing, and disclosure of your personal information.
Please read this Privacy Policy carefully. By using and accessing any of the Services, you acknowledge that you have read and understood this Privacy Policy.
1. Personal Information We Collect
When we use the term "personal information," we mean information that identifies or can reasonably be linked to you. We may collect the following categories of personal information depending on how you interact with the Services:
- Contact details: your name, billing address, phone number, and email address.
- Financial information: payment card information and transaction details. Note: your full card details are processed by Stripe and are never stored on our servers.
- Account information: your email address used to log in, preferences, and settings.
- Transaction information: the eSIM products you view, add to your cart, or purchase, and your order history.
- Communications: information you include when contacting our support team.
- Device and usage information: information about your device, browser, IP address, and how you interact with the Services, collected via cookies and similar technologies.
- eSIM usage data: data related to the activation and use of eSIM bundles you purchase. This data is processed by our network partner, eSIM Go, not directly by us.
2. How We Collect Personal Information
We collect personal information from the following sources:
- Directly from you: when you create an account, purchase an eSIM, contact our support team, or subscribe to our marketing emails.
- Automatically: through cookies and similar technologies when you visit our website. See our Cookie Policy for more detail.
- From Shopify: as our store platform, Shopify collects and processes certain data about your interactions with our store.
- From eSIM Go: our network partner may share technical data about eSIM provisioning with us for order fulfilment and support purposes.
- From third-party services: such as analytics providers, advertising platforms, and email marketing tools (see Section 4 for details).
3. How We Use Your Personal Information
We use personal information for the following purposes and on the following legal bases:
To fulfil your order (contractual necessity)
We use your name, email address, and payment information to process your eSIM purchase, generate your QR code, deliver it to you by email, and provide customer support. This is necessary to perform our contract with you and we cannot provide the service without it.
To deliver your eSIM (contractual necessity)
We share your order details with eSIM Go (our network partner) solely for the purpose of provisioning and delivering your eSIM bundle. eSIM Go receives the bundle reference and order quantity: they do not receive your full personal details unless required to resolve a technical support issue.
To prevent fraud and protect security (legitimate interests)
We use your device information, IP address, and payment details to detect and prevent fraudulent transactions, protect our services, and ensure a secure shopping experience.
To send order and account communications (contractual necessity / legitimate interests)
We send you transactional emails including your order confirmation, QR code delivery email, and eSIM installation instructions. These are necessary to perform our contract with you and cannot be opted out of while you are a customer.
To send marketing communications (consent)
If you opt in to marketing at checkout or via our website, we may send you promotional emails about new eSIM plans, destinations, travel guides, and special offers. You can unsubscribe at any time using the link in any marketing email, or by emailing hello@gogetlost.co. Opting out of marketing does not affect your order or account communications.
To improve our services (legitimate interests)
We use anonymised and aggregated usage data to understand how customers use our website, which products are most popular, and where we can improve the experience. This data cannot identify you individually.
To comply with legal obligations (legal obligation)
We retain certain records to comply with UK tax law, consumer protection regulations, and other applicable legal obligations.
4. Who We Share Your Information With
We may share your personal information with the following categories of third parties:
Shopify
Our store is hosted by Shopify. Shopify processes your order data, payment information, and browsing behaviour on our store as part of providing the platform. Shopify is an independent data controller for data it processes for its own purposes. For more information, see the Shopify Consumer Privacy Policy.
Stripe
Payment processing is handled by Stripe. When you make a purchase, your payment card details are transmitted directly to Stripe and are never stored on our servers. Stripe processes your payment data as an independent data controller. See the Stripe Privacy Policy.
eSIM Go
Our network partner, eSIM Go, receives the bundle reference and order details necessary to provision and deliver your eSIM. eSIM Go processes this data solely for fulfilment purposes. eSIM Go is based in the UK.
Klaviyo
If you opt in to marketing emails, your name and email address are shared with Klaviyo, our email marketing platform. Klaviyo stores and processes this data in accordance with their privacy policy. You can opt out of marketing emails at any time.
