CellWatch

An open source cellular network measurement suite

CellWatch App Privacy Policy

Table of Contents

CellWatch follows the principle of private-by-design. To protect user privacy, we will only collect necessary data and will share data with third-party partners with explicit user consent. This privacy policy is written in plain language and explains how we collect, use, store, and protect your data.

You should not use CellWatch if you do not want any information about your device, your location, or your Internet connection available to the public.

Types of information we collect

The app collects several types of information. All data collected by CellWatch is stored on servers that we control. Additionally, some data is collected, stored, and shared by the Measurement Lab (M-Lab), a separate entity, on servers they control. The following table describes each type of information and who collects it. See the rest of this privacy policy below for more details.

Description Collected by CellWatch? Collected by M-Lab?
Contact information Your name, phone number, and email address. Yes, if using the FCC sharing mode No
Location information Precise geographic location of your device at the time of each measurement, including latitude, longitude, and speed. Yes No
Date/time information Date and time of each measurement. Yes Yes
Device information Device manufacturer, model, operating system, and operating system version. Yes No
Network information Data about your connection at the time of each measurement including IP address, port, cellular service provider, cell ID, signal strength, and type of connection (e.g., 3G, 4G, 5G). Yes Only IP address and port
Performance information Measurement data describing the performance of the network connection at the time of each measurement. Includes latency, download speed, and upload speed. Yes Yes

How we use and share the data

We use your data internally to support the ongoing development of the app. In addition, we may share your data with the public, in research publications, with M-Lab, with the Federal Communications Commission (FCC), and with Supabase, as described below. We do not sell or otherwise monetize your data in any way. Personally identifiable information is only shared with M-Lab, the FCC, and Supabase, as described below.

Sharing data with the public

Some of the data collected by CellWatch will be released to the public on the CellWatch website. This data will be released at most once every quarter, i.e., at most four (4) times in a calendar year. This data includes:

  • Performance data (e.g., upload and download speed, latency)
  • De-identified locations (see disclaimer below*1)
  • De-identified timestamps (see disclaimer below*2)
  • Telephony data (e.g., cell ID and signal strength)
  • Device data (e.g., make, model, and OS version)

The data released on the CellWatch website will not include any personally identifiable information such as your name, phone number, email address, IP address, or device IMEI. However, note that some personally identifiable information (e.g., your IP address) will be publicly shared by M-Lab, as described in the Sharing data with M-Lab section below.

*1 Exact locations will not be released on the CellWatch website. We will convert the GPS locations to a hexagon ID in the H3 system with a resolution of 9. This means that your location will be precise within about 1/8 of a mile. For a preview on how the H3 system works, please take a look at this interactive map. Note that the FCC may make the exact location of your measurements public if you choose to share with the FCC, as described below.

*2 When published on the CellWatch website, timestamps will be aggregated into buckets of at least four (4) hours (e.g., we will group all measurements taken between 8am and 12pm). Note that M-Lab also stores and publishes the exact timestamps of your measurements, as described below.

Sharing data in research publications

We reserve the right to use all collected data for research purposes (e.g., data analysis). However, any publications using this data will only display aggregate data. In other words, your individual measurement information and personally identifiable information will not be displayed in any publication.

Sharing data with M-Lab

The Measurement Lab (M-Lab) is a community-based open-source project dedicated to improving Internet measurement. CellWatch uses M-Lab’s test servers to take measurements. When a measurement is run, M-Lab collects the network performance data as well as your current IP address and port number. M-Lab publishes this data publicly.

CellWatch does not explicitly share any other data with M-Lab; they only have access to the data that they collect as part of the measurement process. The table above shows which types of data they collect.

The M-Lab Privacy Policy states that all data is retained indefinitely and published publicly to support research on Internet performance.

Their policy also highlights other specific uses of data:

  • Data aggregation for internal analysis or for third parties. Some data may be used to visualize patterns in specific regions or for a specific provider.
  • Maintenance and improvement, which includes troubleshooting issues and optimizing their website.
  • To enforce legal claims, such as investigations of potential violations of the Acceptable Use Policies or other legal purposes.

The M-Lab Privacy Policy states that your data will first be collected onto one server (typically the one nearest to you). After the initial collection, your data will be aggregated and moved onto another M-Lab server for long-term storage.

We encourage you to read the M-Lab privacy policy for more details.

Sharing data with the FCC

You may optionally choose to send your data to the FCC as part of their Mobile Broadband Availability Challenge process. Your data will only be shared with the FCC if you choose this option in the app before taking a measurement. If you choose to share with the FCC, all the information described in the table above will be shared with the FCC.

If your data becomes part of a challenge, the FCC may further share it. They may share your data with your internet service provider to aid the provider in responding to the challenge. Additionally, the FCC will make public the geographic coordinates, the name of the provider, and other relevant details concerning the basis for the challenge. However, the FCC will not disclose your individual contact information to the public.

Sharing data with Supabase

We store your data in an encrypted backend database that is hosted and managed by Supabase. See the How we protect the data section below for more details about how Supabase secures the data.

How we protect the data

All CellWatch data is stored in a backend database hosted and managed by Supabase. Supabase is SOC2 Type 2 compliant and employs standard security measures to protect the data, including encrypting data at rest and in transit, conducting regular penetration tests, and using vulnerability scanning tools. We use Supabase servers in the United States. You can read more about Supabase’s security at https://supabase.com/security.

To limit user access to data, we employ access control mechanisms within the backend database. These controls prevent users from viewing or modifying granular data that is not tied to their device. (Non-granular data may be viewed by anyone, as described in the Sharing data with the public section above.)

The CellWatch team grants Supabase access to internal developers on an as-needed basis only. Internal developers with Supabase access may view any CellWatch data as needed when fixing issues and developing new features. The CellWatch team protects Supabase accounts by using multi-factor authentication and storing credentials in a password manager.

We use Supabase’s audit logging to help identify any suspicious access to the data. In the case of a breach, we will take reasonable steps to remediate the breach, which may include notifying users whose information may have been compromised.

A subset of your data, such as the date/time, IP address, and performance information (see table above), is stored on M-Lab’s servers. All data collected and stored by M-Lab is made publicly available (see Sharing data with M-Lab above).

Age requirements (16+)

Because CellWatch uses M-Lab’s services, which are restricted to users 16 and older, we have the same requirements. You may not use CelllWatch to take network measurements if you are younger than 16.

GDPR disclaimer

CellWatch will only be enabled for use inside the United States. At this time, we will not collect any data from users inside the European Union.

Contact us

If you have any questions, comments, or concerns about the CellWatch Privacy Policy, please contact Dr. Ellen Zegura at ewz@cc.gatech.edu.