Lebara Travel ("we", "us" and "our") takes your privacy seriously. This Privacy Notice describes how we collect, use, disclose, and otherwise process personal information about our customers and prospective customers in the United States. This Privacy Notice applies to our eSIM-based broadband communications services and describes your rights under applicable U.S. federal and state privacy laws, including, where applicable, the California Consumer Privacy Act, as amended by the California Privacy rights Act (collectively, the “CCPA”), and comparable comprehensive state consumer privacy laws in Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Delaware, New Jersey, New Hampshire, Minnesota, Maryland, Indiana, Kentucky, Rhode Island, and Tennessee, If you have any questions about this Privacy Notice or how we handle personal data, please contact us at [email protected].
1. About us
We are a an eSIM-based provider of broadband Internet access services. We are registered as Lebara Newton Limited, a company incorporated in England (company number 16633422), with registered office 5th Floor, Broadwalk House, 5 Appold Street, London EC2A 2DA, United Kingdom.
2. What personal information we collect about you?
When we use the term “personal information” in this Privacy Policy, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular person, consumer or household.
We may collect or process certain categories of “sensitive personal information” as defined under the CCPA and comparable state privacy laws, such as precise geolocation, account login credentials, and, for certain customers, Social Security, drivers’ license, or other government-issued identification numbers used for identity verification. You have the right to limit the use and disclosure of sensitive personal information to purposes necessary to provide the services you request, see “Your U.S. Privacy Rights” below. For example, if you are experiencing financial difficulties due to ill health that are causing challenges with payments to us, and you have consented to us doing so, we may store that information in our records about your account.
Push notifications are messages that we deliver to your mobile device through the Lebara Travel app. They may appear on your lock screen, in your notification center, or as a banner while you are using your device, depending on your device settings. Push notifications are delivered via Apple Push Notification service (APNs) if you use an iOS device, or Google Firebase Cloud Messaging (FCM) if you use an Android device.
We send two types of push notification:
· Service notifications — messages that are necessary for the delivery, administration, or security of your eSIM service, such as activation and deactivation confirmations, data usage alerts, plan expiry reminders, billing confirmations, account security alerts, and service disruption notices.
· Marketing notifications — messages that promote our products, services, offers, or promotions, such as special offers on data plans, new destination availability, referral program information, and similar promotional content.
We will only send you marketing push notifications if you have affirmatively opted in to receive them. We obtain your consent in two stages:
· In-app consent: When you first set up the Lebara Travel app (or at a later point if you initially decline), we will display a consent screen within the app that explains the types of push notifications we send, that marketing notifications are optional, and how to manage your preferences. This screen includes an opt-in control for marketing push notifications, which is not pre-selected.
· Device-level permission: After the in-app consent step, your device’s operating system will ask whether you wish to allow notifications from the Lebara Travel app. Granting device-level permission enables us to deliver service notifications. It does not mean you have consented to marketing push notifications unless you separately opted in at the in-app consent stage.
Your consent to receive marketing push notifications is entirely voluntary. You do not need to consent to marketing push notifications to purchase, access, or use any of our services, and we will not charge you a different price or provide you with a different quality of service if you choose not to receive them.
When you enable push notifications, we collect and process the following categories of personal information:
· Device token (push token): A unique identifier generated by your device’s operating system that allows us to deliver push notifications to your specific device. A device token is specific to a single device. If you use the Lebara Travel app on more than one device, each device will have a separate token.
· Device and operating system information: Information about your device model, operating system type, and operating system version, which we use to ensure that push notifications are formatted and delivered correctly.
· Notification interaction data: Information about whether you received, opened, or dismissed a push notification, and (where applicable) any action you took in response (such as tapping through to a linked page within the app). We use this information to measure the effectiveness of our notifications, to improve the relevance of future communications, and for internal analytics.
· Notification preferences: Your preferences regarding which types of push notifications you wish to receive (service only, or service and marketing), as recorded through the in-app consent flow and your ongoing preference settings.
