Dantos App Atlanta Georgia Bogota DC Mobile Development

Kirapp

Privacy Policy

Last Update: 27/07/2025 01:08 am

1. Introduction

At KirApp, operated by Danto’s App CORP (“KirApp”, “we”, “us”, or “our”), we are committed to safeguarding the privacy and personal data of our users. This Privacy Policy describes the manner in which we collect, use, disclose, and protect your personal information when you access or use our mobile application, website, or any related services (collectively, the “Services”).

By accessing or using our Services, including but not limited to creating an account, purchasing or activating an eSIM, or otherwise interacting with KirApp, you acknowledge that you have read, understood, and agreed to the practices described in this Privacy Policy.

This document also outlines your rights in relation to your personal data, in accordance with applicable data protection legislation, including but not limited to the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the California Consumer Privacy Act (“CCPA”), and any other relevant data protection frameworks.

We encourage you to read this Privacy Policy in its entirety to understand how your personal data will be handled. Should you have any questions or concerns, you may contact us using the details provided in Section 15 of this document.

2. Who We Are

KirApp is a digital telecommunications service designed to provide users with convenient access to mobile data through eSIM technology. The Service is operated by Danto’s App CORP, a company duly organized and existing under the laws of the State of Georgia, United States of America, with its principal place of business located in Atlanta, Georgia, United States.

For the purposes of applicable data protection laws, including but not limited to the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the California Consumer Privacy Act (“CCPA”), and other relevant international privacy regulations, Danto’s App CORP acts as the Data Controller in relation to the personal data collected and processed through the KirApp mobile application, website, and associated services.

As Data Controller, Danto’s App CORP is responsible for determining the purposes and means of the processing of your personal data, and for ensuring that such processing is carried out in accordance with applicable legal requirements.

If you have any questions about this Privacy Policy or wish to exercise any of your rights as described herein, you may contact us at:

  1. 📧 Email: privacy@dantosapp.com

In accordance with applicable regulations, we may also designate a Data Protection Officer (DPO) to oversee our data protection compliance. Any communications intended for the DPO should also be directed to the email address provided above.

3. Information We Collect

When you use the KirApp eSIM Services, we collect various types of personal data to operate our platform, process transactions, ensure legal compliance, and improve your experience. This data may be collected directly from you, automatically during your use of the Services, or through authorized third parties.

3.1. Categories of Personal Data Collected

Category Account Information
Examples Full name, email address, phone number, password, country of residence
Purpose To register your account and provide access to the KirApp eSIM Services

Category Order & Purchase Data
Examples Selected data plan, device compatibility, billing address, currency, transaction amount, purchase history
Purpose To fulfill your eSIM order, process payments, and generate receipts

Category Payment Information
Examples Cardholder name, last four digits of credit card, billing zip code, payment method
Purpose Collected and processed by trusted third-party payment providers (e.g., Stripe, Apple Pay, Google Pay)

Category Identity Verification
Examples Government-issued ID, passport photo, selfie image (for Know Your Customer [KYC], if required by law or provider)
Purpose To confirm your identity and prevent fraud

Category Biometric Information
Examples Facial image data from selfies and photo ID for automated verification
Purpose Used exclusively for identity verification, with explicit user consent where applicable

Category Device Information
Examples Device model, operating system version, device language, carrier, screen resolution, unique device identifier
Purpose To ensure eSIM compatibility and provide platform optimization

Category Usage & Activity Data
Examples In-app actions, eSIM downloads, plan activation, screens visited, notification preferences, feedback submitted
Purpose To analyze usage trends, improve performance, and respond to feature demand

Category Referral Tracking
Examples Referral codes, referral source, campaign attribution data
Purpose To operate referral programs and improve marketing effectiveness

Category Push Notification Tokens
Examples Device token used for sending transactional alerts (e.g., activation confirmation, plan expiration warnings)
Purpose To deliver in-app and system notifications

Category Support & Communication
Examples Chat transcripts, support emails, help requests, user feedback
Purpose To resolve issues, respond to inquiries, and improve customer experience

Category Marketing & Surveys
Examples Voluntarily submitted responses, email preferences, opt-in confirmations
Purpose To conduct promotions, satisfaction surveys, and email campaigns (only with your consent)


3.2. Automatically Collected Information

When you access or use our Services, we may automatically collect the following information:

  1. Log Data: IP address, access times, pages viewed, device type, crash reports.

  2. Analytics Data: Events (e.g., successful activation, completed purchase), session durations, frequency of app usage.

  3. Location Data: Approximate location derived from your IP address or device settings, used to recommend regional bundles and comply with legal or tax obligations.

