Acceptable Use Policy

1. Introduction

Skybyte exists to provide reliable, lawful mobile data connectivity to international travellers. We rely on a chain of partners — mobile network operators (MNOs), eSIM provisioning platforms, payment processors, and infrastructure providers — each of which imposes its own acceptable-use terms on traffic that traverses its network. The terms of this AUP combine our own requirements with the obligations we owe upstream, so that a single document tells you what is permitted and what is not.

This AUP applies to (a) every natural person who purchases or uses a Skybyte eSIM; (b) every legal person that purchases Skybyte eSIMs on behalf of employees, contractors, or end-customers under a B2B arrangement; and (c) every device on which a Skybyte profile is installed, regardless of whether the installer is the original purchaser. By installing or activating a Skybyte eSIM you accept this AUP on your own behalf and on behalf of any third party to whom you give or transfer the eSIM.

We interpret and enforce this AUP reasonably and proportionately. Where conduct is ambiguous or the facts are unclear, we will seek clarification before taking enforcement action, except in cases of imminent harm, suspected illegality, or threats to the integrity of partner networks. Where we err on the side of suspension, we will restore service promptly if the suspicion is not confirmed.

Capitalised terms used but not defined in this AUP have the meanings given to them in the Terms of Service.

2. Prohibited Uses

You must not use the Skybyte service, directly or indirectly, in any of the following ways. The list is non-exhaustive; conduct that is materially similar in nature or effect is also prohibited.

2.1 Sanctions and export-control violations

You must not use the service to originate or terminate connections from, or to provide service to persons or entities located in, any jurisdiction subject to comprehensive sanctions maintained by the European Union, the United Nations Security Council, the Office of Foreign Assets Control of the United States Department of the Treasury (OFAC), or His Majesty’s Treasury (United Kingdom). At the date of this AUP, those comprehensively sanctioned territories include Cuba, the Islamic Republic of Iran, the Democratic People’s Republic of Korea (North Korea), the Syrian Arab Republic, the Crimea region of Ukraine, the so-called Donetsk People’s Republic, and the so-called Luhansk People’s Republic. Sanctions lists evolve; inclusion or removal of a territory after the date of this AUP takes effect automatically, without amendment of this document. You are responsible for verifying the current sanctions status of your destination before activation. We block sales to known sanctioned destinations at checkout where technically feasible, but we cannot guarantee detection of every routing path.

You must not use the service in any manner that would cause Skybyte, its partners, or its acquiring bank to violate applicable sanctions, anti-money-laundering, counter-terrorism, or export-control law, including Council Regulation (EU) 2022/263, Council Regulation (EU) 833/2014, and successor or related instruments.

2.2 Illegal content and conduct

You must not use the service to create, store, transmit, host, link to, or otherwise distribute any content that is illegal in either (a) the country in which the eSIM is being used, or (b) the Republic of Bulgaria. Without limitation, this prohibition extends to:

• Child sexual abuse material (CSAM) or any content that sexually depicts or exploits minors. We have a zero-tolerance policy. Suspected CSAM is reported immediately to the competent authorities, including the National Centre for Missing and Exploited Children (NCMEC) where the jurisdictional nexus permits, and to the Bulgarian State Agency for Child Protection where appropriate, in line with Regulation (EU) 2021/1232 (interim derogation from the confidentiality of communications for the purpose of combating online child sexual abuse) and successor instruments under the EU CSA Regulation framework.
• Content that incites violence, terrorism, or hatred on the basis of race, ethnicity, national origin, religion, sexual orientation, gender identity, or disability, including content prohibited under Regulation (EU) 2021/784 on addressing the dissemination of terrorist content online.
• Content that infringes intellectual property rights, including copyright, trade marks, design rights, trade secrets, and database rights. Repeat infringement may result in account termination consistent with the EU Copyright Directive (Directive (EU) 2019/790) and the Bulgarian Law on Copyright and Related Rights.
• Defamation, harassment, threats, doxxing, or any conduct that violates the privacy or dignity of identified or identifiable individuals.
• Fraud, identity theft, phishing, and forgery, including the creation, transmission, or hosting of fraudulent credentials, counterfeit documents, or deceptive payment instruments.

