Privacy policy

Article 1. Consent to Collection and Use of Personal Information

The Company collects personal information when users have reviewed and agreed to this Privacy Policy and related consent screens during membership registration, orders, inquiries, event participation, or other use of the Service.

If users refuse consent to required items, all or part of the Service—including membership registration, payment, and eSIM delivery—may be restricted. Optional items may be declined without affecting basic use of the Service.

Article 2. Purposes of Collection and Use

Member managementMember identification and authentication, prevention of fraudulent or unauthorized use, handling of inquiries and disputes, delivery of notices and guidance

Service provision and contract performanceOrder, payment, and delivery of eSIM and data products (QR and instructions), usage and activation status notices, refund and cancellation processing, management of receipts and transaction records, flight search query processing, cached fare display, affiliate booking site (Aviasales) links, and affiliate commission settlement, Chrome browser VPN connection, authentication, billing, and usage guidance

Service improvement and statisticsAnalysis of access and usage records, error and quality improvement, planning of new features and products, usage statistics (including in forms that do not identify individuals)

Marketing and promotions (with optional consent)Notices of discounts, events, and new products, tailored benefits, surveys and satisfaction research

Article 3. Items Collected and Methods of Collection

The Company collects only the minimum personal information necessary to provide the Service.

RequiredEmail, mobile phone number, password (or identification and authentication information provided by the provider when using social login), information necessary for payment approval (within the scope processed by payment processors), contact information necessary for orders and eSIM delivery

When identity or age verification is requiredName, date of birth, gender, mobile carrier, domestic or foreign status, encrypted user verification value (CI), duplicate registration confirmation information (DI), and other items provided by identity verification agencies

OptionalMarketing consent status, countries of interest and travel schedules, promotion and referral codes, survey responses

Automatically generated or collected during useAccess IP, cookies and advertising identifiers, device, OS, and app version, access and usage logs, payment and order history, countries of eSIM registration and use, customer support records, VPN connection and authentication logs, selected exit server and approximate location, traffic usage (for billing and abuse prevention), flight search inputs (origin and destination cities, dates, one-way, round-trip, non-stop options) and search or click history (for cache, quality improvement, and affiliate settlement)

Flight searchOrigin and destination airport (city) codes, departure and return dates, one-way, round-trip, and non-stop options, display currency and locale, search result views and booking link clicks. Booking and payment are completed on affiliate sites such as Aviasales, where their policies may apply.

Chrome VPN extensionJetRoaming account login information (email and authentication tokens), VPN proxy credentials, extension settings (language and connection state), authentication tokens stored locally on the same device for login sync with jetroaming.com

Methods of collectionWebsite and app registration, orders, and payment; customer support (phone, chat, email); event responses; partner, payment, and authentication integrations; automatic collection through generated information tools

If a user misuses another person's information or provides false information, the Company may take measures including reporting, restriction of use, or compulsory withdrawal under applicable laws.

Article 4. Retention and Use Period

In principle, personal information is destroyed without delay once the purpose of collection and use is achieved. However, information may be retained for certain periods under the laws below.

Member informationUntil membership withdrawal. After withdrawal, until related disputes or claims are resolved where such relationships exist

Records of fraudulent use1 year (prevention and recurrence of fraudulent use)

Records of contracts, withdrawal of offer, payment, and supply of goods5 years (Act on the Consumer Protection in Electronic Commerce)

Records of consumer complaints and dispute handling3 years (Act on the Consumer Protection in Electronic Commerce)

Records relating to labeling and advertising6 months (Act on the Consumer Protection in Electronic Commerce)

Records relating to identity verification6 months (Act on Promotion of Information and Communications Network Utilization and Information Protection)

Data confirming access and communication facts3 months (Protection of Communications Secrets Act)

Article 5. Provision to Third Parties

The Company does not provide users' personal information to outside parties in principle. It may provide information only where users have given prior consent or where there is a legal basis.

This may include requests from investigative authorities under law, provision of de-identified information for statistics or academic research, or provision of the minimum necessary scope for billing settlement or dispute resolution.

Where third-party provision is required, the Company informs users of the recipient, purpose, items provided, and retention period and obtains consent.