  4. Cookies & Tracking: Small data files placed on your browser or device to remember preferences, analyze behavior, and improve our Services. For more information, refer to our Cookie Policy.

IP Address and Network Metadata

We collect and retain your IP address through third parties SDK libraries and related metadata such as geographic location, language preferences, and device type for the following purposes:

  1. Fraud detection and abuse prevention.
  2. Identifying your country for eSIM provisioning and legal compliance.

  3. Enforcing regional restrictions and calculating applicable taxes or VAT.

  4. Maintaining secure audit logs and monitoring traffic patterns.

We do not use IP addresses for advertising profiling. This information is retained only as long as necessary to fulfill the purposes above or meet legal requirements.


3.3. Biometric Data Disclaimer (When Applicable)

In jurisdictions or scenarios where identity verification is required, we may request a government-issued ID and a facial image (selfie) to verify your identity through a secure, automated process. This may involve the processing of biometric data.

Such data is processed only with your explicit consent, used exclusively for identity verification, and deleted once the verification process is complete, unless otherwise required by law. We use third-party services that comply with relevant data protection and biometric privacy laws. KirApp does not sell or share biometric data for advertising or marketing purposes.

If you do not wish to submit biometric data when requested, certain features or services may be unavailable.


3.4. Information from Third Parties

We may receive personal data from trusted third parties to deliver and improve the Services, including:

  1. eSIM Providers: To activate and manage your eSIM profile.

  2. Payment Processors: To confirm successful payments or process refunds.

  3. Marketing and Analytics Partners: For aggregate usage analysis and marketing campaign performance.

  4. Affiliates or Business Partners: In connection with co-branded or white-labeled services or promotions.

3.5. Children and Sensitive Personal Data

KirApp does not knowingly collect or process:

  1. Personal data from individuals under the age of 13 (or the minimum age set by applicable data protection laws in your jurisdiction), without verifiable parental consent.

  2. Special categories of personal data, such as racial or ethnic origin, religious or philosophical beliefs, health-related data, or political opinions.

If we become aware that we have collected such data in violation of this policy, we will promptly delete it and take appropriate steps to close the related account.


3.6. Legal Basis for Processing (GDPR)

In accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR), the following legal bases apply to our processing of your personal data:


Processing ActivityLegal Basis
Account registration and loginPerformance of a contract (Art. 6(1)(b) GDPR)
eSIM purchase and provisioningPerformance of a contract (Art. 6(1)(b) GDPR)
Identity verification (KYC)Legal obligation (Art. 6(1)(c)), or explicit consent (Art. 9(2)(a))
Customer support communicationLegitimate interest (Art. 6(1)(f) GDPR)
Marketing communicationsConsent (Art. 6(1)(a) GDPR), with opt-out mechanisms
Cookies and analyticsConsent (Art. 6(1)(a)), except where strictly necessary
Fraud detection and security loggingLegitimate interest (Art. 6(1)(f)), or legal obligation

We do not rely on automated decision-making that produces legal effects concerning you without meaningful human involvement.


4. How We Collect Your Data

We collect personal data through a combination of direct user interactions, automated technologies, and trusted third-party sources. The methods by which your data is collected include:


4.1. Information You Provide to Us Directly

We collect personal data that you voluntarily provide through your interactions with our Services, including:

  1. Creating or updating your user account.

  2. Submitting a purchase or payment.

  3. Activating, managing, or deleting an eSIM profile.
  4. Communicating with our customer support team.

  5. Responding to surveys or promotional offers.

  6. Participating in referral programs.

  7. Opting in to receive newsletters or service alerts.

Failure to provide required personal data may result in the inability to access certain features or complete transactions.


