Data Protection & Privacy Policy
● Institutional Audit Passed: February 2026
At FreeeSIM.edu.rs, we recognize that privacy is a cornerstone of academic freedom. This policy outlines our institutional commitment to protecting the data of students and faculty members who participate in our Global Connectivity Grant. We operate under the "Privacy by Design" framework, ensuring that data protection is integrated into our technical architecture from the first handshake.
1. Information Collection: Academic Necessity
We collect only the minimum data required to verify eligibility for the educational grant. This includes:
- Institutional Endpoint: Your university-issued email address.
- Hardware Metadata: Device model (to ensure eSIM technical compatibility).
- Verification Artifacts: Temporary digital copies of student identification (purged immediately after review).
We do not collect browsing history, application usage data, or geographic GPS coordinates during your use of the provisioned eSIM.
2. The 48-Hour Purge Protocol
Our most significant institutional safeguard is the Automated Purge Protocol. In a commercial environment, data is a commodity; in our academic environment, it is a liability.
Standard Operating Procedure #DP-04
"Upon the successful generation of an eSIM QR module and its subsequent network handshake, all Personally Identifiable Information (PII) is flagged for permanent, multi-pass erasure from our primary verification servers within forty-eight (48) hours."
3. Technical Safeguards & Encryption
To prevent unauthorized access to grant provisioning keys, we employ institutional-grade security measures:
A. AES-256 Provisioning Tunnel
All eSIM profiles are delivered via an encrypted tunnel. This prevents "Man-in-the-Middle" (MitM) attacks during the sensitive over-the-air (OTA) installation process.
B. Anonymized Metadata
After the 48-hour purge, we retain only anonymized metadata (e.g., "Student from Belgrade University used 1.2GB in Berlin"). This is used solely for reporting to our grant funders to demonstrate the program's success.
4. Your Rights (GDPR Compliance)
Consistent with the General Data Protection Regulation, you maintain the following rights over your data:
- Right to Erasure: You may request the immediate deletion of your verification record at any time.
- Right to Portability: You may request a copy of the data we hold during the 48-hour active verification window.
- Right to Object: You may object to any processing of your data beyond the strict necessity of grant provisioning.
5. Institutional Accountability
This policy is overseen by the Educational Infrastructure Council (EIC) in Belgrade. We do not sell, rent, or trade student data with third-party advertisers. Our only "partners" are the Tier-1 carriers required to facilitate your connection, and they receive only the technical keys necessary to authorize your session.
6. Contact the Privacy Officer
For inquiries regarding institutional data sovereignty or to exercise your rights under GDPR, please contact our volunteer Data Protection Officer at: