Legal
Privacy Policy
Last updated: February 25, 2026
CloudOn — operated by Gold Lavender Co., Ltd.
Effective Date: February 25, 2026
Last Updated: February 25, 2026
1. Introduction
Welcome to CloudOn ("we," "us," or "our"). CloudOn is a service operated by Gold Lavender Co., Ltd., a company incorporated in Japan. We provide eSIM data services accessible through our websites (cloudon.app and cloudon.jp) and our mobile applications on Android and iOS (collectively, the "Services").
We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains what information we collect, how we use it, with whom we share it, and what rights you have in relation to it.
By using our Services, you agree to the collection and use of information in accordance with this policy.
2. Information We Collect
2.1 Information You Provide Directly
- Account information: name, email address, password, and preferred language when you register an account.
- Purchase information: billing address and order history. Payment card details are processed directly by our payment processors and are not stored on our servers.
- Communications: messages or inquiries you send to our support team.
2.2 Information Collected Automatically
- Device information: device type, operating system, unique device identifiers, and mobile network information.
- eSIM and usage data: eSIM activation status, data plan details, data usage, and connectivity logs necessary to provide and maintain your service.
- Log data: IP address, browser type, pages visited, time and date of visits, and referring URLs.
- App usage data: in-app events, feature interactions, and crash reports collected via Firebase.
2.3 Information from Cookies and Tracking Technologies
We use cookies, pixels, and similar technologies on our websites and app. These may collect:
- Session and preference data (functional cookies)
- Browsing behavior and conversion data (analytics and advertising cookies)
Please refer to Section 8 (Cookies & Tracking) for more details.
3. How We Use Your Information
We use the information we collect for the following purposes:
- To provide and manage your Services: activating eSIMs, processing orders, managing your account, and providing customer support.
- To process payments: sharing necessary billing information with our payment processors (Stripe, PayPal, Apple Pay, Google Pay).
- To communicate with you: sending order confirmations, service updates, expiry reminders, and responding to support requests.
- To improve our Services: analyzing usage patterns, diagnosing technical issues, and developing new features.
- To personalize your experience: displaying relevant plans and recommendations based on your usage history and location.
- To send marketing communications: with your consent, sending promotional offers and news about our Services. You may opt out at any time.
- To comply with legal obligations: meeting requirements under applicable laws, including Japanese law and regulations applicable to our international users.
- To prevent fraud and ensure security: detecting and addressing unauthorized access, abuse, or fraudulent transactions.
4. Legal Bases for Processing (for EEA/UK Users)
If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data on the following legal bases:
- Contract performance: processing necessary to fulfill your eSIM purchase and deliver the Services.
- Legitimate interests: fraud prevention, service improvement, and security — where these interests are not overridden by your rights.
- Consent: for marketing communications and non-essential cookies.
- Legal obligation: where processing is required by applicable law.
5. Sharing Your Information
We do not sell your personal information. We may share your information with the following categories of third parties:
5.1 Payment Processors
We share billing information with Stripe, PayPal, Apple Pay, and Google Pay to process transactions securely. These processors operate under their own privacy policies and security standards.
5.2 Telecommunications and Network Providers
To activate and deliver eSIM services, we share necessary technical identifiers (such as EID/ICCID) with telecommunications network operators and connectivity partners. These partners receive only the minimum data required to provision your eSIM.
5.3 Analytics and Advertising Partners
- Google Analytics & Firebase — for usage analytics and app performance monitoring.
- Meta (Facebook) Pixel — for advertising performance measurement and audience insights on our websites.
These partners may set cookies or use device identifiers. You can manage your preferences as described in Section 8.
5.4 Cloud Infrastructure and Service Providers
We use trusted third-party cloud and software providers to operate our infrastructure. These providers process data only on our behalf and under strict data processing agreements.
5.5 Legal and Regulatory Disclosure
We may disclose your information when required by law, court order, or governmental authority, or where necessary to protect the rights, property, or safety of CloudOn, our users, or the public.