4.2. Information Collected Automatically

When you interact with our mobile application or website, certain information is collected automatically using standard technologies, including:

  1. Device characteristics (model, operating system, language settings).

  2. IP address and approximate location.

  3. Device identifiers and push notification tokens.

  4. Log data, including error reports and performance metrics.

  5. In-app behavior (screen views, taps, feature usage, session duration).

This information allows us to maintain and improve the functionality, security, and usability of our Services.

Use of Mobile SDKs

Our mobile application integrates with third-party Software Development Kits (SDKs) and APIs to support essential features such as analytics, crash reporting, identity verification, customer support, and in-app messaging. Examples include:

  1. Firebase (Google LLC): analytics, crash reporting, messaging.

  2. Firebase SDKs: referral attribution and event tracking.

  3. Stripe SDK: payment authentication.

  4. Firebase: for push notifications.

These SDKs may independently collect technical data as part of their integration, subject to their own privacy terms. We evaluate each vendor to ensure compliance with applicable privacy laws.


4.3. Information Received from Third Parties

We may obtain personal data about you from authorized third parties, including:

  1. Payment providers, to confirm transaction status or process refunds.

  2. Telecommunications partners, for eSIM profile delivery and activation.

  3. Identity verification services, if legally required (e.g., for KYC procedures).

  4. Marketing and analytics platforms, to measure performance or engagement.

  5. Referral or affiliate networks, to track campaign effectiveness.

These parties are contractually bound to use your data only as instructed and consistent with this Privacy Policy.


4.4. Use of Cookies and Similar Technologies

We use cookies, tags, pixels, local storage, and similar technologies on our website and within our mobile application to:

  1. Enable user authentication and session management.

  2. Analyze traffic, detect abuse, and enhance service performance.

  3. Store user preferences and language selections.

  4. Deliver relevant promotional content or reminders.

You can manage or disable cookie preferences through your browser or device settings. Where required by law (e.g., in the European Economic Area), we will display a cookie consent banner and obtain your affirmative consent before setting non-essential cookies.

Please refer to our Cookie Policy for detailed information about our use of tracking technologies and your options.


4.5. Offline Data Collection

We do not collect personal data from you when you are offline or not interacting with our mobile app or website. All data collection requires an active internet connection and a direct or indirect interaction with the KirApp Services.


5. How We Use Your Data

We use your personal data for a variety of legitimate and lawful purposes in order to operate, provide, improve, and protect the KirApp Services, as well as to comply with our legal obligations. Specifically, we may use your information for the following purposes:


5.1. Service Provision and Account Management

  1. To create and manage your user account.

  2. To enable the purchase, activation, and management of eSIM plans.

  3. To ensure compatibility between your device and the selected eSIM bundle.

  4. To provide access to your usage history and transaction records.

5.2. Identity Verification and Compliance (Where Applicable)

  1. To perform identity verification (KYC), when required by local telecommunications regulations or by our service partners.

  2. To comply with applicable laws, including export controls, fraud prevention, and anti-money laundering (AML) requirements.

  3. To maintain accurate and legally compliant records of transactions and user activity.

5.3. Payment Processing

  1. To facilitate secure payments and verify billing information.

  2. To issue receipts, refunds, and manage subscription billing.
  3. To prevent fraudulent activity related to transactions.

5.4. Customer Support and Communications

  1. To respond to inquiries, requests, and complaints.

  2. To provide technical assistance and resolve support tickets.

  3. To notify you of service-related changes, updates, outages, or system alerts.

5.5. Service Optimization and Analytics

  1. To monitor service performance and detect technical issues.

  2. To analyze user behavior and improve our app's design, usability, and feature set.

  3. To evaluate the effectiveness of updates and user journeys.

  4. To test and implement new functionalities or integrations.

Use of Aggregated and Anonymized Data

We may process and analyze aggregated or anonymized data that is no longer linked to any specific individual for purposes such as:

  1. Internal reporting and trend analysis.
  2. Business intelligence and product development.

  3. Performance benchmarking and security assessments.

Such data does not constitute personal information and may be used or disclosed without further notice.


5.6. Marketing and Promotional Communication

  1. To send promotional offers, newsletters, or updates (only where you have provided prior consent or as permitted by law).

  2. To conduct market research, surveys, and referral programs.

  3. To display contextual messages or reminders within the application (e.g., about plan expirations or limited-time offers).

You may withdraw your consent to marketing communications at any time by using the opt-out link in our emails or by adjusting your communication preferences in the app.


5.7. Legal, Regulatory, and Security Purposes

  1. To detect, investigate, and prevent fraudulent, unauthorized, or illegal activity.

  2. To enforce our Terms and Conditions and protect the rights, safety, or property of KirApp, our users, or others.

  3. To respond to lawful requests from courts, regulatory authorities, or law enforcement.
  4. To comply with record-keeping, tax, and reporting obligations.

5.8. Regional Compliance and Data Localization

Depending on your location and the legal requirements of the jurisdiction in which you reside or access our Services, we may process your data through region-specific infrastructure or route data through local service providers or telecom partners to meet data localization, tax compliance, or regulatory reporting requirements.

This may include determining your region using IP address, declared country, or billing address in order to:

  1. Assign local pricing or tax rates;
  2. Comply with regional laws (e.g., SIM registration rules);

  3. Limit or allow access to certain plans or services.

6. Disclosure of Your Information

We do not sell your personal data to third parties. However, we may disclose your information to selected and trusted entities in accordance with this Privacy Policy and applicable law, and only where such disclosure is necessary for the performance of our Services, legal compliance, or with your explicit consent.

Your personal data may be disclosed to the following categories of recipients:


6.1. Service Providers and Processors

We engage carefully selected third-party data processors and subprocessors to assist in the operation, delivery, and maintenance of the KirApp Services. These providers process data on our behalf and under our instructions, and are contractually bound to use personal data only for authorized purposes and to maintain appropriate security and confidentiality standards.

As of the date of this Policy, our subprocessors include, but are not limited to:

SubprocessorService Provided
Firebase (Google LLC)Analytics, crash reporting, messaging
StripePayment gateway and billing
Apple PayPayment integration (iOS devices)
Digital OceanInfrastructure or backend services (as applicable)
Google PayPayment integration (Android devices)

This list may be updated from time to time. We encourage users to consult the latest version of this Privacy Policy or contact us directly at privacy@dantosapp.com for inquiries about subprocessors.


6.2. Telecommunications and Connectivity Partners

To fulfill your eSIM orders, we may share limited personal data with licensed Mobile Network Operators (MNOs) or Mobile Virtual Network Operators (MVNOs) in connection with:

  1. Activation and provisioning of your eSIM profile.

  2. Regional compliance with SIM registration or data retention laws.

  3. Network troubleshooting or fraud prevention.

These partners may operate under their own regulatory frameworks depending on the jurisdiction of the user or the eSIM bundle.


6.3. Legal and Regulatory Authorities

We may disclose your information when required to do so by law, or when such disclosure is reasonably necessary to:

  1. Respond to a legal obligation, court order, subpoena, or regulatory request.

  2. Enforce our Terms and Conditions or investigate potential violations;

  3. Protect the security, rights, or safety of KirApp, our users, or others.

  4. Cooperate with lawful investigations or public authorities, including for fraud prevention, national security, or law enforcement.

6.4. Business Transfers

In the event of a business transition, such as a merger, acquisition, reorganization, asset sale, or bankruptcy, personal data may be transferred as part of the business assets. If such a transfer occurs, we will take appropriate steps to ensure the receiving party is bound by obligations that are at least as protective as those in this Privacy Policy.


6.5. Cross-Border Data Transfers

Due to the international nature of the Services, your personal data may be transferred to — and stored or processed in — jurisdictions other than your country of residence. These jurisdictions may have data protection laws that are different from those in your country.

