← Back to Guac

Privacy Policy

Last updated: May 2026

Guac - Travel eSIM (“Guac”) is a product and service operated by POLEX LLC, Wyoming, USA (“we”, “us”, “our”). This Privacy Policy applies to the Guac mobile app and https://www.guac.online. Contact: privacy@guac.online | 1309 Coffeen Avenue STE 1200, Sheridan, Wyoming 82801, USA

At Guac, we take your privacy seriously. This policy explains what information we collect, how we use it, and your rights regarding your data. We keep things simple and only collect what we need to provide you with great connectivity service.

1. What We Collect

When you use Guac, we collect:

  • Account Information: Your email address when you sign up (via Google, Apple, or email authentication)
  • Payment Information: Payment details processed securely by Stripe (we never store your card numbers)
  • eSIM Data: Your eSIM identifiers (ICCID), usage statistics, installation status, and share tokens
  • Calling & Messaging Data: When you use voice calls, SMS, or rented phone numbers, we record call metadata (caller and called numbers, duration, timestamps, hangup cause), SMS metadata (sender, recipient, segments, delivery status), and SMS message content for in-app display. We do not record the audio of your calls
  • Device Information: Push notification tokens (including iOS VoIP push tokens used to ring your device on inbound calls) to send you important updates and to deliver inbound calls
  • Usage & Log Data: IP address, device details, and request logs processed by our service providers for security, fraud prevention, and analytics
  • Order History: Records of your purchases (eSIMs, wallet top-ups, phone-number subscriptions), any promo codes used, and Guac Credit earned or redeemed
  • Wallet & Transactions: Your Guac Credit balance and a full ledger of deposits, refunds, and in-app spend, with the Stripe payment identifier and source amount for each entry
  • Fraud-prevention metadata: For wallet top-ups and other paid transactions, we record the IP address and user-agent string of the device that initiated the purchase, plus rate-limit and dispute history, to defend chargebacks and prevent abuse
  • Preferences: Your display currency, locale, and favorite countries

2. How We Use Your Data

We use your information to:

  • Provide and manage your eSIM service, wallet, voice calls, SMS, and phone-number features
  • Process payments, run velocity and amount-based fraud checks, and defend chargebacks
  • Send important notifications about your service (low data, expiration, low wallet balance, subscription renewal)
  • Send transactional emails (order confirmations, payment alerts, top-up confirmations)
  • Deliver inbound calls and SMS to your device
  • Provide customer support via in-app chat
  • Improve our services and fix bugs through analytics and error monitoring
  • Comply with legal obligations
  • Generate aggregated, de-identified statistics for service improvement, capacity planning, and product research

We do not sell your personal information to third parties. Ever.

3. Third-Party Services

We work with trusted partners to provide our service. Each handles your data according to their own privacy policies:

  • Clerk - Secure authentication and account management
  • Stripe - Payment processing (PCI compliant)
  • eSIM provisioning partner - eSIM provisioning and data delivery
  • Telnyx - Carrier services for voice calls, SMS, and phone-number rental. Telnyx processes call metadata (caller and called numbers, duration, timestamps, technical routing data), the content of SMS messages we send and receive on your behalf, and your iOS VoIP push token so it can ring your device on inbound calls. Telnyx is the carrier of record for the phone numbers you rent through Guac
  • Expo - Push notifications for our mobile app
  • Convex - Secure database hosting
  • Vercel Analytics - Anonymous usage analytics (page views, referrers)
  • PostHog - Product analytics and session replay. We use PostHog (hosted in the EU) to understand how users interact with our app, including recording screen sessions for debugging and product improvement. Session recordings may capture screen content, taps, and navigation. Your user ID is associated with analytics events
  • Sentry - Error monitoring and crash reporting. When errors occur, we send diagnostic information (including your user ID, stack traces, and relevant context such as order or eSIM identifiers) to help us fix issues quickly
  • OpenAI - AI-powered customer support. When you use our support chat, your messages are processed to generate helpful responses
  • Resend - Transactional email delivery. Resend processes your email address and order details to send confirmations and alerts. We monitor email delivery status (opens, bounces, complaints) to ensure reliable communication
  • Svix - Webhook delivery for internal event processing

These providers may process IP address, device identifiers, and request logs for security and fraud prevention. We use Clerk session cookies for authentication. If you arrive via an affiliate referral link, we set a first-party cookie (guac_ref, 30-day expiry) to attribute your purchase to the referring affiliate. This cookie contains only the referral code and a timestamp. We do not use advertising or cross-site tracking cookies. Vercel Analytics helps us understand page views and referrers and may process anonymized IP data.