2.3 Network abuse

You must not use the service to engage in any of the following activities against any third-party system or against Skybyte’s or our partners’ systems:

• Distributed denial-of-service (DDoS), denial-of-service, or amplification attacks of any nature;
• Operating, joining, or controlling botnets, command-and-control infrastructure, or coordinated inauthentic networks;
• Unauthorised port scanning, vulnerability scanning, brute-force credential testing, or penetration testing of systems for which you do not hold prior written authorisation from the system owner;
• Distributing malware, ransomware, spyware, keyloggers, rootkits, cryptominers installed without consent, or other malicious code;
• Spoofing IP addresses, MAC addresses, IMEI/IMSI identifiers, or other network identifiers in order to conceal origin or to bypass abuse-mitigation systems; and
• Sending unsolicited bulk commercial communications (spam), including SMS spam, MMS spam, or messaging-platform spam, in breach of Directive 2002/58/EC (e-Privacy) and Bulgarian transposing law.

2.4 Reselling and unauthorised redistribution

You must not resell, sublicense, sublease, or otherwise redistribute Skybyte eSIMs to third parties for commercial gain without our prior written authorisation. Skybyte operates a separate B2B and reseller programme governed by a written master services agreement; if you wish to resell, contact contact@banxs.com. Casual gifting of an unused eSIM to a single travel companion is not considered reselling for the purposes of this clause, provided no consideration changes hands and the recipient agrees to be bound by this AUP.

2.5 Circumvention

You must not bypass or attempt to bypass usage limits, validity periods, fair-use thresholds, geographic restrictions, age gating, or any other access control implemented by Skybyte or by a partner network. Examples of prohibited circumvention include tampering with eSIM profile metadata, cloning profiles across multiple devices in violation of single-device licensing, and using technical means to misrepresent the device’s country of presence in order to obtain service in a sanctioned territory.

2.6 Industrial-scale traffic

The Skybyte service is intended for personal or business travel-related connectivity. You must not use the service for machine-to-machine (M2M) deployments at scale, persistent server-side workloads, large-scale cryptocurrency mining, continuous real-time video broadcasting, or other industrial use patterns without entering into a separate written agreement that specifically authorises such use. Incidental, low-volume, and personal background traffic is not affected by this clause.

2.7 Misuse of personal data

If you use the Skybyte service to process personal data of third parties, you must comply with the General Data Protection Regulation (Regulation (EU) 2016/679) and the Bulgarian Personal Data Protection Act. This includes your obligations as a controller or processor in your own right, separate from Skybyte’s role as your connectivity provider.

2.8 Voice, SMS, and emergency calling

Most Skybyte Plans are data-only. They do not support traditional circuit-switched voice calls or native SMS, and they do not provide independent access to emergency services (E112, 911, 999, 110, 112, etc.). You must not rely on a Skybyte data-only eSIM as your primary or sole means of contacting emergency services. Where you require emergency calling, retain your home-network SIM or another voice-capable subscription that supports emergency calling in the country you are visiting. Where a Plan does support voice or SMS, the Plan’s product page will state so expressly and the relevant carrier-imposed conditions will apply.

2.9 Lawful intercept tampering and signalling abuse

You must not tamper with, attempt to disable, or attempt to evade lawful-intercept capabilities operated by underlying mobile network operators. You must not generate signalling traffic (for example, mass attach/detach events, mass location updates, or SS7/Diameter probing) calculated to overload or probe partner-network signalling planes. Suspected signalling abuse is treated as a severe violation under Section 4.2.

2.10 Reasonableness of enumeration

The enumeration in this Section 2 is illustrative, not exhaustive. Conduct that is materially similar in nature, intent, or effect to any item listed above is also prohibited. Where you are unsure whether a contemplated use is permitted, contact contact@banxs.com in advance and we will respond, on a best-efforts basis, with our good-faith view. A pre-clearance from us is not a guarantee of legality under the laws of your destination.

3. Fair Use Policy

Skybyte purchases bulk capacity from upstream eSIM platforms (currently eSIM Go Limited and Maya Mobile, see our sub-processor list) and resells slices of that capacity to individual travellers. To protect the experience of all customers and to honour our own obligations to those upstream platforms, the following fair-use rules apply to every Plan unless the Plan’s own product page expressly says otherwise.

3.1 Soft throttle at 90 % of plan allocation

When a Plan’s consumed data reaches ninety per cent (90 %) of its purchased allocation, Skybyte may reduce throughput on that eSIM to 1 Mbps (one megabit per second) downstream and proportionate upstream. The reduced throughput remains sufficient for messaging, navigation, and basic web browsing. You will receive a notification (e-mail and, where opted-in, in the customer dashboard) when the soft throttle takes effect.

3.2 Hard cap at 100 % of plan allocation

When a Plan’s consumed data reaches one hundred per cent (100 %) of its purchased allocation, the eSIM is suspended for further data traffic until you (a) purchase a top-up, (b) purchase a new Plan, or (c) the validity period expires. The eSIM remains provisioned on the device; you do not need to reinstall the profile to resume service after a top-up.

3.3 Tethering and hotspot use

Reasonable tethering and hotspot use is permitted on every Plan unless the Plan’s product page says otherwise. Reasonable use means use that is consistent with the data allocation and single-device intent of the Plan. Sustained sharing of the connection across multiple devices in a manner that approaches industrial M2M use (Section 2.6) is not reasonable.

3.4 Validity period

Plans have a fixed validity period (typically 7, 15, or 30 days, stated on the Plan’s product page). The period begins when the eSIM first registers on a partner network in a covered country, not at the time of purchase. Unused data does not carry over after the validity period expires; refunds for unused data after expiry are not available except where required by mandatory consumer-protection law.

3.5 Roaming and country coverage

Each Plan covers a specific list of countries, displayed on the Plan’s product page and in your account dashboard. Use of a Plan in a country not covered by that Plan is not supported and may result in failure to connect, additional charges from the underlying carrier (which we may pass through to you to the extent permitted by law), or suspension of the eSIM.

3.6 Top-ups and data refresh

You may purchase a top-up for an active Plan from your account dashboard before the validity period expires. Top-ups inherit the validity period of the underlying Plan unless the top-up product page expressly extends it. Top-ups are non-refundable once the corresponding data has been provisioned to the eSIM, subject to the consumer-law carve-outs described in the Refund Policy.

3.7 Network prioritisation

Skybyte traffic carries the priority class assigned to it by the underlying mobile network operator. In congested cells, local subscribers of the host network may be prioritised over roaming subscribers in line with that operator’s policy and applicable open-internet rules (Regulation (EU) 2015/2120 as amended by Regulation (EU) 2022/612). Skybyte does not throttle, block, or otherwise interfere with specific applications, services, or content beyond the fair-use mechanisms described in this Section 3.

3.8 Carrier of last resort and Plan substitution

Where the originally selected partner network is unavailable in a covered country (for example, due to a partner outage or regulatory action), Skybyte may route your traffic through an alternative partner with equivalent or better coverage in that country, at no additional charge. The substitution is transparent to you and does not change the terms of the Plan you purchased.

4. Enforcement

Where we determine, acting reasonably and proportionately and on the basis of the evidence available to us, that you have breached this AUP, we may take one or more of the actions described in this Section 4. We exercise these powers in accordance with a tiered response model that distinguishes between minor first-time breaches and severe or repeated breaches.

4.1 Three-strike model for minor violations

For minor violations — for example, a single occurrence of fair-use overage that does not appear to be intentional, or a minor breach of Section 2.5 (circumvention) that did not result in actual loss — we apply the following escalation:

1. First strike — Warning. We send a written notice (e-mail) describing the breach, the rule engaged, and the expected remediation. No service impact.
2. Second strike — Soft suspension. The affected eSIM may be suspended for up to seventy-two (72) hours. We notify you in writing and give you an opportunity to respond before any extension.
3. Third strike — Termination. The affected eSIM and, where appropriate, the underlying account are terminated. We reserve the right to refuse new orders from the same customer for a reasonable period.

4.2 Immediate suspension for severe violations

For severe violations, we may suspend or terminate the affected eSIM, account, and order without prior notice. Severe violations include without limitation:

• Any conduct described in Section 2.1 (sanctions);
• Any conduct described in Section 2.2 (illegal content), in particular CSAM and terrorist content;
• DDoS, botnet, or large-scale network abuse described in Section 2.3;
• Fraud, chargeback abuse, payment-instrument fraud, or identity-related fraud;
• Any conduct that exposes Skybyte, our partners, or our acquiring bank to risk of fines, sanctions, regulatory enforcement, or loss of operating licences.