5.6 Business Transfers
In the event of a merger, acquisition, or sale of all or part of our assets, your information may be transferred as part of that transaction. We will notify you via email or a prominent notice on our Services if such a change occurs.
6. International Data Transfers
Gold Lavender Co., Ltd. is based in Japan. Japan has been recognized by the European Commission as providing an adequate level of data protection.
Your data may also be processed by our third-party partners (such as Google, Meta, and Stripe) in countries outside Japan. Where such transfers occur, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) or adequacy decisions to protect your data.
7. Data Retention
We retain your personal information for as long as necessary to provide the Services and comply with our legal obligations:
- Account data: retained for the duration of your account and for up to 3 years after account closure, to comply with legal and tax obligations.
- Transaction records: retained for 7 years in accordance with Japanese accounting and tax laws.
- Usage and log data: retained for up to 12 months, then anonymized or deleted.
- Marketing data: retained until you withdraw consent or unsubscribe.
8. Cookies & Tracking Technologies
8.1 Types of Cookies We Use
| Type | Purpose |
|---|---|
| Essential | Required for the website and app to function (login sessions, cart, etc.) |
| Analytics | Understand how users interact with our Services (Google Analytics, Firebase) |
| Advertising | Measure ad performance and retargeting (Meta Pixel) |
| Preferences | Remember your language, region, and display preferences |
8.2 Managing Your Cookie Preferences
- Website: You can manage cookie preferences via our cookie consent banner or your browser settings.
- App: You can manage ad tracking preferences in your device settings (iOS: Settings > Privacy > Tracking; Android: Settings > Google > Ads).
- Opt-out tools:
- Google Analytics: https://tools.google.com/dlpage/gaoptout
- Meta Ad Preferences: https://www.facebook.com/ads/preferences
Note that disabling certain cookies may affect the functionality of our Services.
9. Your Privacy Rights
Depending on where you are located, you may have the following rights:
9.1 All Users
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate or incomplete data.
- Deletion: Request deletion of your personal data, subject to legal retention obligations.
- Withdraw consent: Withdraw consent for marketing communications at any time via the unsubscribe link in our emails or by contacting us.
9.2 EEA / UK Users (GDPR / UK GDPR)
In addition to the above:
- Restriction: Request that we restrict processing of your data.
- Portability: Receive your data in a structured, machine-readable format.
- Object: Object to processing based on legitimate interests.
- Lodge a complaint: You have the right to lodge a complaint with your local data protection authority.
9.3 Japanese Users (Act on the Protection of Personal Information — APPI)
Under Japan's APPI, you have the right to request disclosure, correction, addition, deletion, or suspension of use of your personal information held by us.
9.4 California Users (CCPA / CPRA)
California residents have the right to know, delete, correct, and opt out of the sale or sharing of personal information. We do not sell personal information. To exercise your rights, contact us as described in Section 12.
To exercise any of your rights, please contact us at hello@cloudon.app. We will respond within the timeframes required by applicable law (generally 30 days).
10. Children's Privacy
Our Services are intended for users aged 18 and older. We do not knowingly collect personal information from children under 18. If we become aware that we have collected data from a child without appropriate parental consent, we will promptly delete that data. If you believe a child has provided us with their data, please contact us at hello@cloudon.app.
11. Security
We implement appropriate technical and organizational measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction. These include:
- Encryption of data in transit (TLS/SSL)
- Encryption of sensitive data at rest
- Access controls and authentication requirements
- Regular security reviews and monitoring
No method of transmission over the internet is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee its absolute security.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please contact us:
Gold Lavender Co., Ltd.
Operating as: CloudOn
Email: hello@cloudon.app
Website: https://cloudon.app | https://cloudon.jp
For Japanese-language inquiries, you may also reach us at: https://cloudon.jp
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date at the top of this page. For material changes, we will provide a more prominent notice (such as an in-app notification or email). We encourage you to review this policy periodically.
Your continued use of our Services after any changes constitutes your acceptance of the updated Privacy Policy.
This Privacy Policy is written in English. In the event of any conflict between the English version and any translation, the English version shall prevail.