privacy policy.
How we collect, use and protect your personal data.
1. Data controller
Oryn Labs LLC, responsible for the Konectadu services, acts as the controller of your personal data under the Brazilian General Data Protection Law (LGPD — Law No. 13.709/2018).
Oryn Labs LLC · 7345 W Sand Lake Rd, Ste 210, Office 3185, Orlando, FL 32819, United States · oryn-labs.io
2. Data we collect
- Registration: full name, email, phone number;
- Payment: processed by certified intermediaries — we do not store card data;
- eSIM usage: device, operating system, ICCID of the installed eSIM;
- Browsing: IP address, cookies, pages visited, session duration, scroll depth;
- Marketing attribution: campaign parameters (UTM, gclid, fbclid, ttclid, msclkid), source URL and traffic channel.
3. How we use your data
- Process orders and deliver the eSIM QR Code;
- Provide technical support and customer service;
- Send confirmations, receipts and service communications;
- Improve our product and personalize the experience;
- Measure advertising campaign effectiveness and attribute conversions;
- Comply with legal and regulatory obligations.
4. Legal basis (LGPD)
Processing is based on: performance of a contract (art. 7, V), compliance with a legal obligation (art. 7, II), consent (art. 7, I) for marketing and analytics cookies, and legitimate interest (art. 7, IX) for security and service improvement purposes.
5. Analytics and marketing tools
With your consent, we use the following third-party tools. All events are routed via Google Tag Manager Server-Side (sGTM), which limits the volume of data sent directly to the browser:
| Tool | Purpose | Data sent | Provider policy |
|---|---|---|---|
| Google Analytics 4 (GA4) | Behavior and traffic analysis | Navigation events, conversions, anonymized session data | Google Privacy Policy |
| Google Ads (gclid) | Campaign measurement and optimization | Click ID, conversion events | Google Privacy Policy |
| Meta Pixel + Conversions API (CAPI) | Attribution and remarketing on Facebook/Instagram | Conversion events with event_id for deduplication; hashed user data (email, phone) via CAPI | Meta Privacy Policy |
| TikTok Pixel (ttclid) | Campaign attribution on TikTok | Click ID, conversion events | TikTok Privacy Policy |
| Microsoft Advertising (msclkid) | Campaign attribution on Bing Ads | Click ID, conversion events | Microsoft Privacy Statement |
All of the above tools are only activated after your explicit consent in the cookie banner. You can revoke it at any time.
6. Data sharing
- Partner carriers: for eSIM provisioning;
- Payment processors: for transaction authorization;
- Analytics and advertising platforms: as described in section 5, subject to consent;
- Public authorities: when required by law.
We do not sell your data to third parties.
7. Retention
Order data is retained for 5 years in accordance with tax legislation. Account data is kept while the registration is active. Analytics and marketing data is retained according to each platform's policies (GA4: 14 months; Meta: 180 days). You may request early deletion in the cases provided for by the LGPD.
8. Your rights
As a data subject, you can:
- Access the data we hold about you;
- Correct incomplete or outdated data;
- Request anonymization, blocking or deletion;
- Revoke consent at any time (including via the cookie banner);
- Request portability of your data;
- File a complaint with the ANPD.
To exercise these rights: [email protected]
9. Cookies and Consent Mode
We use Google Consent Mode v2, which applies granular consent settings before loading any marketing tag. The categories are:
- Essential: necessary for the site to function (session, preferences, security) — always active;
- Analytics: GA4, browsing behavior — require consent;
- Marketing: Meta Pixel, Google Ads, TikTok, Microsoft Ads — require consent.
Manage your preferences via the cookie banner shown on your first visit or through your browser settings.
10. Security
We adopt encryption in transit (SSL/TLS), server-side routing via sGTM to minimize data exposure in the browser, internal access controls and continuous monitoring to protect your data against unauthorized access, loss or alteration.
11. International transfer
Data may be processed in the United States by Oryn Labs LLC and by the providers listed in section 5 (Google, Meta, TikTok, Microsoft), all based in the USA. We ensure that these transfers occur with adequate safeguards, in accordance with art. 33 of the LGPD.
12. Contact and DPO
Data Protection Officer: [email protected]
Last updated: June 2026.
board
connected
Your next trip starts now. eSIM active in 60 seconds.