Compliance 101: eKYC, Data Privacy (GDPR), and Logs Retention for Partners

Blog

Compliance 101: eKYC, Data Privacy (GD...

Compliance 101: eKYC, Data Privacy (GDPR), and Logs Retention for Partners

30 Oct 2025

Business
Compliance 101: eKYC, Data Privacy (GDPR), and Logs Retention for Partners

Modern travel demands instant connectivity, and eSIM makes it happen. For partners reselling or embedding Simology connectivity, the job is bigger than coverage and price. You’re handling identity checks, personal data, and operational logs across borders. This guide brings together the essentials of eSIM compliance eKYC GDPR in plain English so you can build trust with travellers while staying audit‑ready. We outline what data is genuinely needed, how to minimise risk, and how long to keep records without over‑retaining. You’ll also find checklists and pro tips for privacy‑by‑design and practical data retention schedules. If you serve travellers headed to multiple regions — from Esim United States to Esim Western Europe — your compliance posture must flex with local rules while giving a consistent, friction‑light experience. Use this as a blueprint to align your teams and vendors, and to make privacy a feature travellers can feel.

Why eKYC matters for eSIM travellers and partners

Electronic Know Your Customer (eKYC) verifies a traveller’s identity before activating service in markets where it’s required by telecom, anti‑fraud, or security regulations.

Typical triggers: - Prepaid SIM rules (many EU and APAC markets). - Roaming controls and fraud prevention. - Payment risk or chargeback mitigation for high‑value plans.

What eKYC usually collects: - Identity document data (passport, national ID, sometimes driving licence). - Face verification (selfie with liveness) to match the document. - Minimal device data to bind activation (e.g., EID/IMEI), and IP/location signals for risk scoring.

Country differences matter. For instance, some EU countries require SIM registration before first use, while the United States is generally lighter on mandatory SIM registration but robust on privacy and law enforcement requests. If your travellers are buying across Esim France, Esim Italy, or Esim Spain, your workflow should adapt to each market’s rules without making the user repeat steps. Direct travellers to options on Destinations, and ensure your backend enables compliant activation journeys per country.

GDPR and global privacy principles, distilled

GDPR sets the global benchmark for personal data protection. Even when you sell outside the EU, adopting its core principles will simplify operations and reduce risk.

Key principles to build into your eSIM flows: - Lawful basis: Most eSIM processing rests on contract (to provide service), legal obligation (where eKYC is mandated), and legitimate interests (fraud prevention). Use consent only for optional features like marketing. - Purpose limitation and minimisation: Collect only what the regulation or the service genuinely requires. Don’t repurpose identity images for unrelated analytics. - Storage limitation: Keep data only for the period needed to meet legal, tax, or dispute requirements — then delete or irreversibly anonymise. - Security and confidentiality: Encrypt at rest and in transit. Limit access by role. Maintain separation between KYC images and operational logs. - Transparency and control: Clear notices at point of capture, easy access to rights (access, rectification, deletion), and visible retention timelines.

Cross‑border transfers: - If EU/UK data leaves the EEA/UK, safeguard with adequacy decisions, Standard Contractual Clauses (SCCs) or UK IDTA as appropriate, plus transfer risk assessments and technical controls (encryption, key management).

Practical tip: Keep your Data Processing Agreement (DPA) stack tidy. You should have a DPA in place with Simology and any sub‑processors, aligned to the data you actually collect in each workflow.

Data retention and logs: what to keep, and for how long

Telecom operations generate a lot of data. You need enough to support travellers, fulfil lawful obligations, and investigate fraud — but not so much that you create unnecessary risk.

Common data categories - eKYC data: document images, extracted fields, liveness artefacts, verification outcome, and audit trail. - Activation and provisioning: EID/IMEI, ICCID, activation timestamps, plan details, order/payment references. - Network session metadata: session start/stop, cell/location approximations, volume counters (no content). - Support and compliance: consent logs, policy versions, ticket history, refunds/disputes, law enforcement requests (where applicable). - Security: access logs, API logs, fraud signals, device fingerprints.

Typical retention ranges (select minimum necessary) - eKYC images and liveness artefacts: 90 days to 24 months, depending on local mandate and dispute window. Prefer deleting images once the verification decision is final and only retaining a hashed template or verification token where admissible. - Extracted KYC data (e.g., name, document number): retain only as long as needed to meet telecom registration requirements; commonly 6–24 months, varying per country. - Activation/provisioning records: 12–24 months to support customer care, chargebacks, and lawful requests. - Network session metadata (no content): 6–12 months is typical in many markets; local law may require longer or shorter. - Billing/tax records: often 6–7 years in many jurisdictions. Store these separately and avoid bundling with KYC images. - Security and access logs: 6–18 months to support incident response and forensics.

Do not keep - Raw biometric templates or full‑resolution video beyond the shortest regulatory and operational need. - Duplicate copies of KYC images in analytics sandboxes or support tools. - Content of communications (not part of eSIM data plans) unless explicitly regulated and lawful.

Step‑by‑step: Build your retention schedule

1) Map your data: - List every field captured in eKYC, activation, usage, billing, and support.

2) Assign lawful purpose and system of record: - For each field, define why you need it and where it lives.

3) Set retention per category: - Use the shortest timeline that satisfies the strictest regulatory need for that market.

4) Automate deletion: - Implement lifecycle rules (e.g., S3 object lifecycle, database TTLs) and keep evidence of deletion in audit logs.

5) Separate storage: - Store KYC images separately from billing/usage. Restrict access via least privilege.

6) Document it: - Maintain a one‑page retention matrix per market. Keep it updated when laws change.