If you have granted the Lebara Travel app permission to access your precise location, we may use this data to deliver location-relevant push notifications. Under the California Consumer Privacy Act, precise geolocation data is classified as sensitive personal information. You have the right to limit our use of your sensitive personal information to purposes that are necessary for the performance of the service. To exercise this right:
– Click the “Limit the Use of My Sensitive Personal Information” link on our website located at https://travel.lebara.com/us (the “Site”) or in the Lebara Travel app;
– Revoke location permissions for the Lebara Travel app in your device settings; or
– Contact us at [email protected]
If you limit our use of your sensitive personal information or revoke location permissions, we will continue to deliver push notifications that are not location-dependent but will no longer send location-triggered notifications.
The table below sets out the personal information we collect how we use personal information
Category of Personal Information |
Sources of Collection |
Prevalent Purposes of Collection |
Disclosures for a Legitimate Business Purpose |
Identifiers, including your name, email address, phone number, and physical address |
Creation of accounts, request a resource, register on our Site, place an order, use a secure ordering portal or ecommerce checkout, user account creation and cart submission or order submission, user account creation and cart submission |
For user registration, to engage in the requested transaction, to enable us to provide our products, to perform contractual obligations, to conduct surveys, to carry out identity verification, to carry out identity verification, to detect and prevent fraudulent activity, to protect our legal rights, to secure and improve our products and services, to communicate with you |
To Third Party Service Providers, including ecommerce platform providers that support our secure ordering portals and ecommerce functionality and to third-party distributed to follow up and complete the requested transaction, to assist in providing our products and Services, for processing associated payments, and other functions, such as cloud storage, survey tools, marketing, and social media sites you choose to link your account, and to third-party distributors to following up and complete the requested transaction |
Customer records information, including purchase history, customer profile information |
Point of purchase via the Site |
To process transactions, to manage, modify and terminate agreements, to provide services messages, to carry out identity verification, to detect and prevent fraudulent activity, to protect our legal rights, to analyse the use and performance of our products and services for improvement and innovation purposes, and to communicate with you |
To Third Party Service Providers, including ecommerce platform providers that support our secure ordering portals and ecommerce functionality and to third-party distributed to follow up and complete the requested transaction, to assist in providing our products and Services, for processing associated payments, and other functions, such as cloud storage, survey tools, marketing, and social media sites you choose to link your account |
Commercial information, including information about your purchases and customer profile information |
When you purchase our products and services, when you respond to inquiries regarding our products and Services, and in response to surveys |
To provide our products and services to users, to conduct surveys, to serve you with online targeted advertising on our websites and others, maintain purchase history |
To Third Party Service Providers, including ecommerce platform providers that support our secure ordering portals and ecommerce functionality and to third-party distributed to follow up and complete the requested transaction, to assist in providing our products and services, for processing associated payments, and other functions, such as cloud storage, survey tools, marketing, and social media sites you choose to link your account. |
Internet or other electronic network activity |
When you interact with the Site, we automatically collect through cookies and other tracking technologies standard information that your browser sends to every website you visit, including IP address, pages you view, links you click and other actions you take on the Online Services, device used to access the Site, browser type, preferred language access types, and referring websites. |
This is collected in aggregate form and use to improve the user experience on the Website, diagnose server problems and administer the Site, to improve the Services functionality, to carry out identity verification, to detect and prevent fraudulent activity, to protect our legal rights, compliance with legal obligations, legitimate interest in safeguarding the business, and for security purposes. |
To Third Party Service Providers, including ecommerce platform providers that support our secure ordering portals and ecommerce functionality and to third-party distributed to follow up and complete the requested transaction, for the purpose of enhancing the Site. |
Inferences drawn from other personal information |
Your browsing and search history on our Website and other interactions with our Site and Services |
To improve the visitor experience on our Site. |
To Third Party Providers for the purpose of enhancing our Site and for marketing purposes. |
Analytics |
We use website analytics tools such as Google Analytics that retrieve information from your browser such as visit frequency, feature you interact with or use, search terms you enter, links you click on, content you download, and information about how you interact with the Online Services. |
To allow us to review the demographics of those who interact with our Site and information about how the Site are being used, to improve the visitor experience on our Site. |
To third party analytics companies for purposes of compiling analytic data, and to third party service providers for the purpose of enhancing the Site. |
The table below sets out the personal information we collect how we use personal information collected through push notifications:
Category of Personal Information |
Purpose(s) of Collection |
Retention Period |
Sold or Shared? |
Identifiers (Device tokens / push tokens) |
Delivering service and marketing push notifications to your device; technical delivery and troubleshooting |
Duration of app installation + 30 days after token invalidation |
Not sold. Not shared for cross-context behavioural advertising. |
Internet or other electronic network activity information (Notification interaction data: delivery, open, dismissal, click-through) |
Analytics and measurement; personalization of future notifications; improving service quality; internal reporting |
12 months in identifiable form; aggregated/anonymized thereafter |
Not sold. [Not shared / Shared with [partner] for [purpose] — subject to opt-out] |
Electronic device information (Device model, OS type, OS version) |
Ensuring correct formatting and delivery of notifications; technical troubleshooting |
Duration of app installation |
Not sold. Not shared for cross-context behavioural advertising. |
Precise geolocation data (Sensitive personal information) [If applicable] |
Delivering location-relevant push notifications (e.g., destination data plan availability) |
Processed in real time; not stored beyond point of delivery except in aggregated/anonymized form |
Not sold. Not shared for cross-context behavioural advertising. Subject to right to limit use. |