Analytics providers
We use Google Analytics to understand how visitors use our website. Google Analytics collects anonymised usage data. You can opt out via our cookie consent banner.
Legal and regulatory bodies
We may disclose your personal information to law enforcement, regulatory authorities, or courts where required by applicable law, or to protect our rights and the rights of others.
Business transfers
In the event of a merger, acquisition, or sale of our business, your personal information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy.
5. Relationship with Shopify
The Services are hosted by Shopify, which collects and processes personal information about your access to and use of the Services in order to provide and improve the Services for you. Information you submit to the Services will be transmitted to and shared with Shopify as well as third parties that may be located in countries other than where you reside.
To learn more about how Shopify uses your personal information and to exercise any rights you may have over Shopify's processing, visit the Shopify Privacy Portal.
6. Cookies and Tracking Technologies
We use cookies and similar technologies to provide our services, remember your preferences, analyse website traffic, and serve relevant advertising. When you first visit our website, you will be shown a cookie consent banner allowing you to accept or decline non-essential cookies.
Essential cookies
Required for the website to function: shopping cart, checkout, session management. These cannot be disabled.
Analytics cookies
Used to understand how visitors use our website (Google Analytics). Only active if you consent.
Marketing cookies
Used to show you relevant advertising on other websites (Meta Pixel, Google Ads). Only active if you consent.
You can change your cookie preferences at any time via the cookie settings link in our website footer.
7. International Transfers
Some of our service providers are located outside the UK and European Economic Area (EEA). Where we transfer your personal information outside the UK or EEA, we ensure appropriate safeguards are in place, including the use of Standard Contractual Clauses approved by the UK Information Commissioner's Office or the European Commission, or transfers to countries that have been determined to provide an adequate level of protection.
Shopify stores data on servers located in the United States and other countries. Stripe is also based in the United States. Both companies participate in approved transfer mechanisms for international data transfers.
8. Security and Retention
We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, disclosure, alteration, or destruction. However, no security measures are perfect, and we cannot guarantee absolute security. We recommend you do not use unsecure channels to communicate sensitive or confidential information to us.
We retain your personal information for as long as necessary to fulfil the purposes outlined in this policy, or as required by law. Specifically:
- Order records: retained for 7 years for UK tax and accounting purposes.
- Customer account data: retained while your account is active and for 2 years after your last interaction.
- Marketing data: retained until you unsubscribe or request deletion.
- Support communications: retained for 2 years.
9. Children's Data
Our Services are not intended for use by children under 16 years of age, and we do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at the details below and we will delete it promptly.
10. Your Rights
Under UK GDPR and the Data Protection Act 2018, you have the following rights in relation to your personal information:
- Right to access: you may request a copy of the personal information we hold about you.
- Right to rectification: you may request that we correct inaccurate personal information.
- Right to erasure: you may request that we delete your personal information in certain circumstances.
- Right to restrict processing: you may request that we limit how we use your personal information in certain circumstances.
- Right to data portability: you may request a copy of your data in a structured, machine-readable format.
- Right to object: you may object to our processing of your personal information where we rely on legitimate interests as the legal basis.
- Right to withdraw consent: where we rely on consent (such as for marketing), you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
To exercise any of these rights, contact us at hello@gogetlost.co. We will respond within one month as required by UK GDPR. We may need to verify your identity before processing your request.
We will not discriminate against you for exercising any of these rights.
11. Complaints
If you have concerns about how we handle your personal information, please contact us first at hello@gogetlost.co and we will do our best to resolve the issue.
If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Telephone: 0303 123 1113
If you are located in the European Economic Area, you may also lodge a complaint with your local data protection authority.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post the revised Privacy Policy on this website and update the "Last updated" date. We will notify you of material changes by email where we have your contact details and where required by law.
13. Contact Us
If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us:
- Email: hello@gogetlost.co
- Support: support@gogetlost.co
- Website: gogetlost.co
- Registered address: [Registered office address]
- Company number: [CRN]: registered in England and Wales
- ICO registration number: [ICO reference]
For data processed by Shopify, visit the Shopify Privacy Portal.
get/lost Ltd · go wander · stay connected · Version 1.0 · June 2026