Pro tips - Use tokenisation: replace document numbers with irreversible tokens in everyday systems; keep the mapping in a segregated vault. - Prefer summary over detail: retain aggregate usage counters over per‑packet detail. - Time‑box support access: temporary just‑in‑time access for agents, with session recording.

Privacy‑by‑design for eSIM: a practical checklist

  • Minimise from the start: collect only the document type required for that country. If a national ID suffices, don’t ask for a passport.
  • Make it legible to travellers: show exactly why data is needed, where it’s stored, and for how long.
  • Default to the strictest market: design flows that can downgrade requirements for lighter regimes, not the other way around.
  • Secure everywhere: TLS 1.2+, encryption at rest (AES‑256 or better), HSM‑protected keys, rotating secrets.
  • Strong vendor governance: DPAs, sub‑processor lists, breach SLAs, penetration tests, and SOC 2/ISO 27001 where available.
  • Data Protection Impact Assessment (DPIA): run a DPIA for identity verification and cross‑border transfers.
  • Consent hygiene: separate toggles for marketing vs service updates; keep timestamped consent logs.
  • Traveller self‑service: portal to access/delete data where allowed, and to download invoices for expenses.

eKYC implementation options and risk control

Right‑size your eKYC to the market and plan type:

  • Document scan + liveness: standard for countries with SIM registration rules. Store verification outcome; avoid long‑term storage of the raw selfie/video.
  • Database checks: where lawful, validate against government or telco registries to avoid storing images.
  • Risk‑based flows: lighter checks for low‑risk, low‑value plans; step‑up verification if fraud signals trigger.
  • Offline fallback: for travellers with poor connectivity, enable deferred document upload with limited temporary access.
  • Re‑use safely: if a traveller verified last month for Esim North America, you may re‑use a tokenised verification to buy Esim United States without re‑capturing images, subject to local rules.

Pro tips - Hash and forget images: retain a cryptographic hash of the document image for deduplication/fraud detection, not the image itself. - Separate decisioning: store “pass/fail + reason code” in operational systems; keep raw artefacts in a secure verification vault with short retention.

Cross‑border operations: aligning US, EU, and beyond

  • EU/UK: expect SIM registration in several markets, strong GDPR rights, and tight storage limitation. Host EU resident data in the EEA/UK where possible, with SCCs for any exports.
  • United States: generally fewer mandatory KYC rules for prepaid; focus on CPNI, state privacy laws, and law enforcement response processes. Regional nuances apply.
  • APAC/MENA: several markets require passport/ID capture for SIM activation; watch for data localisation (country‑resident storage) requirements.

Keep it simple for travellers. Someone buying Esim Western Europe wants one purchase to cover France, Italy, and Spain. Behind the scenes, your systems should meet each market’s registration rules without extra friction. Offer clear guidance on Destinations and provide country‑specific help within the checkout.

What travellers expect (and notice)

  • Speed: a sub‑2 minute identity check that works on mobile.
  • Clarity: simple explanations for why an ID is needed in France versus not in the US.
  • Control: the ability to delete their account or remove a stored document when rules allow.
  • Security cues: trusted logos, clear privacy links, and no surprise re‑verification for add‑on plans.
  • Helpful coverage info: straightforward product pages like Esim France, Esim Italy, and Esim Spain that set expectations before checkout.

Partner integration with Simology

If you’re building on Simology via wholesale or bundling connectivity into your product:

  • Define roles early: who is controller vs processor for eKYC, activation, and support data.
  • Use standard endpoints: integrate identity verification and consent capture through approved APIs; don’t invent parallel data stores.
  • Align retention with us: mirror Simology’s recommended timelines and ensure automated deletion on your side.
  • Centralise help content: point travellers to the right local guidance and plan pages on Destinations.
  • Governance cadence: quarterly reviews of sub‑processors, transfers, DPIAs, and incident drills.

Explore options on For Business and get documentation, samples, and support via the Partner Hub.

Quick compliance checklists

eKYC readiness - Markets mapped: which plans require ID? - Verification vendor vetted and under DPA. - Short‑term storage of images with auto‑delete. - Decision tokens available for re‑use. - Clear traveller messaging per market.

GDPR and privacy - Lawful bases documented per data category. - Transparent notices and consent logs. - Data subject request workflow tested end‑to‑end. - Cross‑border safeguards (SCCs/IDTA) in place.

Logs and retention - Separate stores for KYC, usage, billing, and support. - Automated retention rules and deletion evidence. - Least‑privilege access with time‑boxed elevation. - Regular log integrity and access reviews.

Security - Encryption everywhere, key rotation, HSM/KMS. - MFA and SSO for all admin access. - Pen tests and vulnerability management. - Incident response runbooks and contacts maintained.

FAQ

Q1: What is eKYC in the context of eSIM? A1: eKYC is a digital identity check used before activating service in markets that require SIM registration or where you need stronger fraud protection. It typically includes scanning a government ID and a quick liveness check to confirm the document belongs to the traveller.

Q2: Do all countries require eKYC for eSIM? A2: No. Requirements vary by country and plan type. Several EU and APAC markets require registration; others, such as parts of the United States, typically do not. Check plan pages like Esim United States and regional bundles such as Esim Western Europe for local notes.

Q3: How long should we keep KYC images? A3: Keep them only as long as needed to satisfy local rules and operational needs. Many partners aim for 90 days to 12 months, deleting images once verification is final and retaining only a decision token or hash. Always separate image retention from billing/tax record retention.

Q4: What network data is retained about travellers? A4: Operational metadata such as activation timestamps, session start/stop times, and aggregated data volumes. Content of communications is not retained. Typical retention ranges from 6 to 12 months, subject to local law and support requirements.

Q5: How is GDPR handled when serving multi‑region travellers? A5: Apply GDPR principles by default: minimisation, clear purposes, storage limitation, strong security, and proper transfer safeguards (e.g., SCCs). Host EU data in the EEA/UK when possible, and use contractual and technical measures for any transfers.

Q6: Can previous eKYC be reused for repeat purchases? A6: Often, yes. If regulations allow, store a tokenised verification result and reuse it for future activations (e.g., moving from Esim North America to Esim United States), avoiding another document capture. Respect market‑specific rules and set an expiry for reuse.

Next step: Access implementation guides, sample DPAs, and integration support via the Simology Partner Hub.

Read more blogs

Andes Highlights (3 Weeks): Peru–Bolivia–Chile–Argentina Connectivity

Andes Highlights (3 Weeks): Peru–Bolivia–Chile–Argentina Connectivity

Planning a south america itinerary 3 weeks through the high Andes? This route stitches together Peru’s Sacred Valley, Bolivia’s La Paz and Salar de Uyuni, Chile’s Atacama Desert, and northern Argentina’s quebradas or Mendoza wine country—often by long-distance bus and a couple of short flights. Connectivity is different at altitude: coverage is strong in cities but drops in high passes and salt flats; bus Wi‑Fi is patchy; border towns can be blackspots. The smart move is an eSIM with multi‑country coverage, backed by offline maps, offline translations, and a simple routine for crossing borders by bus without losing service. Below you’ll find a practical, connectivity-first itinerary; checklists to prep your phone, apps and documents; and on-the-ground tips for staying online where it matters: booking transport, hailing taxis, backing up photos, and navigating when the signal disappears.If you’re transiting via Europe or North America, you can also add a layover eSIM to stay connected door-to-door. Start with our country list on Destinations, then follow the steps, and you won’t waste time chasing SIM shops at 3,500 metres.The 3‑week Andes route at a glanceWeek 1: Peru (Cusco, Sacred Valley, Machu Picchu) - Fly into Cusco (or Lima then connect). - Base in Cusco; day trips to Pisac/Chinchero/Maras–Moray. - Train to Aguas Calientes; Machu Picchu visit; return to Cusco or continue to Puno/Lake Titicaca.Week 2: Bolivia and Chile (La Paz, Uyuni, San Pedro de Atacama) - Bus/collectivo via Copacabana to La Paz. - Fly or overnight bus to Uyuni. - 3‑day Uyuni–altiplano tour ending in San Pedro de Atacama (Chile).Week 3: Chile and Argentina (Atacama to Salta or Mendoza/Buenos Aires) - Choose: - North: San Pedro to Salta/Jujuy by bus; fly to Buenos Aires. - Or South: San Pedro–Calama flight to Santiago; bus or flight to Mendoza; onward to Buenos Aires.Connectivity notes (quick): - Cities: generally strong 4G/4G+; 5G in major hubs (Santiago, Buenos Aires). - Altitude/rural: expect long no‑signal stretches (Uyuni, altiplano passes, Paso Jama). - Bus Wi‑Fi: often advertised, rarely reliable. Plan to be offline onboard. - Border regions: networks switch; a multi‑country eSIM avoids sudden loss.eSIM vs local SIMs for a 4‑country tripFor a route with multiple borders and remote legs, eSIM wins on time and reliability.What a multi‑country eSIM gets you: - One plan across Peru, Bolivia, Chile, Argentina (check coverage per country on Destinations). - No passport/SIM registration queues at kiosks. - Keep your home number active on the physical SIM for calls/SMS codes. - Instant top‑ups if you burn data on photos or navigation.When a local SIM still helps: - Long stay in one country with heavy data use (e.g., a month in Buenos Aires). - Dead zones where a different local network performs better (rarely worth the hassle on a 3‑week pace).Practical approach: - Use an eSIM as your primary data line across all four countries. - If you find a specific local network far better in one region, add a cheap local SIM and keep the eSIM as backup.Device readiness checklist (before you fly)1) Check eSIM compatibility and SIM‑lock status on your phone.2) Buy and install your eSIM while on home Wi‑Fi. Keep a PDF/printed copy of the QR code.3) Label lines clearly (e.g., “eSIM Andes Data”, “Home SIM”).4) Turn on data roaming for the eSIM; leave roaming off for your home SIM to avoid charges.5) Set up dual‑SIM rules: data on eSIM; calls/SMS default to home SIM if needed.6) Download offline: Google Maps/Organic Maps for all target regions; language packs (Spanish at minimum); bus/air tickets; hotel confirmations.7) Cloud backups: set to upload on Wi‑Fi only; pre‑create shared albums for travel companions.8) Test tethering/hotspot with your laptop/tablet.If you’re transiting popular hubs, consider a short layover eSIM: - USA connections: add an Esim United States or a broader Esim North America.- Europe connections: Madrid/Barcelona? Use an Esim Spain. Paris or Rome? See Esim France and Esim Italy. Multi‑country layovers? Try Esim Western Europe.City‑by‑city connectivity notesCusco & the Sacred Valley (Peru)Coverage: Good in Cusco city; variable in high villages (Maras/Moray) and along Inca Trail approaches.Tips: Download Sacred Valley maps offline; pin viewpoints and ruins. most taxis use WhatsApp—save your accommodation’s number.Machu Picchu/Aguas Calientes: Patchy to none at the citadel. Upload your photos later; don’t rely on live ticket retrieval.Lake Titicaca: Puno and CopacabanaPuno: Reasonable 4G; bus terminals crowded—screenshot QR tickets.Crossing to Copacabana: Expect a signal drop around the border; have directions saved offline.La Paz (Bolivia)Good urban 4G; the cable car network has decent signal but tunnels do not.Yungas/“Death Road” tours: Mountain valleys cause dead zones—share your emergency contacts with the operator, carry a charged power bank, and don’t plan remote calls.Uyuni and the Altiplano (Bolivia to Chile)Uyuni town: OK 4G; ATMs finicky—use Wi‑Fi for banking apps.Salt flats/lagunas: Assume offline for most of the 3‑day tour. Guides often carry satellite phones; agree a pickup time/place in San Pedro and preload your map route.San Pedro de Atacama (Chile)Town: Solid 4G; accommodations often have Wi‑Fi but speeds vary.Geysers, Valle de la Luna: Offline navigation essential; sunrise trips start before mobile networks wake up in some areas.Salta/Jujuy or Mendoza/Buenos Aires (Argentina)Salta/Jujuy: Good city coverage; quebradas have long no‑signal sections.Mendoza: City 4G/5G; vineyards outside town can be patchy.Buenos Aires: Strong 4G/5G; ideal for cloud backups and large downloads before you fly home.Border crossings by bus: step‑by‑stepThe big ones on this route: Peru–Bolivia (Puno/Copacabana), Bolivia–Chile (Uyuni–San Pedro via Hito Cajón), Chile–Argentina (Paso Jama to Salta or Los Libertadores to Mendoza).How to keep service and sanity:1) The day before:- Top up your eSIM data.- Confirm your plan includes both countries you’re entering/leaving.- Download offline maps for both sides of the border and your town of arrival.- Save bus company WhatsApp and terminal address offline.2) On departure morning:- Keep a paper copy or offline PDF of tickets, insurance, and accommodation proof.- Charge phone and power bank; pack a short cable in your daypack.3) On the bus:- Don’t count on bus Wi‑Fi. Keep your eSIM as primary, but expect drops near mountain passes.- If your phone supports it, enable “Wi‑Fi calling” for later when you reach accommodation Wi‑Fi.4) At the border posts:- Data may be unavailable. Keep QR codes and booking numbers offline.- After exiting one country and entering the next, toggle Airplane Mode off/on to re‑register on the new network.- If the eSIM doesn’t attach, manually select a network in Mobile Settings.5) Arrival:- Send your accommodation a quick WhatsApp when you’re back online.- Recheck your eSIM’s data roaming is on; confirm you’re on an in‑country network, not a weak roaming partner.Pro tips: - Dual profiles: If your eSIM allows, keep a secondary profile for a different network in the same country—helpful in border towns.- Cash buffer: Some border terminals don’t accept cards; download a currency converter for offline use.Offline survival kit (5‑minute setup)Maps: Download regions for Cusco, Sacred Valley, Puno, La Paz, Uyuni, San Pedro, Salta/Jujuy or Mendoza, and Buenos Aires.Translations: Download Spanish for offline use; add phrasebook favourites (bus tickets, directions, dietary needs).Documents: Save PDFs of passports, tickets, hotel addresses; star them for quick access.Rides: Screenshots of pickup points; pin bus terminals and hotel doors.Entertainment: Podcasts and playlists for long bus legs, set to download on Wi‑Fi only.Altitude and your tech: what changesCoverage gaps lengthen: Fewer towers at high altitude; valleys can block signal. Assume offline on remote excursions.Batteries drain faster in cold: Keep your phone warm and carry a power bank (10,000–20,000 mAh).Hotel Wi‑Fi may be congested: Schedule big uploads (photo backups, app updates) for big-city stays like Santiago or Buenos Aires.GPS still works offline: Your blue dot shows on offline maps without data—preload everything.Data budgeting for 3 weeksTypical traveller usage across this route: - Messaging/Maps/Bookings: 0.2–0.5 GB/day- Social and photo sharing: 0.3–0.7 GB/day- Occasional video calls/streaming: 0.5–1.0 GB/dayFor a mixed-use trip, plan 15–25 GB for 3 weeks. Heavy creators should double it and upload over hotel Wi‑Fi when possible. If you work remotely, consider a higher‑capacity plan and a backup eSIM; see our guidance on For Business.Practical route with transport and connectivity cuesDays 1–4 Cusco base: Strong city signal; day trips may be spotty—go offline-ready.Days 5–6 Machu Picchu: Expect no service at the ruins; sync tickets ahead.Days 7–8 Puno to La Paz via Copacabana: Border signal drop; re‑register networks after crossing.Days 9–11 Uyuni tour to San Pedro: Treat as offline; charge nightly; carry spare cables.Days 12–14 San Pedro: Stable in town; tours offline; top up data before Paso Jama.Days 15–17 Salta/Jujuy or Mendoza: Good urban 4G; rural patches are offline.Days 18–21 Buenos Aires: Strongest connectivity of the trip; clear your uploads and map downloads for the flight home.Partnering and stopover extrasHospitality and tour operators in the Andes: help your guests stay connected—explore co‑branded solutions via our Partner Hub.Transatlantic flyers: test your eSIM setup on a layover with an Esim United States or Esim Western Europe before hitting high-altitude blackspots.FAQs1) Do I need a local SIM in each country?No. A multi‑country eSIM covering Peru, Bolivia, Chile and Argentina is simpler and works well for a 3‑week pace. Consider a local SIM only if you’ll spend longer in one country and want the absolute best regional coverage.2) Will my WhatsApp number change with an eSIM?No. WhatsApp is tied to your registered number, not your data line. Keep your home SIM active for voice/SMS (roaming off if you wish), and use the eSIM for data—WhatsApp continues as normal.3) Can I hotspot to my laptop or camera?Yes. Enable tethering on your eSIM. Mind your data: cloud backups and OS updates can burn gigabytes—set them to Wi‑Fi only or schedule in big cities.4) What if there’s no signal on the Uyuni/Atacama legs?That’s expected. GPS still works offline. Pre-download maps and translations, carry a power bank, and sync plans with your tour operator before departure.5) Will I get roaming charges at borders?If you’re using a multi‑country eSIM with coverage in both countries, you won’t incur extra roaming fees from your home carrier. Keep roaming off on your home SIM to avoid accidental use.6) I’m connecting via Europe or the US—worth getting a layover eSIM?Yes. It’s an easy way to test your setup and stay reachable. Try Esim North America or country options like Esim Spain, Esim France, or Esim Italy for common hubs.Next step: Browse South America coverage options and build your plan on Destinations.