Whenever we transfer personal data internationally, we ensure appropriate safeguards are in place, including:

  1. Transfers to countries deemed by the European Commission to provide an adequate level of protection.

  2. Implementation of Standard Contractual Clauses (SCCs) approved by the European Commission for the lawful transfer of data from the European Economic Area (EEA), United Kingdom, or Switzerland.

  3. Additional contractual, organizational, or technical safeguards to enhance protection, where necessary.

You may request a copy of our current Standard Contractual Clauses or other transfer safeguards by contacting privacy@dantosapp.com.


6.6. With Your Consent

We may share your personal data with third parties in any circumstance where you have expressly authorized or consented to the disclosure.


7. International Data Transfers

Due to the global nature of the telecommunications and digital infrastructure on which the KirApp Services operate, your personal data may be transferred to and processed in countries other than the one in which you reside or access the Services.

These countries may have data protection laws that differ from those of your home jurisdiction, and in some cases, may not provide the same level of legal protections.


7.1. Locations of Processing

Your personal data may be processed in, or accessed from, the following locations:

  1. United States of America (primary jurisdiction of Danto’s App CORP).

  2. European Union (EU) / European Economic Area (EEA) (for eSIM provisioning and regional operations).

  3. Other countries where our subprocessors or network partners operate (as listed in Section 6).

We take reasonable steps to ensure that such transfers are performed in compliance with applicable data protection regulations, including but not limited to the General Data Protection Regulation (GDPR), the UK Data Protection Act, and other regional frameworks.


7.2. Safeguards for Cross-Border Transfers

Whenever personal data is transferred to a country outside of the EEA, the UK, or Switzerland, we implement one or more of the following safeguards:

  1. Transfers to countries formally recognized by the European Commission as providing an adequate level of data protection.

  2. Execution of Standard Contractual Clauses (SCCs) approved by the European Commission or UK ICO, which require recipients to provide a comparable level of data protection;
  3. Adoption of additional technical and organizational safeguards, such as data minimization, encryption, access controls, and contractual limitations on data usage.

  4. Ongoing vendor assessments to monitor the privacy and security posture of subprocessors and partners.

You may request additional information about our international transfer safeguards by contacting us at privacy@dantosapp.com.


7.3. User Acknowledgment

By using the KirApp Services and submitting your personal data, you acknowledge and consent that your information may be transferred to and processed in jurisdictions outside of your country of residence, subject to the safeguards described in this Privacy Policy.


8. Data Retention

We retain your personal data only for as long as is necessary to fulfill the purposes for which it was collected, or as otherwise required or permitted under applicable laws and regulations.

This includes retaining data to:

  1. Provide and maintain the functionality of the KirApp Services.

  2. Comply with legal, regulatory, and tax obligations.

  3. Resolve disputes and enforce our contractual agreements.

  4. Prevent fraud, abuse, or unauthorized access.
  5. Maintain accurate business and financial records.

8.1. General Retention Guidelines

The retention period for your personal data depends on the nature of the data and the context in which it was collected. The table below outlines general retention periods applied across our systems:


Category of DataRetention Period
User Account DataWhile your account remains active, and up to 5 years following deactivation or closure
Transaction and Billing RecordsMinimum of 7 years, in accordance with tax, accounting, and anti-fraud regulations
eSIM Provisioning and Activation LogsTypically retained for 3 years, or longer if required by telecom or export laws
Support Requests and CommunicationsUp to 2 years from the date of last interaction or ticket resolution
Marketing Preferences and ConsentsRetained until you withdraw consent, unsubscribe, or delete your account
Biometric and Identity Verification DataStored only for the duration of the verification process, then securely deleted unless legally mandated
Analytics and Device MetadataRetained in anonymized or aggregated form wherever possible, or deleted within 24 months

These timeframes may be extended where necessary for legal claims, litigation, compliance audits, or to detect and prevent repeated fraudulent behavior.