3. How we collect your personal information and why?
We collect and use personal data as part of our service provision and customer relationship management with our customers, and as part of our interactions with prospective customers, including through engagement with our offers.
We collect personal data:
4. Who we share personal information?
We share certain personal information as permitted by law. We do not “sell” personal information for monetary consideration. However, certain disclosure for cross-context behavioural advertising may be considered a “sale” or “sharing” of personal information under the CCPA and comparable state laws, see “Your U.S. Privacy Rights,” and the “Do Not Sell or Share My Personal Information” sections below. We have not sold or shared the personal information of individuals under 16 years of age. We share personal information
· with Lebara Group companies (Lebara Limited, Lebara Service Centre Limited, Lebara Media Services PvT);
· with our service providers and partners, for purposes such as IT hosting and maintenance, analytics, advertising and marketing, customer relationship management, order administration, and payment processing;
· in order to comply with our legal, financial, and regulatory obligations, to enforce or apply our terms and conditions, to protect our rights, assets and personnel, for safeguarding and to protect our interests and those of our customers, and where otherwise necessary;
· if we or substantially all our assets are merged or acquired by a third party and personal data forms part of the transferred or merged assets (including if we transfer the Travel business to another Lebara Group company, we will share your personal data with them so they can provide you with the service following the transfer (this in our and their legitimate interest in providing the service to you)); and/or where we have your consent to do so.
· If we receive a government, administrative or court order, subpoena or similar requirement.
5. How we store and transfer personal information?
We implement reasonable and appropriate administrative, technical and physical safeguards designed to protect personal information consistent with applicable U.S. federal and state laws, including encryption where appropriate.
We retain each category of personal information for the period reasonably necessary to fulfil the purposes described in this Privacy Notice, including to provide our services, comply with our legal, accounting, tax, and regulatory obligations (including recordkeeping obligations), resolve disputes, and enforce our agreements. When determining the appropriate retention period, we consider the volume, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use of disclosure, the purposes for which we process the information, and whether we can achieve those purposes through other means.
Your personal d may be transferred outside the UK, such as where our service providers run their operations abroad or where your data is stored in servers located abroad. In these circumstances, measures are in place to ensure that your personal information is protected in accordance with applicable federal and state data protection laws. This means that your personal information is treated in accordance with this Privacy Notice. Your personal information may also be transfer to, stored in, or processed in other countries where our service providers, contractors, and affiliates operate. Regardless of where personal information is processed, we require recipients to handle it consistent with this Privacy Notice through written contracts that include appropriate confidentiality and security obligations.