31 Oct 2025
Best eSIM for Europe (2025): Plans, Coverage, Fair-Use

Best eSIM for Europe (2025): Plans, Coverage, Fair-Use

Choosing the best eSIM for Europe in 2025 comes down to what you actually do on the road: how many countries you’ll cross, how much data you burn, whether you need 5G, and if hotspot tethering matters. Pricing is competitive, but not all “Europe” eSIMs are equal—some throttle after small “unlimited” buckets, some exclude popular destinations, and others won’t let you tether at all. This guide compares Europe-ready eSIMs by price per GB, 5G access, hotspot policy, and fair-use rules, so you don’t discover limits at the worst time (like mid-ride-share across borders).For most travellers, Simology’s regional plan is a standout: consistent 4G/5G coverage across key countries, transparent allowances, hotspot enabled, and simple top-ups. If you’re mainly in one country, a local eSIM (e.g., France, Italy, Spain) can push price per GB down even further. Flying via the US or Canada? Pair a Europe eSIM with a North America plan to stay connected gate-to-gate. Below is how to choose, what to expect, and the fastest way to avoid fair-use surprises.Quick verdict: the best eSIM for Europe in 2025Best overall for multi-country trips: Simology Esim Western Europe — multi-country coverage, hotspot allowed, fair-use clearly stated, easy top-up.Best value if staying in one country: Simology country eSIMs such as Esim France, Esim Italy and Esim Spain — usually the lowest price per GB.Best for transatlantic travellers: Pair Esim United States or Esim North America with a Europe plan for seamless coverage on both sides.Best for teams and frequent flyers: Managed accounts via For Business — pooled visibility, cost control, consolidated billing.If you’re unsure which countries are covered, start with the full list on Destinations.How we compared Europe eSIMsPrice per GB: Divide plan price by included GB. Ignore “unlimited” claims unless a clear daily/total high-speed cap is disclosed.Coverage footprint: Number of countries, inclusion of the big four (France, Italy, Spain, Germany) plus the UK, Nordics, Benelux, Portugal, Switzerland and popular Balkans.Network quality: Access to top local operators and 5G in major cities; no permanent throttling.Hotspot/tethering: Explicitly allowed by default.Fair-use policy (FUP): Transparent thresholds, reasonable roaming terms, and no punitive restrictions for normal travel use.Ease of use: Instant delivery, QR installation, quick top-ups, responsive support.Simology’s regional and country eSIMs score well on the above, particularly on price-per-GB transparency and hotspot inclusion.The best Simology picks for EuropeEsim Western Europe — top pick for most travellersWho it’s for: - City-hoppers doing 3–12 countries in one trip - Families or remote workers who rely on hotspot - Travellers wanting simple top-ups and a single eSIM across bordersWhat you get: - Broad multi-country coverage across Western Europe with 4G/5G where available - Hotspot/tethering enabled - Clear, upfront data allowances with straightforward price-per-GB - Friendly fair-use terms intended for travel (not permanent roaming)Why it’s hard to beat: - You avoid the SIM shuffle at borders and keep one APN and one data monitor - 5G in major hubs for quick downloads and video calls - Competitive price-per-GB compared with typical regional packsConsider if: - You’re mostly staying in one country (a local eSIM may be cheaper per GB) - You need calling minutes (data-only eSIMs use VoIP apps; pair with your primary SIM for voice/SMS)Check availability and covered nations on Esim Western Europe and confirm your route against Destinations.Country eSIMs — the best price per GB when you stay putIf your itinerary centres on a single country, local plans often win on value and sometimes on peak speeds.France: See Esim France for dense 5G in Paris, Lyon, Marseille and strong rail-corridor coverage. Excellent for city weekends and Riviera road trips.Italy: Esim Italy offers solid 5G in major cities and coastal belts; good for hotspots on trains and ferries.Spain: With Esim Spain, coverage is wide across cities and islands; great for digital nomads needing steady tethering.Choose a country eSIM when: - You won’t cross borders or only do a quick day trip - You want the lowest cost per GB and plan to stream or hotspot frequentlyTransatlantic and multi-region itinerariesConnecting through North America? Avoid airport Wi‑Fi hunting by pairing your Europe eSIM with a North America plan:USA only: Esim United StatesUS/Canada/Mexico: Esim North AmericaInstall both profiles before you fly, then toggle data lines per region. If you’re organising trips for teams or events, centralise management with For Business. Travel brands and creators can explore partnerships via the Partner Hub.Fair-use policies in Europe explained (and how they affect you)Fair-use policies exist to prevent abuse of roaming and unlimited plans. Here’s what matters in practice:Roaming vs “local”: Most Europe eSIMs are regional roaming bundles. That’s fine for travel, but networks may apply FUP while roaming, such as deprioritisation or caps during congestion.“Unlimited” usually isn’t: High-speed data often has a daily or total cap (e.g., 1–5 GB/day at full speed, then throttled). If a plan says unlimited, look for the high-speed allowance first.Hotspot limits: Some providers block tethering or throttle hotspot specifically. Simology plans allow hotspot by default unless stated otherwise.Country exclusions: Not every “Europe” plan includes Switzerland, the Balkans or microstates. Confirm the exact list on Destinations.Usage window: Plans run for a set validity period from first activation; unused data may not roll over.Practical takeaways: - Pick a plan with a clear high-speed allowance if you work on the go. - Expect speed variation at busy times or on rural routes; try different network selections if your device allows. - For long trips, buy a sensible base allowance and top up rather than chasing “unlimited”.Step-by-step: how to choose the right Europe eSIM1) Map your route - List every country and the number of days in each. - If 3+ countries, lean towards Esim Western Europe; otherwise a country eSIM may be cheaper.2) Estimate your data need - Light (maps, messages, occasional rides): 3–5 GB/week - Moderate (social, short video, hotspot for email): 6–10 GB/week - Heavy (HD video, frequent hotspot/video calls): 12–20 GB+/week3) Decide on 5G vs 4G - If you upload media, join video calls, or plan to tether often, choose 5G access where available.4) Confirm hotspot - Ensure your plan explicitly allows tethering if you’ll share data to a laptop or tablet.5) Plan your dual-SIM setup - Keep your home SIM active for calls/SMS, but set the eSIM as your data line and switch data roaming off on your primary SIM to avoid bill shock.6) Check device compatibility - Most recent iPhone, Samsung Galaxy, Google Pixel and other flagships support eSIM. If unsure, consult your device specs.7) Buy and install early - Purchase from Simology, scan the QR code, and add the eSIM before departure while on good Wi‑Fi.8) Test and label - Toggle mobile data to the eSIM briefly at home to confirm activation. Name it “Europe Data” (or country) to avoid confusion.Activation and on‑trip checklistBefore you fly: - Install your eSIM profile over Wi‑Fi. - Set the eSIM as “Mobile Data” line; turn data roaming off on your primary SIM. - Download offline maps; update apps while on Wi‑Fi.On arrival: - Toggle the eSIM data line on. - Ensure Data Roaming is enabled for the eSIM line. - If speeds seem slow, briefly toggle Airplane Mode or select a different partner network in Settings.During your trip: - Monitor data usage in your phone settings. - Hotspot when needed; disable when idle to save battery and data. - Top up through your Simology account if you’re running low.Pro tips to save data and avoid surprisesUse Low Data Mode/ Data Saver on your phone.Disable auto-play for video in social apps.Cache music and podcasts on Wi‑Fi.Prefer Wi‑Fi for big backups; pause cloud photo sync while roaming.Use Wi‑Fi calling for voice; WhatsApp/FaceTime use your existing number even on a data-only eSIM.For road trips, keep offline maps for every country you’ll cross.If you’ll be in the US before/after Europe, install Esim United States or Esim North America in advance.FAQ: Europe eSIMs1) Will my phone work with a Europe eSIM? - Most recent iPhone (XR/XS and newer), Google Pixel (3 and newer), and flagship Samsung devices support eSIM. Region-specific models vary. If in doubt, check your device settings for “Add eSIM” or consult the manufacturer’s specs.2) Can I use hotspot/tethering with Simology eSIMs? - Yes, Simology plans allow hotspot unless stated otherwise on the specific product page. Tethering performance depends on local network conditions.3) How fast is 5G in Europe? - In major cities, typical real-world 5G ranges from 150–500 Mbps, with higher peaks possible. Speeds vary by network, location, and time of day, and can be managed during congestion.4) I’m visiting 8–10 countries in two weeks. What’s best? - A regional plan like Esim Western Europe keeps things simple across borders. If you’ll spend 5+ days in a single country with heavy usage, add a local eSIM (e.g., Esim France or Esim Italy) for cheaper per‑GB data during that block.5) Do I need to show ID to buy an eSIM in Europe? - Most data-only eSIMs in Europe do not require ID, but requirements vary by country. If verification is required, Simology will prompt you during checkout.6) Can I keep my WhatsApp number and receive texts from my bank? - Yes. Your WhatsApp stays linked to your number. Keep your physical SIM active for SMS; set the eSIM as data-only and turn off data roaming on the primary SIM to avoid charges.The bottom lineThe best eSIM for Europe is the one that matches your route, data habits, and need for 5G and hotspot. For most travellers crossing multiple borders, Simology’s Esim Western Europe combines solid coverage, transparent allowances, and tethering without hoops. If you’ll camp in one country, local eSIMs like Esim France, Esim Italy or Esim Spain usually deliver the lowest price per GB. Flying via the US or Canada? Add Esim United States or Esim North America for smooth connectivity end to end.Next step: Compare coverage and pick your plan on Esim Western Europe.