SMS Opt-In Data: Mobile information (phone numbers and SMS opt-in consent) collected for messaging on Guac numbers will not be shared with third parties or affiliates for marketing or promotional purposes. Information sharing to subcontractors who support our messaging services (such as Telnyx, our carrier partner) is permitted. All other use-case categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

4. Data Retention

We keep your data for as long as you have an account with us, plus:

  • Order and payment records: Retained indefinitely for tax and legal compliance. Where the law allows, we anonymize the user ID; for transactions still within the chargeback or dispute window we keep records linked to your user ID so we can defend disputes
  • Wallet top-up ledger and fraud-prevention metadata (IP, user-agent at purchase): Retained indefinitely as part of the transaction record
  • Call records (caller and called number, duration, cost, timestamps, hangup cause): Retained for 12 months in their full form for in-app call history and dispute defense. After 12 months, identifiers are truncated and the records are kept in aggregated form as part of the wallet ledger for tax and accounting purposes
  • Inbound SMS records (sender, recipient, message content, segments, delivery status): Retained for 12 months for in-app message history and dispute defense
  • Outbound SMS message content: Retained for 30 days unless required for longer for abuse investigation, legal hold, or dispute defense, then deleted. Aggregated billing data (count, segments, cost) is retained as part of the wallet ledger
  • Phone-number subscription records (number, country, status, period dates): Retained while the subscription is active and for 18 months after cancellation, then deleted or anonymized
  • iOS VoIP push tokens: Retained while you have an active phone-number subscription; rotated when the OS issues a new token
  • eSIM data: Deleted when you delete your account
  • Account data: Deleted promptly upon account deletion request
  • Guac Credit balance (cashback and wallet top-ups alike): Forfeited and deleted upon account deletion. Outstanding wallet credit cannot be transferred or refunded on deletion
  • Analytics data:Retained per our analytics providers' retention policies
  • Affiliate referral cookies: Expire 30 days after referral click

5. Your Rights

For all users:

  • Access your personal data
  • Correct inaccurate information
  • Delete your account and data
  • Export your data in a portable format

For EU/EEA residents (GDPR):

  • Right to data portability
  • Right to restrict processing
  • Right to object to processing
  • Right to lodge a complaint with a supervisory authority

For California residents (CCPA):

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to opt-out of the sale of personal information (we do not sell your data)
  • Right to non-discrimination for exercising your rights

To exercise any of these rights, contact us at privacy@guac.online.

6. Children's Privacy

Guac is intended for users 18 and older. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

7. Security

We use safeguards designed to protect your data, including:

  • Encryption in transit (TLS), and at rest where supported by our providers
  • Secure authentication via Clerk
  • PCI-compliant payment processing via Stripe
  • Reasonable security reviews and updates
  • Access controls limiting who can view your data

8. International Data Transfers

Your data may be processed in the following locations:

  • United States: Convex (database), Stripe (payments), Clerk (authentication), Sentry (error monitoring), Telnyx (carrier services for voice and SMS)
  • European Union: PostHog (analytics and session replay)
  • Singapore: eSIM provisioning partner

If you access our service from outside these regions, your information may be transferred to and processed in those locations. We rely on our service providers' data protection measures and contractual commitments to safeguard your data during transfers.

9. Updates to This Policy

We may update this policy from time to time. We'll notify you of significant changes via email or in-app notification. Continued use of Guac after changes constitutes acceptance of the updated policy.

10. Contact Us

Questions about your privacy? We're here to help.

  • Email: privacy@guac.online
  • Mailing Address: 1309 Coffeen Avenue STE 1200, Sheridan, Wyoming 82801, USA
  • Legal Entity: POLEX LLC