Article 6. Entrustment of Processing

The Company may entrust personal information processing as below for operation of the Service and stipulates necessary matters in entrustment contracts to ensure safe management, with supervision.

PaymentCredit card and simplified payment processing — entrustment period: until termination of entrustment contract

Notifications and messagesOrder and delivery notices, notification talk, SMS, and email — entrustment period: until termination of entrustment contract

Customer supportOperation of chat, ticket, and support systems — entrustment period: until termination of entrustment contract

Cloud and infrastructureData storage, backup, and system operation — entrustment period: until termination of entrustment contract

eSIM and telecommunicationseSIM provisioning and telecom partner integration — entrustment period: until end of relevant transaction or contract

Flight affiliate and dataFlight search cache data queries and affiliate booking links (Aviasales/Travelpayouts) and commission settlement — entrustment period: until termination of the relevant transaction or contract

VPN infrastructureOperation, authentication, and traffic handling for Chrome browser VPN proxy servers — entrustment period: until termination of entrustment contract

Changes to entrusted parties or entrusted tasks will be announced through this Policy.

Article 7. Overseas Transfer of Personal Information

Servers of some processors or partners used by the Company—including payment, cloud, messaging, eSIM, and social login—may be located outside the Republic of Korea, and personal information may be transferred overseas in that process.

Where overseas transfer occurs, the Company notifies matters required by law such as destination country, timing and method of transfer, items transferred, retention period, and name and contact of the transferee, and obtains necessary consent.

Article 8. Procedures and Methods of Destruction

Personal information whose retention period has expired or whose processing purpose has been achieved is destroyed without delay. Information that must be preserved under other laws is stored separately for the required period and then destroyed.

ProcedureOccurrence of destruction grounds → approval by personal information protection officer → selection of destruction targets → destruction

MethodElectronic files: deletion by methods that make recovery or reproduction impossible. Printed materials: shredding or incineration

Information transferred to databases is not used for purposes other than those permitted by law.

Article 9. Installation and Operation of Cookies and Automatic Collection Devices

The Company may use cookies and similar automatic collection devices for customized services, maintaining login sessions, usage statistics, and measuring advertising performance.

Users may refuse or delete cookie storage through browser settings. However, some features (such as maintaining login or cart functions) may be limited.

In mobile apps, users may limit customized advertising through OS and advertising identifier settings in accordance with each OS guide.

Article 10. Measures to Ensure Security of Personal Information

Administrative measures: establishment and implementation of internal management plans, minimization and training of handlers, regular self-inspection

Technical measures: access control, encryption of passwords and important information, security programs and firewalls, retention of access logs and prevention of tampering

Physical measures: access control for computer rooms and document storage areas

Article 11. Rights of Users and Legal Representatives and How to Exercise Them

Users (or legal representatives for children under 14) may request access, correction, deletion, suspension of processing, or withdrawal of consent regarding personal information at any time.

Rights may be exercised through in-service settings, customer support, or email. The Company will take action within the period prescribed by law and notify the result.

Where access or deletion may be restricted or refused under law, the Company will explain the reason.

Article 12. Receipt of Promotional Information

Promotional information such as events, discounts, and new products is sent only to users who have given prior consent.

Sending stops immediately upon opt-out. Opt-out methods are provided in message footers or through customer support.

Article 13. Children's Personal Information

The Company does not collect personal information of children under 14 without consent of a legal representative. If such collection is confirmed, the information is deleted without delay.

Legal representatives may request access, correction, deletion, suspension of processing, or withdrawal of consent regarding a child's personal information.

Article 14. Right to Refuse Consent

Users have the right to refuse consent to collection and use of personal information. However, refusal of consent to required items may restrict membership registration, payment, eSIM provision, and similar services.

Article 15. Flight Search Privacy

The Company provides flight fare search and affiliate booking links on the website. Booking and payment are completed on affiliate sites such as Aviasales; personal information processing after that stage is subject to affiliate policies.