Where we suspend without notice, we will provide reasons in writing within seventy-two (72) hours of the suspension, except where doing so would prejudice an ongoing investigation, breach a court order or statutory non-disclosure obligation, or interfere with the work of law-enforcement authorities.

4.3 Refunds following enforcement

Refunds following enforcement are governed by the Refund Policy. In summary: where termination is the consequence of a customer’s material breach of this AUP, we are not obliged to refund unused data or unused validity, and we may set off any losses we have suffered (including chargeback fees, fines from upstream platforms, and legal costs) against any refundable amount.

4.4 Record-keeping

We log enforcement actions in our internal audit trail, retained for seven (7) years in line with the Bulgarian Accountancy Act (where the action relates to a transaction) and applicable AML/CFT record-keeping rules. The audit trail includes the rule(s) engaged, the evidence relied upon, the action taken, and the identity of the operator who authorised the action.

4.5 Proportionality and human review

Enforcement decisions that result in termination of an account or refusal of refund are reviewed by a human operator before they take effect, except where automated rules trigger an immediate, reversible suspension to prevent imminent harm (for example, a sudden traffic spike consistent with DDoS participation). Where an automated suspension is later found to have been incorrect, we reinstate the eSIM and credit any period of unavailability against the Plan’s remaining validity, free of charge.

4.6 No collective punishment

Enforcement actions are scoped to the specific eSIM, account, or order in which the breach occurred. We do not suspend unrelated accounts on the basis of shared payment instruments, shared devices, or shared IP ranges, except where there is credible evidence of coordinated abuse across those accounts.

5. Cooperation with Authorities

Skybyte cooperates with competent law-enforcement, regulatory, and judicial authorities in line with applicable law. This Section 5 explains the framework in which we cooperate; it is not legal advice and does not displace any rights you have under data-protection or criminal-procedure law.

5.1 Legal basis for cooperation

We cooperate on the basis of, in particular: (a) the Bulgarian Electronic Communications Act (Закон за електронните съобщения) [OPERATOR DECISION: counsel to confirm specific article references for lawful interception, data retention, and lawful access to traffic and location data; subject to Constitutional Court ruling 7/2008 and subsequent CJEU jurisprudence]; (b) the EU Law Enforcement Directive (Directive (EU) 2016/680) as transposed into Bulgarian law by the Personal Data Protection Act; (c) the Bulgarian Criminal Procedure Code where a court order or prosecutorial authorisation is required; (d) Regulation (EU) 2023/1543 (e-Evidence Regulation) once it enters into application; and (e) mutual legal assistance treaties to which Bulgaria is a party.

5.2 What we will disclose

We disclose only what we are legally required to disclose, no more. Where the request is ambiguous or appears overbroad, we will challenge it through proper channels before disclosing. The categories of data we hold and that may be requested are listed in our Privacy Policy (Section 3) and include account information, order and billing records, eSIM identifiers, support correspondence, and (in limited circumstances and within the retention windows declared in the Privacy Policy) traffic and location metadata generated by the underlying carrier.

5.3 Notification of affected users

Where the law permits, we will notify affected users of a government request for their data so that they may exercise any rights to challenge it. Where the law prohibits notification (for example under a non-disclosure order accompanying a production order), we comply with that prohibition.

5.4 Transparency reporting

We intend to publish an annual transparency report summarising the number of government requests received, the number complied with in whole or in part, and the number challenged, beginning with the calendar year following the date on which our customer base reaches a threshold that makes such reporting meaningful. The first transparency report is targeted for publication in Q1 2027.

6. Use of Support Channels

Skybyte support exists to help customers resolve genuine service issues. To keep support effective for everyone, the following rules apply:

• Treat support agents and other customers with courtesy. Do not use abusive, threatening, harassing, or discriminatory language. Repeated breaches may result in restriction of your access to live chat and a switch to e-mail-only support.
• Do not submit deliberately false information. Do not file duplicate or frivolous tickets to manipulate response times or refund decisions.
• Do not attempt to obtain refunds or service credit by social engineering — for example, impersonating another customer, fabricating chat transcripts, or misrepresenting the contents of communications with our staff.
• Recordings, transcripts, and logs of support interactions are retained for three (3) years from the date the support thread is closed (see Privacy Policy §7) and may be used as evidence in enforcement decisions under this AUP.

7. Reporting Abuse

To report abuse of the Skybyte service or content carried over a Skybyte eSIM, e-mail contact@banxs.com with as much detail as you can provide, including (where applicable): the affected URL or message, the approximate date and time, the eSIM identifier or order reference if known, and screenshots or other evidence. We aim to acknowledge abuse reports within one (1) business day and to substantively respond within five (5) business days, faster for urgent matters such as imminent harm or CSAM (which is processed on receipt, around the clock).

To report a security vulnerability in Skybyte’s own systems (as opposed to abuse of the service by a customer), please use the contact channel described in our security disclosure policy and do not test against production traffic.

8. Appeals and Review

If you believe an enforcement action against you was incorrect or disproportionate, you may appeal by e-mailing contact@banxs.com with the subject line “AUP appeal” within thirty (30) days of the action. Your appeal should include: (a) the reference number of the enforcement action (provided in our notice to you); (b) the rule(s) you believe were misapplied; (c) any new facts or evidence; and (d) the outcome you are seeking (for example, reinstatement of an eSIM, refund of unused data, removal of an account flag).

Appeals are reviewed by a member of our trust-and-safety team who was not involved in the original decision. We aim to provide a substantive response within ten (10) business days. If we uphold the original decision in whole or in part, we will explain the reasons in writing.

Nothing in this Section 8 limits your right to escalate a dispute to: (a) the Bulgarian Consumer Protection Commission (KZP); (b) the EU Online Dispute Resolution platform at https://ec.europa.eu/odr; (c) the Bulgarian Commission for Personal Data Protection (CPDP) for matters involving personal data; or (d) the competent courts. Contact details are listed in the Terms of Service.

We do not retaliate against customers who exercise their right to appeal or to escalate to a competent authority.

8.1 Independent reviewer escalation

Where an appeal raises material questions of fact or law that the trust-and-safety team is not best placed to resolve (for example, contested allegations of network abuse that turn on forensic interpretation, or contested chargeback evidence), we may escalate the appeal to a designated senior reviewer (a director-level employee not involved in routine moderation decisions). Escalation does not extend the response window in Section 8 by more than ten (10) further business days and we will inform you in writing if escalation occurs.

8.2 Outcomes available on appeal

On a successful appeal in whole or in part, we may: (a) reinstate the affected eSIM and credit any period of unavailability against the Plan’s remaining validity; (b) refund the unused portion of the Plan, calculated pro rata on the basis of remaining validity and remaining data allocation, whichever yields the higher refund; (c) remove any internal account flag that arose from the original decision; (d) where the original decision was published or shared with a partner (for example, with our acquiring bank in connection with a chargeback), notify that recipient of the corrected position; and (e) document the decision in our internal precedent log so that materially similar future cases are decided consistently.

8.3 Class of decisions not subject to internal appeal

The following decisions are not subject to internal appeal under this Section 8 because they are dictated by law rather than by Skybyte’s own discretion: (i) refusals to sell or to ship to comprehensively sanctioned territories (Section 2.1); (ii) decisions taken to comply with a binding court order, prosecutorial instruction, or regulatory decision; and (iii) suspensions imposed by an upstream partner network where Skybyte does not have the contractual right to override that partner’s decision. We will explain the legal or contractual basis where such an appeal is declined and, where possible, point you to the appropriate external forum.

8.4 Definitions and interpretation

References in this AUP to a Regulation, Directive, Act, or other instrument are references to that instrument as amended, replaced, or supplemented from time to time, and to any successor instrument. References to Skybyte include Banxs Technologies EOOD and any of its affiliates that operate the Skybyte service from time to time. The headings in this AUP are for convenience only and do not affect interpretation. Where any provision of this AUP is held by a competent court to be unenforceable, the remainder of the AUP continues in force, and the unenforceable provision is construed, so far as possible, to give effect to the parties’ original intention. The English-language version of this AUP prevails over any translation in the event of conflict.

8.5 Changes to this AUP

We may update this AUP from time to time. Material changes will be notified to active customers by e-mail at least fourteen (14) days before they take effect, except where the change is required by law or by an upstream partner with shorter notice (in which case we will notify you as soon as reasonably practicable). The current version is always available at /legal/aup and the effective date is shown at the top of this page.