8.2. Factors Considered in Retention Decisions

When determining how long we retain your personal data, we take into account:

  1. The minimum retention periods required by applicable laws and industry standards.

  2. The volume, sensitivity, and nature of the data.
  3. The potential risk of harm from unauthorized disclosure or misuse.

  4. Whether we still need the data to provide the Services or fulfill our legal obligations.

  5. The feasibility of anonymizing the data rather than deleting it.

8.3. Deletion, Anonymization, and Archiving

When your personal data is no longer needed for the purposes outlined in this Privacy Policy:

  1. It will be securely deleted, or.

  2. Transformed into irreversibly anonymized data that can no longer be linked to you or used to identify you.

Anonymized data may be retained and used indefinitely for legitimate business, analytics, or statistical research purposes, as it no longer constitutes personal data under applicable laws.

In certain cases, data may be stored in secure backups or archives for a limited time before final deletion, provided access is strictly limited and appropriate safeguards are in place.


8.4. Automatic Deletion of Inactive Accounts

To help ensure data minimization and security, we may automatically delete user accounts that have remained completely inactive for a continuous period of 5 years. In such cases, we will:

  1. Attempt to notify the user via the email address on file at least 30 days in advance.

  2. Offer the opportunity to retain the account by signing in or requesting an extension.

  3. Proceed with deletion of the account and all associated personal data if no action is taken.

Users may also request manual deletion of their account and associated data at any time, as described in Section 9 of this Policy.


9. Your Rights and Choices

We are committed to respecting your privacy and ensuring that you have meaningful control over how your personal data is collected, used, and shared. Depending on your jurisdiction and the applicable data protection laws (such as the General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA)), you may be entitled to exercise the following rights in relation to your personal data.

These rights are not absolute and may be subject to certain limitations, conditions, or verification requirements as defined by law.


9.1. Right of Access

You have the right to request confirmation as to whether we are processing your personal data and, where that is the case, to obtain access to that data. This includes:

  1. The categories of personal data being processed.

  2. The purposes of the processing.

  3. The recipients or categories of recipients with whom your data may be shared.

  4. The anticipated retention period, or the criteria used to determine it.

  5. Information about your data protection rights.

9.2. Right to Rectification

You may request the correction or update of any inaccurate, outdated, or incomplete personal data that we hold about you. In most cases, you can update your information directly through your account settings within the app.


9.3. Right to Erasure (“Right to Be Forgotten”)

You may request the deletion of your personal data in circumstances such as:

  1. The data is no longer necessary for the purposes for which it was collected.

  2. You withdraw your consent (where applicable).

  3. You object to the processing and there are no overriding legitimate grounds.

  4. The data was unlawfully processed or must be deleted to comply with a legal obligation.

We may, however, retain certain information where required by law or where we have a legitimate basis to do so (e.g., to comply with financial regulations or resolve ongoing disputes).


9.4. Right to Restrict Processing

You may request that we limit the processing of your personal data in the following cases:

  1. You contest the accuracy of the data (for a period allowing us to verify it).

  2. The processing is unlawful and you oppose deletion.

  3. We no longer need the data, but you require it for the establishment, exercise, or defense of legal claims.

  4. You have objected to processing and verification of our overriding legitimate interest is pending.

9.5. Right to Data Portability

Where legally applicable, you may request to receive a copy of your personal data in a structured, commonly used, and machine-readable format, and to have that data transmitted to another data controller, where technically feasible.

This right applies only to data you have provided directly to us, where the processing is based on your consent or on a contract and is carried out by automated means.


9.6. Right to Object

You have the right to object to the processing of your personal data where we rely on legitimate interests as our legal basis (including profiling), unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

You may also object at any time to the processing of your personal data for direct marketing purposes, in which case we will cease such processing immediately.


9.7. Right to Withdraw Consent

If we rely on your consent to process any of your personal data, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing conducted prior to your withdrawal.