30 Oct 2025
Simology API & SDK: Quick Start for Catalog, Checkout & Activation Webhooks

Simology API & SDK: Quick Start for Catalog, Checkout & Activation Webhooks

Integrating Simology’s eSIM into your app or site should be quick, safe and predictable. This guide shows you how to stand up a working flow end‑to‑end: pull a live catalogue, create a checkout, and handle activation webhooks to deliver eSIM credentials. You’ll get example endpoints, headers, sample payloads, sandbox tips, and robust error and retry strategies so you can go live with confidence.We assume you’re building for travellers and want a clean, reliable purchase and activation journey. The same patterns apply whether you’re selling a single-country plan like Esim United States or regional bundles such as Esim Western Europe and Esim North America. If you’re still shaping your plan range, explore available markets on Destinations and see what resonates with your audience. When you’re ready to partner, head to the Partner Hub or our For Business page to get access.What you’ll buildA minimal, production‑ready integration includes:Catalog: Fetch plans (SKU, coverage, allowance, validity, price) and display them.Checkout: Create an order/checkout session and direct the user to pay.Webhooks: Receive order status and eSIM activation credentials securely.Activation: Present LPA QR or SM‑DP+ + activation code in your UI.Post‑purchase: Poll or subscribe to status updates; offer top‑ups if supported.PrerequisitesA Simology partner account with API credentials: request access via the Partner Hub.Sandbox environment enabled (for test cards and simulated activations).Public HTTPS webhook endpoint (TLS 1.2+, supports POST, returns 2xx on success).Server ability to store secrets and verify signatures.Optional: SDK installed (Node.js or Python) or curl for initial testing.Tip: While you prototype, use live product copy from Destinations. For regional content and FAQs, see Esim France, Esim Italy and Esim Spain.Environments and authenticationTypical environment split:Sandbox base URL (example): https://sandbox-api.simology.ioProduction base URL (example): https://api.simology.ioAuthentication:Use the HTTP header: Authorization: Bearer YOUR_API_KEYSend JSON: Content-Type: application/jsonUse idempotency for POSTs: Idempotency-Key: a-unique-uuid-per-intentPro tips: - Rotate keys regularly; keep them server-side only. - Scope keys to least privilege; separate sandbox and production keys. - Log the response header request_id (if provided) for faster support.Step 1: Fetch the eSIM catalogueEndpoint (example): - GET /v1/catalog?country=US - GET /v1/catalog?region=western-europeExample request:GET /v1/catalog?country=US HTTP/1.1 Host: sandbox-api.simology.io Authorization: Bearer sk_sandbox_123 Accept: application/json Example response:{  "items": [    {      "sku": "US-5GB-30D",      "name": "United States 5 GB / 30 days",      "region": "US",      "coverage": ["US"],      "data_allowance_mb": 5120,      "validity_days": 30,      "price": { "amount": 14.99, "currency": "USD" },      "activation_method": "lpa",      "esim_type": "data",      "terms_url": "https://simology.io/esim-united-states",      "available": true    }  ],  "updated_at": "2025-01-10T09:12:44Z" } Implementation notes: - Cache catalogue responses for several minutes; invalidate on webhook or daily refresh. - Use query params to filter by country/region to reduce payloads. - Map regional SKUs to your UX—e.g., “Western Europe” → Esim Western Europe.Pro tips: - Localise currencies client-side only if your payment provider requires it; keep SKU and currency from the API authoritative. - Surface coverage and validity clearly; travellers value transparency.Step 2: Create a checkout session (order)Endpoint (example): - POST /v1/checkout/sessionsExample request:{  "customer": {    "email": "alex@example.com",    "country": "GB"  },  "items": [    { "sku": "US-5GB-30D", "quantity": 1 }  ],  "success_url": "https://yourapp.example/checkout/success?session_id={SESSION_ID}",  "cancel_url": "https://yourapp.example/checkout/cancel",  "metadata": {    "user_id": "u_789",    "source": "ios-app"  } } Example response:{  "id": "cs_abc123",  "payment_url": "https://pay.sandbox.simology.io/cs_abc123",  "status": "pending",  "expires_at": "2025-01-10T09:27:44Z" } Redirect the user to payment_url.On success, Simology will send a webhook (see next step) such as checkout.completed or order.paid.Error example:{  "error": {    "code": "sku_unavailable",    "message": "Requested SKU is not available in the selected region.",    "request_id": "req_9x8y7z"  } } Pro tips: - Always include a unique Idempotency-Key on POSTs to prevent duplicate orders. - Do not fulfil on the browser redirect alone; wait for the signed webhook.Step 3: Webhooks for checkout and activationExpose a POST endpoint, e.g., https://yourapp.example/webhooks/simologyExpected events (names may vary by integration): - checkout.completed — customer returned from payment - order.paid — funds confirmed; fulfilment can begin - activation.ready — eSIM credentials ready for delivery - order.failed or payment.failed — handle gracefullySecurity: - Simology signs webhook payloads. Expect a header like: - Simology-Signature: t=1736500000,v1=hex-hmac-sha256 - Verify HMAC using your webhook secret and the raw request body + timestamp t. - Reject if signature invalid or timestamp skew > 5 minutes.Example webhook: order.paid{  "type": "order.paid",  "id": "evt_123",  "created": "2025-01-10T09:20:02Z",  "data": {    "order_id": "ord_456",    "session_id": "cs_abc123",    "items": [      { "sku": "US-5GB-30D", "quantity": 1, "unit_price": 14.99, "currency": "USD" }    ],    "customer": { "email": "alex@example.com" }  } } Example webhook: activation.ready{  "type": "activation.ready",  "id": "evt_789",  "created": "2025-01-10T09:21:10Z",  "data": {    "order_id": "ord_456",    "line": {      "iccid": "8988307000001234567",      "smdp_plus": "LPA:1$sm-dp-plus.simology.net$ACT-CODE-1234",      "qr_url": "https://sandbox-api.simology.io/v1/qr/ord_456.png",      "valid_from": "2025-01-10T09:21:10Z",      "expires_at": "2025-02-09T23:59:59Z"    }  } } Retries: - Respond 2xx on success within 5 seconds. - Non-2xx triggers automatic retries with exponential backoff (e.g., 1m, 5m, 30m, hourly up to 48h). - Webhooks are idempotent; use the event id to deduplicate.Pro tips: - Store the full webhook event before processing; reprocess safely if needed. - Use a separate signing secret per environment; rotate on a schedule.Step 4: Deliver and activate the eSIMOnce you receive activation.ready: - If you display QR in-app: render qr_url or generate your own QR from the LPA string (smdp_plus). Confirm the screen brightness/instructions for scanning. - If you deliver manually: present the SM‑DP+ address and activation code clearly.UI checklist: - Show coverage and validity (mirror your catalogue details, e.g., Esim North America). - Provide concise device instructions (Settings > Mobile Data > Add eSIM). - Remind users to keep primary SIM for calls/SMS if needed, using data on eSIM. - Offer a link back to plan details (e.g., Esim United States) for FAQs.Step 5: Post‑activation status and top‑upsCommon endpoints (examples): - GET /v1/orders/{order_id} — check latest status. - GET /v1/lines/{iccid} — inspect data used/remaining. - POST /v1/topups — add data to an existing line.Example line status:{  "iccid": "8988307000001234567",  "status": "active",  "data": {    "used_mb": 1200,    "remaining_mb": 3920  },  "valid_until": "2025-02-09T23:59:59Z" } Pro tips: - Cache status for 30–60 seconds to avoid rate limits. - If you surface data usage, include a timestamp and note that roaming networks can report with slight delay.Errors, rate limits and observabilityHTTP status patterns: - 400 validation_error — your request is malformed (missing field, invalid SKU). - 401/403 auth_error — bad or expired credentials, wrong environment key. - 404 not_found — order/line ID not recognised. - 409 conflict — duplicate idempotency key with different payload. - 429 rate_limited — back off using Retry-After header. - 5xx server_error — transient; retry with backoff and jitter.Canonical error body:{  "error": {    "code": "rate_limited",    "message": "Too many requests. Try again later.",    "request_id": "req_123",    "retry_after": 30  } } Best practices: - Always log request_id and error.code. - Implement circuit breakers for persistent 5xx. - Respect Retry-After on 429; apply exponential backoff with jitter. - Use unique Idempotency-Key per action (e.g., “create checkout for cart 123”). - Monitor webhook delivery success rate and age of last processed event.SDK quick startWhile you can integrate with raw HTTP, SDKs speed up auth, idempotency and webhook verification. The shapes below reflect the examples above; adapt to your language and tooling.Node.js (example):import { Simology } from "@simology/sdk"; const sim = new Simology({ apiKey: process.env.SIMOLOGY_API_KEY, baseUrl: "https://sandbox-api.simology.io" }); const catalog = await sim.catalog.list({ country: "US" }); const session = await sim.checkout.create({  customer: { email: "alex@example.com", country: "GB" },  items: [{ sku: "US-5GB-30D", quantity: 1 }],  success_url: "https://yourapp.example/success?session_id={SESSION_ID}",  cancel_url: "https://yourapp.example/cancel" }); Webhook verification (pseudo):app.post("/webhooks/simology", express.raw({ type: "application/json" }), (req, res) => {  const signature = req.header("Simology-Signature");  const event = sim.webhooks.verify(req.body, signature, process.env.SIMOLOGY_WEBHOOK_SECRET);  // process event.type ...  res.sendStatus(200); }); Python (example):from simology import Simology sim = Simology(api_key=os.getenv("SIMOLOGY_API_KEY"), base_url="https://sandbox-api.simology.io") catalog = sim.catalog.list(country="US") Tip: Keep the webhook route using raw body to preserve signature integrity.Security and privacy essentialsStore only what you need (e.g., order_id, sku, iccid). Avoid storing full QR images if the LPA string is sufficient.Encrypt secrets at rest; restrict access via IAM.Validate webhook payload against expected schema before acting.Do not render raw error messages to end users; translate to helpful guidance.Go‑live checklistSandbox to production switch with environment flags.API key rotation plan and secret storage verified.Idempotency implemented on all POST operations.Webhook endpoint verified with signature checks and 2xx acks.Observability: logs capture request_id, event.id, order_id, iccid.Rate limit handling and backoff tested.Happy path and failure path user messaging in place.Regional catalogue mapped to your content (e.g., Esim France, Esim Italy).FAQHow do sandbox and production differ? Sandbox uses test payment and simulated activation events. Payload shapes mirror production, but no real provisioning occurs. Use separate API keys and webhook secrets per environment.Can I test activation without scanning a QR? Yes. Use the LPA string (SM‑DP+ and activation code) from activation.ready to test your UI. In sandbox, you can display it without provisioning a real profile.What happens if my webhook endpoint is down? Simology retries with exponential backoff for a defined window (for example, up to 48 hours). Keep processing idempotent and return 2xx only after you have safely stored/handled the event.How should I handle plan regions in my UX? Keep your SKUs aligned with clear coverage descriptions (country vs region). Link to destination pages like Esim United States or Esim Western Europe for clarity, and aggregate them under Destinations.Can I issue refunds or cancellations via API? Many setups support POST /v1/refunds or cancelling unpaid checkouts. Always wait for webhook confirmation (refund.processed) before altering customer entitlements.Do you support top‑ups and usage queries? Yes in most cases—use the lines and topups endpoints as shown. Cache usage responses briefly and inform travellers about reporting delays when roaming.Next step: Ready to get credentials and sandbox access? Visit the Partner Hub to kick off your integration.

30 Oct 2025