6. Marketing
From time to time, we may send you marketing messages by email, SMS, MMS and within our app. We send marketing emails consistent with the CAN-SPAM Act, and every marketing email will include a clear unsubscribe mechanism and our valid physical postal address. We send marketing SMS/MMS messages and place autodialled or prerecorded marketing calls only to recipients who have provided prior express written consent a required by the Telephone Consumer Protection Act and FCC implementing rules, and you may opt out at any time by replying STOP (for SMS/MMS) or by following the opt-out instructions provided during a call. You may change your marketing preferences:
7. Cookies and Pixels
We use cookies for various purposes, including understanding how people use our website, products and services; remembering your preferences; and targeted advertising. You can find out more information about how we use cookies in our Cookies Notice
8. Mobile Tracking and Advertising (iOS)
On Apple iOS devices, we use Apple’s App Tracking Transparency (ATT) framework to request your permission before tracking your activity across other companies’ apps and websites.
If you provide your consent, we and our partners may access and use device identifiers (such as Apple’s Identifier for Advertisers (IDFA)) and information about your interactions with our app to:
If you do not provide consent, we will not access or use these identifiers for cross-app tracking purposes. You can manage your tracking preferences at any time through your device settings (e.g. Settings → Privacy → Tracking on iOS).
9. Your U.S. Privacy Rights
You have various rights relating to your personal information. The specific rights available to you depend on your state of residence and applicable law. These include the right to:
In certain states, you may appeal our decision regarding a privacy right request (Right to Appeal”).
You may also authorize an agent to submit requests on hour behalf, such to verification requirements. We will verify your identity before responding to a request. We generally respond within 45 days, though this period may be extended as permitted by law.
We will not discriminate against you for exercising any of these rights.
To make a request or complaint, contact us:
How to manage your push notification preferences
You are in control of the push notifications you receive from us. You can manage your preferences in the following ways:
Within the Lebara Travel app
Open the Lebara app and go to Settings > Notification Preferences. From there, you can:
– opt in to or opt out of marketing push notifications;
– [opt in to or opt out of location-based notifications;]
– view your current consent status for each notification type; and
– access the Communication Preference Centre to manage your email and SMS marketing preferences alongside your push notification preferences.
Through your device settings
You can disable all push notifications from the Lebara Travel app (including service notifications) through your device’s operating system settings:
– iOS: Go to Settings > Notifications > Lebara Travel, and toggle off “Allow Notifications.”
– Android: Go to Settings > Apps > Lebara Travel > Notifications, and toggle off notifications.
If you disable push notifications at the device level, we will not be able to send you any push notifications, including service notifications. We may instead deliver important service messages via email or other available channels.
By contacting us
You can manage your push notification preferences or withdraw your consent at any time by contacting us at [email address] or [toll-free number]. We will action your request promptly.
Please note that the Lebara Travel Privacy Notice is accessible at all times within the Lebara Travel app via Settings > Privacy Notice.
10. Do Not Sell or Share My Personal Information; Limit the Use of My Sensitive Information
If we “sell” or “share” your personal information for cross-context behavioral advertising as those terms are defined under the CCPA, you have the right to opt out at any time. You may exercise this right by clicking the “Do Not Sell or Share My Personal Information” link available in the footer of our website or by submitting a request to the contact information below.
You also have the right to direct us to limit our use and disclosure of your sensitive personal information to uses necessary to perform the services you have requested, plus certain limited additional uses permitted by law. You may exercise this right by clicking the “Limit the Use of My Sensitive Personal Information” link available in the footer of our website or by submitting a request to the contact information below.
11. Updates to this Privacy Notice
This Privacy Notice was last updated on 05/05/2026. We may update this Privacy Notice from time to time. We therefore encourage you to review this Privacy Notice regularly. We will also notify you of changes made where required by law.
If we “sell” or “share” your personal information for cross-context behavioural advertising as those terms are defined under the CCPA, you have the right to opt out at any time. You may exercise this right by clicking the “Do Not Sell or Share My Personal Information” link available in the footer of our website or by submitting a request to the contact information below.
You also have the right to direct us to limit our use and disclosure of your sensitive personal information to uses necessary to perform the services you have requested, plus certain limited additional uses permitted by law. You may exercise this right by clicking the “Limit the Use of My Sensitive Personal Information” link available in the footer of our website or by submitting a request to the contact information below.
We recognize opt-out preference signals, including the Global Privacy Control (GPC), as a valid opt-out request from California consumers and, where required, residents of other states that recognize such signals.
12. Third Parties
To deliver push notifications, we use the following third-party services:
· Apple Push Notification service (APNs) — operated by Apple Inc. — to deliver notifications to iOS devices.
· Google Firebase Cloud Messaging (FCM) — operated by Google LLC — to deliver notifications to Android devices.
These providers act as service providers (or processors) on our behalf and process your personal information only as necessary to deliver push notifications and related analytics to us. They are contractually prohibited from using your personal information for their own purposes, including for advertising. We do not sell or share (as those terms are defined under the California Consumer Privacy Act) the personal information collected through push notifications to or with any third party for advertising or cross-context behavioural advertising purposes.
13. Children's Privacy
Our services are not directed to children under 13, and we do not knowingly collect personal information from children under 13 in violation of the Children’s Online Privacy Protection Act (“COPPA”, 15 U.S.C. §§ 6501–6506) and its implementing regulations (16 C.F.R. Part 312). We do not knowingly “sell” or “share” the personal information of consumers under 16 years of age without the affirmative authorization required by the CCPA. If you believe we have collected personal information from a child under 13, please contact us at the address below and we will take appropriate steps to delete that information.
14. California Shine the Light and Additional State Disclosures
California Civil Code Section 1798.83 (the “Shine the Light” law) permits California residents to request, once per calendar year, information regarding the disclosure of certain categories of personal information to third parties for their direct marketing purposes. To make such a request, please contact us at the address below.
Nevada residents have the right under NRS 603A.340 to opt out of the sale of certain covered information. Although we do not currently sell covered information as defined by Nevada law, you may submit a verified opt-out request to the contact information below.
Texas, Oregon, and certain other states require additional specific disclosures, which are incorporated into this Privacy Notice. Residents of those states have the rights described under “Your U.S. Privacy Rights” above to the extent provided by their state law.
15. Notice of Financial Incentive
From time to time, we may offer financial incentives, loyalty programs, or price or service differences that involve the collection, use, or disclosure of personal information. If we offer any such program that constitutes a “financial incentive” under the CCPA, we will provide a separate notice describing the material terms of the program, the method of calculating the value of your personal information, and how you may opt in and later withdraw from the program. Participation is voluntary and requires your prior affirmative opt-in consent.
16. Consent to Receive Electronic Notifications
Electronic communication is the most effective and timely way to provide the users of the Site and our products and services with any optional or required notifications and disclosures. In some circumstances, however, applicable laws may require us to send you disclosures or communications in paper format unless you have affirmatively consented to receiving electronic notifications only in advance of the notification. Through this Privacy Policy, pursuant to 15 U.S.C. § 7001, you hereby affirmatively consent to receive electronic notifications and disclosures from us only (without requiring a paper copy) and you represent that, to date, you have not withdrawn such consent. You have the right to change your mind and withdraw your consent at any time. If you would like to withdraw your consent to receive electronic notifications and/or would like to request paper copies of any required notifications you receive electronically, you may contact us. To receive electronic records, you will need access to a smartphone, tablet, laptop or computer with internet access and an email account.
In the event you receive marketing email communications from us and no longer wish to, you can click the “Unsubscribe” link at the bottom of any marketing email to opt out of further marketing communications. Please note that this opting out is only effective for marketing communications as we will still communicate with you via email regarding transactional issues, such as to confirm a purchase or to provide you information about a purchase.
17. Do Not Track (DNT) / GPC:
We recognize opt-out preference signals, including the Global Privacy Control (GPC), as a valid opt-out request from California consumers and, where required, residents of other states that recognize such signals.
18. Notice Updates
This Privacy Notice was last updated as noted above. Changes may be made to this Notice from time to time and will be posted to this page. By continuing your use of the services, you will be agreeing to the revised Privacy Notice. Please check this page periodically to keep yourself informed of any changes to the Privacy Notice. Substantial changes to this Privacy Notice may be communicated, where appropriate, by other means.
19. Contact Information
If you have any questions, comments or concerns regarding this Privacy Notice, or if you would like to correct, update, or delete personally identifiable information you have submitted to us, please contact us at:
Lebara Mobile Limited
5th Floor, Broadwalk House
5 Appold Street
London EC2A 2AG
Email: [email protected]