Privacy Policy

Last Updated: September, 2025

I. Introduction

1. This privacy policy (“Privacy Policy”) is issued by uCloudlink (Singapore) Pte. Ltd. and its affiliates (“we”, “us,” “our,” or “uCloudlink”) and covers our practices regarding the collection, use, storage, transfer, and other processing of individually identifiable information about you (“Personal Information”) when you contact us, purchase, install, access or use our HEY ESIM App or websites (collectively the “Services”).
2. There may be jurisdiction specific provisions of this Privacy Policy for certain countries or regions. Please refer to Local Privacy Terms in Exhibit A for more information.
3. By using the Services, you agree to be bound by uCloudlink’s Terms and Conditions and acknowledge that you have read and understood uCloudlink’s Privacy Policy. This Privacy Policy constitutes a part of uCloudlink’s Terms and Conditions.

II. How uCloudlink Collects Your Personal Information

4. In order to provide our Services, we collect and process your Personal Information in several ways, including when you:
   • register for an account or use our Services;
   • visit our website/app or correspond with us by email;
   • provide your contact details to our marketing department requesting relevant and useful information about our Service through submission forms, or by telephone or e-mail;
   • conclude a transaction with us; or
   • contact us or provide information on social media channels.
5. Cookies and similar technologies (e.g. pixels and ad tags) (collectively “Cookies”) are small files which, when placed on your device, enable us to collect certain information, including Personal Information, from you in order to provide certain features and functionality. In our App, we may use third-party SDKs such as Appsflyer for analytics and attribution; on our Website, we and our service providers use Cookies or similar technologies. To learn more about our use of Cookies, please find the Cookies Table at the end of this Privacy Policy.

III. The Types of Personal Information We Collect

6. Depending on the nature of your interaction with uCloudlink, we may collect, store, and use the below categories of information:
   • Account details: email address (required for account registration and login). If you do not provide the email address, you may not be able to register for an account and enjoy our services, as well as achieve the specific purpose for some particular services. We do not require your phone number for account creation;
   • Transaction details: information relating to what you have purchased, spend history and details of payment method. We do not collect or store your payment card or account details;
   • Log information: when you use our Services and with your consent, the system may collect information such as mobile phone sim card permission (for the purposes of the international area code), positioning of the terminal, mobile phone model, mobile phone system version, mobile phone manufacturer, app log, MAC address, AndroidID, app log, and the IMEI number of your mobile device.
   • Analytics data: Limited attribution and marketing performance data collected via Appsflyer SDK (e.g., install source, anonymized device identifiers).

IV. How uCloudlink may use Personal Information

7. In accordance with our contract with you and to perform the obligations under such contract, uCloudlink will use your Personal Information to:
   • provide you with Services(activation and management of eSIM Plans);
   • enable you to login and register an account with uCloudlink;
   • notify you about changes to our Service, communicate with you or provide you with user support;
   • distribute user equipment;
   • process your online purchase of Plans and verify payment status;
   • enforce our terms and conditions and policies; and
   • administer the services, including troubleshooting.
8. In accordance with our legitimate interests to provide an effective and dynamic service, we may use your information to:
   • ensure the security of Services provided to you by uCloudlink including authentication, security, fraud monitoring, archiving and backup purposes;
   • help uCloudlink improve the Services;
   • enabling uCloudlink to show you recommended packages in accordance with your area of residence, subject to applicable laws and with your consent where required;
   • analyze your geographical location to provide better network coverage, recommended packages and to understand data traffic status of your location; and
   • analyze aggregated usage data to optimize app performance, website functionality, and marketing effectiveness.
9. With your consent, we may process your data to participate in market research related to our products and services. You can withdraw this consent at any time.

V. How uCloudlink may share, transfer, disclose your Personal Information

10. Except for the following circumstances, uCloudlink and its affiliates will not share your Personal Information with any third party without your consent.
11. uCloudlink and its affiliates may share your Personal Information with its partners, and third party suppliers, such as AWS for data hosting, as well as with other contractors and agents for the following purposes:
    • to provide you with the Services;
    • to carry out the purposes as described in section “How uCloudlink may use Personal Information”;
    • to fulfil uCloudlink’s responsibilities and obligations in the Terms and Conditions and this Privacy Policy; and
    • in connection with a merger, sale, or asset transfer.
12. If you pay for your Services using Paypal, Braintree, Paypal or Stripe, you acknowledge and agree that the processing of such payment shall be handled by that third party and will be subject to their terms and conditions and your data will be handled by them in accordance with their privacy policy. You must review these third party terms before proceeding.
13. We put in place contracts with third parties containing appropriate commitments regarding the handling and security of your personal data.
14. uCloudlink or its affiliates may save, store or disclose your Personal Information for the following purposes:
    • to comply with applicable laws and regulations and safeguard public interests;
    • to comply with court orders or regulations of other legal procedures;
    • to comply with regulatory requirements of relevant government departments; and
    • to protect the legal rights, personal/real property, or personal safety of our users and uCloudlink’s employees.

VI. Where we store your personal information

15. Your Personal Information and documents are stored on uCloudlink’s servers and the servers of third-party providers we engage to provide services to us. uCloudlink will take appropriate steps to ensure that any such third party complies with appropriate confidentiality and security measures.
16. Personal Information is stored by Amazon Web Services (AWS), with EU and UK Personal Information being hosted in Ireland and non-EU Personal Information being hosted in Singapore, except for data relating to Chinese users, whose Personal Information being hosted in China.
17. If you are located in the EEA, please see Local Privacy Terms for additional information about the safeguards we take to protect your Personal Information when it is transferred outside of the EEA.

VII. How you access and control your Personal Information

18. uCloudlink will do its utmost to take the appropriate technical measures to ensure that you can access, update, correct and delete your own registration information or other Personal Information provided when you use our services. For further information about the specific rights you have to access, update, correct or delete your Personal Information, please refer to the relevant local section of the privacy policy below for further information.
19. When you access, update, correct and delete the aforementioned information, you may be asked for authentication to protect the information security.

VIII. How uCloudlink Protects Your Personal Information

20. Unfortunately, no security system or system for the transmission of information via the internet can be guaranteed as completely secure.uCloudlink maintains appropriate technical and organizational measures to protect against unauthorized or unlawful processing of Personal Information and/or against accidental loss, alteration, disclosure or access, or accidental or unlawful destruction of or damage to your Personal Information. To try to prevent unauthorized access, maintain data accuracy and ensure the correct use of information, uCloudlink maintains physical, electronic, standard security practices, including encryption, passwords and physical security measures, and managerial procedures to protect the security and confidentiality of Personal Information. Only a limited number of persons within our organization are authorized to access, delete or modify your data. These measures are aimed at ensuring the on-going integrity and confidentiality of Personal Information. uCloudlink evaluates these measures on a regular basis to ensure the security of processing.
21. uCloudlink employees or any of uCloudlink’s contractual partners who have access to your data in order to provide services to uCloudlink or uCloudlink’s customers are contractually obligated to keep such information in confidence and may not use these data for any other purpose than performing their contractual missions for uCloudlink or uCloudlink’s customers.

IX. Protection of Minors’ Personal Information

22. If we recognize that you are not of the age of majority in your country, we will terminate the service and delete your information. We will notify you by app push, email before terminating the service.

X. Data Retention

23. We will delete your Personal Information within 60 days of you deleting your account unless we have a legal obligation to retain such data in which case we shall retain such data only for so long as we are required to do so by law, and in all cases subject to applicable law.

XI. Updates to this Privacy Policy

24. We may amend or update this Privacy Policy from time to time, consistent with applicable privacy laws and principles. We will notify you such changes will notify you by app push, in-app messaging, or email. Your continued use of the Services constitutes your acceptance of our Privacy Policy.

XII. Contact Us

25. If you have any questions about this Privacy Policy or our products, please feel free to give us a feedback. You can reach us by email at:
    • help@heyesims.com

---

Exhibit A - Local Privacy Terms

To comply with applicable data protection and privacy regulations in different jurisdictions, this Privacy Policy includes jurisdiction-specific provisions. These Local Privacy Terms apply only if you are located in, or your Personal Information is otherwise subject to the laws of, the relevant jurisdiction. In the event of any conflict or inconsistency between these Local Privacy Terms and the main body of this Privacy Policy, the Local Privacy Terms shall prevail to the extent of such conflict or inconsistency.

UK/EU

Your Rights Under GDPR and the UK Data Protection Act 2018

Data Controller

For purposes of the General Data Protection Regulation of EU and Data Protection Act 2018 of the UK, the data controller responsible for processing of Personal Information described in this Privacy Policy is:

• uCloudlink (Singapore) Pte. Ltd.

International Transfer of Personal Information

As described above, the Personal Information that we collect from you will be transferred to, and stored at, a destination outside of the UK and European Economic Area (“EEA”). Where we transfer your Personal Information to countries outside of the UK and EEA (as applicable), we do so under:

• the European Commission’s Standard Contractual Clauses (Decision (EU) 2021/914), or
• the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU SCCs,
• or any replacement mechanism approved under applicable EU or UK law.

Data Subject Rights

You may have the following rights under applicable law, subject to legal limitations:

• Right of access – to ask us to access the Personal Information we maintain about you and be provided with information about how we use and share your information.
• Right to rectification – to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
• Right of erasure – to ask us to erase your personal data in certain circumstances.
• Right to restriction of processing – to ask us to restrict processing of your information in certain circumstances.
• Right to object to processing – to object to processing of your personal data in certain circumstances.
• Right to data portability – to ask that we transfer the information you gave us to another organization, or to you, in certain circumstances.
• Right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significant effects concerning you.