You may withdraw consent by:

  1. Adjusting your settings within the app.

  2. Using the opt-out or unsubscribe links in any marketing communications.

  3. Contacting us directly at privacy@dantosapp.com.

9.8. Right to Lodge a Complaint

If you believe your privacy rights have been violated or that we have not handled your personal data lawfully, you have the right to file a complaint with a supervisory authority in your jurisdiction. We strongly encourage you to contact us first so that we may have an opportunity to address your concerns directly and promptly.


9.9. How to Exercise Your Rights

You may exercise any of your rights by contacting us using the details below. We will respond to all legitimate requests within the timeframe required by applicable data protection laws. To protect your data, we may ask you to verify your identity before fulfilling your request.

📧 Email: privacy@dantosapp.com

Please note that in some cases, certain rights may be limited or denied where legally permitted (e.g., if fulfilling your request would adversely affect the rights of others or contradict legal obligations).


10. Security of Your Information

We take the security of your personal data seriously and are committed to protecting it from unauthorized access, use, disclosure, alteration, or destruction. To that end, we implement appropriate technical, administrative, and organizational measures designed to safeguard the confidentiality, integrity, and availability of your data.


10.1. Security Measures

The security controls we apply include, but are not limited to:

  1. Encryption of data in transit (e.g., TLS/SSL) and, where applicable, at rest.

  2. Access controls and identity authentication mechanisms to restrict access to authorized personnel only.

  3. Firewalls, intrusion detection systems, and endpoint protection to monitor and block malicious activity.

  4. Regular vulnerability assessments, patch management, and penetration testing.

  5. Secure development lifecycle (SDL) practices including source code reviews and security checks.

  6. Strict internal access policies based on the principle of least privilege (PoLP).

  7. Monitoring and logging of access to personal data and infrastructure.

  8. Ongoing employee training in privacy, security, and responsible data handling.

Our security posture is reviewed regularly and updated in line with evolving threats and technological advancements.


10.2. Secure Payment Data Handling

We do not store or directly process your credit card or payment information. All payments made through the KirApp platform are securely handled by third-party payment processors, including:

  1. Stripe (for credit/debit card transactions),

  2. Apple Pay (on iOS devices),

  3. Google Pay (on Android devices).

These providers are Payment Card Industry Data Security Standard (PCI DSS) certified and apply robust encryption, fraud detection, and transaction protection protocols to safeguard your financial data.

When you make a purchase, your payment details are transmitted directly to the applicable provider using secure encryption. We only receive limited transaction metadata (e.g., confirmation status, amount, last four digits) necessary for internal recordkeeping and customer support.


10.3. Data Breach Response

In the event of a security incident that compromises personal data:

  1. We will promptly investigate the matter and take appropriate containment and remediation actions.

  2. Where legally required, we will notify the relevant supervisory authorities and affected individuals without undue delay.

  3. We will provide you with clear information about the breach, including the nature of the data affected and any recommended steps you should take.

10.4. User Responsibility

Security is a shared responsibility. To help protect your data, we recommend that you:

  1. Choose a strong, unique password and update it periodically.

  2. Keep your login credentials confidential and avoid reusing them across services.

  3. Access the KirApp eSIM platform only from secure, trusted devices and networks.

  4. Enable security features on your device, such as screen lock, biometric authentication, and app permission controls.

We are not liable for any unauthorized access to your account resulting from your failure to follow these recommendations.


11. Children’s Privacy

The KirApp Services are not intended for or directed to individuals under the age of 18, and we do not knowingly collect, process, or store personal data from children without appropriate parental or guardian consent, as required under applicable laws, including the Children’s Online Privacy Protection Act (COPPA) in the United States and Article 8 of the General Data Protection Regulation (GDPR) in the European Union.


11.1. Age of Digital Consent

The minimum age required to provide valid consent to the processing of personal data varies by country or region:

  1. In the United States, this age is 13 under COPPA.

  2. In most European Union Member States, the minimum age is 16, though some countries may set it between 13 and 16.

We do not knowingly allow users below the applicable age of digital consent to use the KirApp Services or to provide personal data unless verifiable consent is obtained from a parent or legal guardian.

If you are under the minimum age in your jurisdiction, please do not attempt to use the Services or submit any personal data unless your parent or legal guardian has provided formal authorization.


