ConnectMap

Privacy Policy

Your privacy is fundamental to how ConnectMap operates. We are transparent about what data we collect, how we use it, and your rights.

Last Updated: June 2026. This Privacy Policy describes our practices for collecting, using, and protecting your personal information when you use ConnectMap (including our website, mobile applications, and services). Please read this carefully.

1. Overview: Our Privacy Principles

ConnectMap is built on the principle that you own your data. We collect only what we need, anonymize before aggregation, and never sell individual-level information to third parties. We believe internet access is infrastructure and data about it should serve public interest, not private profit.

Our approach is governed by:

  • Transparency: You know what we collect and why.
  • Minimization: We collect as little as necessary.
  • Anonymization: Individual data is anonymized before any aggregation or publication.
  • User Control: You can delete your account and all associated data anytime.

2. What Data We Collect

When You Create an Account:

  • Email address (for authentication and support)
  • Password (hashed and salted)
  • Optional: Display name, profile picture

When You Use the App to Run Tests:

  • Geographic coordinates (latitude, longitude)
  • Timestamp of the measurement
  • Network type (5G, 4G LTE, WiFi, etc.)
  • Signal strength (RSRP, RSRQ)
  • Download and upload speeds
  • Latency and jitter
  • Carrier name (inferred from SIM)
  • Device type and OS (anonymized category, not unique identifier)

When You Browse Our Website:

  • IP address
  • Browser type and version
  • Referring URL and pages visited
  • Approximate geographic location (city-level, from IP)

3. How We Use Your Data

Legitimate Uses:

  • Service Provision: To run connectivity tests, aggregate results, and display maps.
  • Research: To understand connectivity patterns and publish anonymized aggregate findings.
  • Improvement: To improve app performance and identify network anomalies.
  • Support: To respond to your inquiries and troubleshoot issues.
  • Legal Compliance: To comply with valid legal requests and prevent fraud.

What We Do NOT Do:

  • Sell individual-level data to third parties.
  • Use your data for targeted advertising.
  • Build profiles to predict your behavior.
  • Share raw measurement data with carriers or competitors.
  • Sell email lists or contact information.

4. Data Anonymization & Aggregation

Before any data leaves your device, we strip personally identifiable information. Individual measurements are tagged with a randomized user ID (not linked to your email) and geographic bins (city or neighborhood level, never street address).

All published maps and datasets are strictly aggregated:

  • Individual measurements are grouped by geography and time.
  • Statistics (median speed, 95th percentile latency, etc.) are published, never raw rows.
  • No individual person can be re-identified from published data.
  • We regularly audit for re-identification risk using differential privacy techniques.

5. Data Retention

Individual Measurements: Raw data is retained for 24 months. After that, only aggregated monthly summaries are kept. You can request deletion of your measurements at any time.

Account Information: Retained as long as your account is active. When you delete your account, all associated data is purged within 30 days, except where legally required to retain it.

Aggregated Data: Published maps and historical datasets are retained indefinitely for research purposes (this data is fully anonymized).

Logs: Server and access logs are retained for 90 days for security and debugging, then deleted.

6. Third-Party Sharing & APIs

Academic Research: We grant anonymized dataset access to registered researchers and institutions for peer-reviewed studies. All access is logged and agreements require responsible data handling.

Government & Policy: With your consent or in response to valid legal process, we may share aggregate findings with city planners and regulators. We do not share individual user data without a subpoena.

Service Providers: We use third-party vendors for:

  • Cloud hosting (AWS, encrypted at rest and in transit)
  • Email delivery (for account notifications only)
  • Analytics (Plausible, privacy-respecting, no tracking IDs)

All vendors are bound by data processing agreements and cannot use your data for their own purposes.

No Selling: We do not sell data or contact information to third parties under any circumstances.

7. Your Rights & Choices

You have the right to:

  • Access: Request a copy of all data we hold about you.
  • Correction: Ask us to correct inaccurate personal information.
  • Deletion: Request deletion of your account and all associated data (except where legally required to retain).
  • Portability: Receive your data in a portable, standard format.
  • Objection: Opt out of specific uses (e.g., research, analytics).
  • Withdraw Consent: For any optional data collection, you can withdraw consent anytime from your account settings.

To exercise these rights, email [email protected]. We will respond within 30 days.

8. Security & Encryption

In Transit: All data sent to ConnectMap is encrypted using TLS 1.2 or higher. Your app communicates with our servers via secure HTTPS connections only.

At Rest: Databases are encrypted using AES-256. Backups are encrypted separately.

Password Storage: Passwords are hashed using bcrypt with a unique salt per user. We never store plain-text passwords.

Audit Logging: All access to sensitive data is logged and monitored. We conduct regular security audits and penetration testing.

Data Breach Protocol: If a security breach affects your data, we will notify affected users within 72 hours and work with relevant authorities.

9. Cookies & Tracking

Essential Cookies: We use cookies only for authentication and session management. These are necessary for the service to function.

Analytics: We use Plausible Analytics, a privacy-respecting analytics provider that does not use tracking cookies or persistent identifiers. You cannot be tracked across sites.

Third-Party Tracking: We do not allow third-party ad networks, social media trackers, or other invasive cookies on ConnectMap.

Local Storage: The app may store settings locally on your device (app preferences, cached map tiles). This data is not sent to our servers without your explicit consent.

10. Children & COPPA

ConnectMap is not intended for use by children under 13. We do not knowingly collect data from children under 13. If we become aware that a user is under 13, we will delete their account and data immediately. If you believe a child under 13 has created an account, please contact us at [email protected].

11. Geographic-Specific Rights

California (CCPA):

California residents have the right to know what personal information is collected, request deletion, and opt out of the sale of personal information. ConnectMap does not sell personal information. To exercise CCPA rights, contact [email protected].

Europe (GDPR):

If you are in the EU/EEA, your data is processed under GDPR. Your lawful basis for processing includes consent, legitimate interest in research, and legal obligation. You have the right to lodge a complaint with your data protection authority.

Canada (PIPEDA):

Canadian users are protected under PIPEDA. You have the right to request access, correction, and deletion. Contact us at [email protected].

12. Data Processing & DPA

For Enterprise and Professional customers, we offer a Data Processing Agreement (DPA) that outlines our obligations as a data processor. If you are a customer that qualifies, contact our sales team to request a DPA.

13. Policy Changes

We may update this Privacy Policy occasionally. Material changes will be announced via email and in-app notification. Your continued use of ConnectMap after changes signifies acceptance. The date of the most recent update appears at the top of this policy.

14. Contact & Grievance

Privacy Questions: [email protected]

Data Requests: [email protected]

Complaints: [email protected]

We aim to resolve privacy concerns within 30 days. If you are unsatisfied, you have the right to lodge a complaint with your local data protection authority.

15. California Resident Disclosures (CCPA)

Categories of Personal Information Collected: Identifiers, commercial information, internet activity, location data, device information.

Purpose of Collection: Service provision, research, analytics, legal compliance.

Source: You (directly), automated collection from devices and browsers.

Sharing: Academic researchers (anonymized), service providers (under contract), legal requests (court order).

Sale: We do not sell personal information as defined by CCPA.

Your Rights: Right to access, delete, and opt-out of sale (though we don't sell). To exercise: [email protected].

16. Accessibility & Data Minimization Commitment

We are committed to data minimization. We collect only what's necessary to provide the service and publish quality research. We regularly audit our data practices for over-collection and delete unnecessary data. If you believe we're collecting more than needed, contact us at [email protected].

Questions about our privacy practices? Get in touch.

Back to Home