If you are concerned that any of the information we hold about you is incorrect, out of date, or may be used inappropriately, please contact us[Hyperlink to 'Contact Us' section] with your concerns and we will take appropriate steps to amend our records.

uCloudlink is committed to working with you to obtain a fair resolution of any complaint or concerns about privacy. If, however, you believe that uCloudlink has not been able to assist with your complaint or concern, you have the right to make a complaint with a competent data protection authority in the UK or EU Member State where you reside or where you believe the breach occurred.

United States (California and Other States)

Applicable Law

To the extent that uCloudlink is subject to the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA), or to comparable privacy legislation in other U.S. states (including but not limited to Virginia, Colorado, Connecticut, and Utah), the following applies:

Your Rights

You may have the following rights under applicable U.S. state privacy laws:

• The right to know what personal data we collect, use, disclose, and sell/share;
• The right to request deletion of personal data, subject to exceptions;
• The right to request correction of inaccurate personal data;
• The right to opt-out of the sale or sharing of personal data;
• The right to limit the use and disclosure of sensitive personal data (if applicable);
• The right to non-discrimination when exercising your privacy rights.

Sensitive Personal Data Disclosure (California-specific)

We may collect certain categories of sensitive personal data (e.g., precise geolocation, payment-related identifiers, account login credentials, government ID numbers) in order to process transactions, provide services, or comply with applicable law. We do not use sensitive personal data for any purpose other than those permitted under CPRA Section 1798.121.

Complaints

If you are a California resident and are dissatisfied with our response, you may contact the California Privacy Protection Agency (CPPA). Residents of other states may contact their respective state Attorneys General or Data Protection Authorities.

Singapore

Applicable Law

For users located in Singapore, the Personal Data Protection Act 2012 (PDPA), as amended in 2020, applies. The PDPA is regulated and enforced by the Personal Data Protection Commission (PDPC).

Your Rights

You may have the following rights under PDPA:

• Right to access personal data that we hold about you;
• Right to request correction of inaccurate or incomplete data;
• Right to withdraw consent for collection, use, and disclosure of your personal data;
• Right to data portability (once in force under PDPA amendments).

Complaints

If you are dissatisfied with our handling of your personal data, you may lodge a complaint with the Personal Data Protection Commission (PDPC) at [https://www.pdpc.gov.sg]

Malaysia

Applicable Law

For users located in Malaysia, the Personal Data Protection Act 2010 (PDPA) applies.

Your Rights

You may have the following rights under PDPA:

• Right to access your personal data;
• Right to request correction of your personal data;
• Right to withdraw consent to the processing of personal data, subject to contractual or legal restrictions;
• Right to prevent processing likely to cause damage or distress.

Complaints

Complaints may be lodged with the Department of Personal Data Protection (JPDP) at [https://www.pdp.gov.my]

Additional Local Requirements

Please note that the Local Privacy Terms set out above are not exhaustive. If your country or region has specific data protection or privacy laws that are not reflected here, those laws will apply to the extent required. If you would like further information on how uCloudlink addresses compliance with local privacy regulations in your jurisdiction, please contact us at [help@heyesims.com].

---

Cookies

The following table outlines the purpose and description of the Cookies and similar technologies used in our Services:

Purpose	Description
Authentication	We use cookies to recognize you when you visit our Services. If you're signed in, cookies help us show you the right information and personalize your experience in line with your settings.
Security	We use cookies to make your interactions with our Services faster, more secure and to help us detect malicious activity and violations of our Terms and Conditions.
Preferences, features and services	We use cookies to enable the functionality of our Services, and provide you with features, insights and customized content. We also use these technologies to remember information about your browser and your preferences.
Functional	We use cookies to improve your experience on our Services.
Analytics and research	Cookies help us learn more about how well our Services and plugins perform in different locations. We or our service providers use cookies to understand, improve, and research products, features and services, including as you navigate through our sites or when you access our website from other sites, applications or devices. We or our service providers, use cookies to determine and measure the performance of ads or posts on and off our website/ app and to learn whether you have interacted with our websites, content or emails and provide analytics based on those interactions. We also use cookies to provide aggregated information to our customers and partners as part of our Services.
Third-party Cookies and SDKs	We may also allow certain trusted third parties (such as analytics providers, advertising partners, or mobile attribution SDKs) to place Cookies or similar technologies on your device. These third parties may collect information about your online activities across different websites, apps, and over time, in accordance with their own privacy policies.
Your Choices	You can manage or disable Cookies through your browser or device settings. Please note that some features of our Services may not function properly if you disable Cookies. For non-essential Cookies (e.g., analytics or advertising), we will only use them where we have obtained your consent, as required by applicable law.