11.2. Parental Consent and Data Deletion

If we become aware that we have inadvertently collected personal information from a child without the required parental consent, we will:

  1. Promptly delete the personal data in question.

  2. Restrict or terminate the associated account.

  3. Notify the parent or legal guardian, where identifiable, of the action taken and the available remedies.

We treat such matters with urgency and in accordance with applicable privacy regulations.


11.3. Parental Controls and Supervision

We strongly encourage parents and legal guardians to:

  1. Supervise their children’s use of mobile applications and online services.

  2. Make use of available parental control tools provided by mobile operating systems (such as Apple Screen Time or Google Family Link) to limit access to age-inappropriate content or restrict in-app purchases.

  3. Discuss safe online behavior and privacy practices with their children.

11.4. Reporting a Concern

If you believe we may have unintentionally collected data from a minor without valid parental consent, please contact us immediately:

📧 Email: privacy@dantosapp.com

We will investigate the concern and take all appropriate actions in accordance with applicable laws.


12. Third-Party Services and Links

In order to provide the full functionality of the KirApp Services, we rely on certain third-party service providers and platforms. These third parties may collect, process, or receive personal data as part of their service delivery. This section explains our relationship with such providers and your rights with respect to them.


12.1. Integration with Third-Party Services

We may integrate with or rely upon the following categories of third-party service providers:

  1. Cloud Infrastructure: e.g., Firebase (Google Cloud), used for messaging, and app analytics.
  2. Data Hosting: e.g., Digital Ocean, used for secure data storage.

  3. Payment Processing Services: e.g., Stripe, Apple Pay, and Google Pay, used to securely handle purchases of eSIM plans and related services.

  4. Marketing and Communication Tools: e.g., in-app notifications or email platforms for transactional and service-related messages.

  5. Authentication and User Management: e.g., Apple or Google identity providers, used for secure sign-in.

  6. eSIM Management Platforms: e.g., licensed providers responsible for SM-DP+ delivery and provisioning of mobile connectivity.

Each of these providers operates under its own privacy practices and may collect personal data directly from you in accordance with their respective privacy policies.


12.2. External Links

The KirApp platform (including our app or website) may contain links to external websites, services, or mobile applications that are not operated or controlled by Danto’s App CORP.

We do not endorse, monitor, or assume responsibility for the privacy practices, content, or terms of use of any third-party websites or services. When you leave our platform, we encourage you to review the privacy policy of any other service you interact with.


12.3. Data Disclosure to Third Parties

We only share your personal data with third-party service providers when:

  1. It is necessary to provide the core functionality of the Service (e.g., process payments, provision eSIMs).

  2. You have provided your express consent.

  3. It is required to comply with a legal obligation or regulatory request.

  4. It is required to protect the rights, property, or safety of you, us, or others.

All such third-party processors are contractually bound to protect your personal data in accordance with applicable laws and industry standards.


13. Changes to This Privacy Policy

We may update or revise this Privacy Policy from time to time to reflect changes in legal requirements, our business operations, or the functionality of the KirApp Services.


13.1. Notice of Updates

When we make material changes to this Privacy Policy, we will:

  1. Post the updated version on our official website and/or within the KirApp mobile application.

  2. Indicate the "Last Updated" date at the top of the policy.

  3. Provide a prominent notice through the app or via email (where appropriate and required by law) prior to the changes taking effect.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.


13.2. Continued Use After Changes

Your continued access to or use of the KirApp Services after any changes have been made constitutes your acceptance of the revised Privacy Policy.

If you do not agree with the updated terms, you may choose to discontinue use of the Services and request the deletion of your account and associated personal data in accordance with Section 9 of this Policy.


14. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy, our data handling practices, or your personal data, you may contact us using the details below:


Data Controller:

Danto’s App CORP

Atlanta, Georgia

United States of America

📧 Email: privacy@dantosapp.com


We will make every effort to respond to your inquiry in a timely and respectful manner, in accordance with applicable data protection laws.