Items collected and usedOrigin and destination airport (city) codes, departure and return dates, search options (one-way, round-trip, non-stop), display currency and locale, search result views and booking link clicks, access IP and cookies (for affiliate settlement)

PurposesProcessing flight search queries, displaying cached fares, linking to affiliate booking sites (Aviasales), affiliate commission settlement, and improving search quality and the Service

Third parties and external servicesThe Company may query search conditions and cached fares through flight data and affiliate APIs such as Travelpayouts and Aviasales, and redirect users to affiliates when booking links are clicked. Processing on affiliate sites is subject to those providers' policies.

RetentionSearch and click history is retained for the period necessary for service improvement, affiliate settlement, and dispute handling, then destroyed.

Article 16. Chrome Browser VPN (Extension) Privacy

The VPN provided by the Company is a proxy-based service used through a Chrome browser extension. It does not route all device traffic (other apps or the OS); only HTTP/HTTPS requests from Chrome while the extension is enabled may pass through exit servers operated by the Company.

Items collected and usedJetRoaming member account (email), login and refresh authentication tokens, one-time or time-limited VPN proxy credentials, VPN on/off state, selected exit server, connection time, access IP, traffic usage, extension UI language and settings

PurposesMember authentication, VPN connect and disconnect, display of exit country and server, free trial and paid use, billing and abuse prevention, service quality and incident response, session sync between jetroaming.com web login and the extension

What we do not collectThe Company does not collect or sell users' full browsing history, page content, or form input for marketing purposes when the VPN is used. Proxy servers may process only the minimum metadata necessary for connection, authentication, billing, and security (such as connection time, destination host, and data volume).

Local storageAuthentication tokens, VPN settings, and UI language may be stored in Chrome extension storage (chrome.storage) and, for web login sync, in browser local storage on the jetroaming.com domain. Users may delete stored information by logging out, clearing data, or removing the extension.

Third parties and external servicesThe Company may use external services necessary for operation, such as map tile servers (e.g., CARTO), GeoIP APIs to display exit server location and IP, and Google Chrome Web Store distribution and updates. Processing by those providers is subject to their respective policies.

RetentionVPN connection and authentication logs are retained for the period necessary for abuse prevention, dispute handling, and legal compliance, then destroyed. Minimum records required for disputes or legal obligations may be retained after membership withdrawal or cessation of VPN use.

Permissions declared in the Chrome Web Store listing (proxy, webRequest, storage, tabs, etc.) are used only to the extent necessary for VPN connection, authentication, UI, and web login sync. See the extension install screen and Chrome Web Store listing for details.

Article 17. Location Information

The Company may use approximate location based on IP for service quality and security (such as detecting abnormal access). In the Chrome VPN extension, approximate country or city-level location may be shown in the UI based on the selected exit server and GeoIP APIs; the Company does not collect precise device location such as GPS.

Article 18. Reporting and Consultation for Personal Information Infringement

For reports and consultation regarding infringement of personal information, users may also contact the following agencies in the Republic of Korea:

Personal Information Infringement Report Center (KISA): privacy.kisa.or.kr / 118 (toll-free in Korea)

Personal Information Dispute Mediation Committee: www.kopico.go.kr / 1833-6972

Supreme Prosecutors' Office Cyber Investigation Division: www.spo.go.kr / 1301 (toll-free in Korea)

Korean National Police Agency Cyber Bureau: ecrm.police.go.kr / 182 (toll-free in Korea)

Article 19. Changes to and Notice of Privacy Policy

When this Policy changes, the Company will announce the changes and effective date at least 7 days in advance (30 days for material changes affecting users' rights or obligations) through service notices or similar means.

Users who do not agree to changes may withdraw consent through membership withdrawal or similar means. Continued use of the Service may be deemed agreement to the revised Policy except where separate consent is required.

Article 20. Personal Information Protection Officer and Inquiries

The Company designates a personal information protection officer below to oversee personal information processing and handle user complaints and remedy of harm.

For inquiries, access, correction, deletion, suspension of processing, or withdrawal of consent regarding personal information during use of the Service, please contact the details below.

Personal Information Protection Officer구본목

DepartmentCustomer Support Team

ContactPhone 070-8095-7239 · Email privacy@jetroaming.com · support@jetroaming.com

Address대구광역시 수성구 파동로 150

Article 21. Supplementary Provisions

This Privacy Policy applies to the 제트로밍 Service and takes effect from the date stated at the top of this document.