Privacy Policy

Skyhook Services Privacy Policy

Effective Date: 06/22/2023

This Services Privacy Policy (the "Policy") applies to Skyhook Holding, Inc. (f/k/a TruePosition, Inc.) and its wholly-owned subsidiary Skyhook Wireless, Inc. (together, "Skyhook" or “we”, “us” and “our”).  Skyhook is wholly owned by Qualcomm Technologies, Inc. Skyhook values the personal privacy of our customers, prospects and end users, and we are committed to maintaining the trust placed in us by our customers since Skyhook’s founding 2003. A critical part of that trust involves transparency – the responsibility to be clear about the information which we may collect, how we intend to process and store that data, and how we may use this data. Accordingly, this Services Privacy Policy explains how Skyhook will collect and use information that is obtained from (or used by) our Terrestrial Positioning Service (“TPS”), which is described at Terrestrial Positioning Service (TPS) | Qualcomm.

For this Policy, we use the term “personal data” broadly to cover the many privacy and data protection laws applicable to us; generally “personal data” means information related to an identified natural person or that could reasonably be used (by itself or in combination with other data available) to identify a natural person.

1. Scope and Applicability of Privacy Policy

This Policy applies to any and all use of TPS.  It covers the data we may collect from TPS, and other data we compile from third parties in order to provide TPS.

This Policy does not cover the Skyhook Websites.  All Website actions that do not form a part of the Skyhook Services are covered by our separate Website Privacy Policy.  We encourage you to read that policy if you have questions regarding online data collection through our Websites.

As a technology and data enablement provider to mobile devices, application providers, and advertisers, Skyhook does not have a direct relationship with end users of devices or mobile applications which may incorporate the Skyhook Services.  We impose strict contractual requirements on our customers that require adherence to privacy requirements that are generally more stringent than common industry practice. However, the ultimate nature, scope and use of information that is collected from users of devices or mobile applications is subject to the privacy policies of our customers, not Skyhook.  If you have questions or concerns about data collected by a particular device or application, you should contact that provider or refer to such device or application-specific privacy policy. 

2. Overview of the Skyhook Services

So that you can better understand the TPS solution and how and why data collection is important to the provision of the solution, below is a brief description of the functionalities of TPS.

Location Determination: As part of TPS, Skyhook offers software (SDK) and cloud-based technology platform interfaces (APIs) that may be used to calculate the approximate geographic location of a device. See Terrestrial Positioning Service (TPS) | Qualcomm. The Skyhook geolocation technology determines the location of a device by interfacing with Global Navigation Satellite Systems (such as GPS), as well as by utilizing the IP address of the device and nearby Wi-Fi access points and cell towers visible to the device. This information is then processed on the device or on TPS servers to calculate and return the approximate geolocation (i.e., latitude/longitude) of the device.  We may also receive or assign a unique device identifier to location requests.

Geofencing: The TPS software may also be used to determine a device’s proximity to nearby points of interest, or whether a device has entered or exited a pre-defined geographic perimeter. For example, geofencing might be used to alert a logistics company that a particular device or shipment has arrived at or departed from a warehouse facility.

3. Information Collected by the Skyhook Services

When end users engage with mobile devices or customers that use TPS (including via SDK, API or otherwise), Skyhook may collect data that may (but does not necessarily) include the following:

• Approximate or precise geolocation information (latitude/longitude);

• Information regarding the identity (e.g., MAC Address or Cell ID) of wireless routers or cell towers in proximity to a mobile device, along with received signal strength measurements;

• IP Address of the device used to contact us (which may be either the mobile device IP Address or the WiFi router IP Address used to contact us);

• Unique device identifiers (but not an IMEI or MAC Address) that may be assigned by Skyhook or our customer's system to location requests;

• Network information, including information regarding connected MAC addresses;

• Sensor information such as barometric pressure, accelerometer measurements, gyroscope measurements, device orientation, magnetic field measurements, direction of travel, motion activity (e.g. walking), or other similar sensor measurements;

• General information about the device, including the device manufacturer, model, platform or operating system, time zone, network status (connected to Wi-Fi, etc.), timestamp and other similar information; 

• Information about the version and use of the TPS technology.

4. Information Obtained from Partners

Skyhook may also receive information from our partners, which are usually location data aggregators and application developers/publishers. These partners may send to us the same type of geolocation information (latitude/longitude) as described above.

5. How We May Use Information

In general, Skyhook uses the information collected in order to operate, maintain and deliver the TPS solution and to develop new products, services or datasets. In particular, Skyhook uses the information generated or collected as follows: 

• To provide location-enabling service(s) by calculating and providing geographic location to application developers, device makers and operating systems, when users have opted in;
• To improve the quality, accuracy and precision of Skyhook’s location database by adding the estimated location of new access points or cell towers or refining the estimated positions of existing access points or cell towers;
• To infer that a user is nearby, approaching or inside a particular location, venue or point of interest (i.e., a geofence), which may be used by our partners to provide more relevant content, advertising and user experiences;
• To infer relationships and linkages between devices and device identifiers and location, such as a relationship between or among a device, a MAC address and/or IP Address to a particular venue, store or location;
• To aggregate geolocation data in an anonymous manner in order to provide Skyhook and our partners with insights into location of mobile devices and the number and frequency of location requests in a particular area during a particular time interval;
• To infer the geographic location where IP addresses are used for use in developing and marketing an IP geolocation services to partners, including publishers, data exchanges and advertising companies; and
• To achieve other business operation purposes such as accounting, auditing, or legal compliance.

To the extent permitted by applicable law, we may combine the various types of Personal Data that we collect from different sources, including Personal Data we obtain from others. In addition, as specified above, we may de-identify and/or anonymize the personal data we collect such that it no longer can be used to identify you and, in such case, the de-identified and/or anonymized data is no longer subject to this Policy.

6. Opt-Out Choices

Skyhook requires all clients and third parties using TPS to provide notice regarding data collection and use, and to obtain all opt-ins, consents or permissions required, including without limitation any data such party collects, uses, and/or discloses from its users, the provision of such data to Skyhook, and the other party’s use of such data.

In addition, Skyhook also allows users to directly opt-out from TPS as follows:

Location Information: For users who do not want any location data of their devices to be collected by TPS-enabled applications, services or devices, the application, device, or operating system provides controls for disabling location services.  This choice may limit the functionality of the device or installed applications.  

MAC Addresses: If you wish to opt out of Skyhook’s use of your Wi-Fi access point's MAC address to provide location, you may opt-out by clicking here. If you choose to opt out, Skyhook will (if applicable) delete the positioned record for that MAC address from the Skyhook database and will blacklist that MAC address so that we will not process or use that MAC address information in the future.

IP Addresses: If you wish to opt out of Skyhook’s use of your home IP Address, you may opt-out by clicking here. If you choose to opt out, Skyhook will (if applicable) remove the positioned record for that IP address from the Skyhook database and will blacklist that IP address so that we will not process or use that IP address in the future.

7. Data Retention and Data Security

Data on Device:  Skyhook may store an encrypted local cache of all Wi-Fi access points and cell towers in a surrounding area on the device to allow the device’s location to be determined without connecting to our servers.  A temporary encrypted history of scanned Wi-Fi access points and cell towers nearby may also be kept in memory on the user’s device and later transmitted to our servers. A maximum of 100 historic scans will be retained on device. This encrypted cache information will be deleted from the device the next time the TPS technology connects to the TPS servers, when the application terminates, or when the device is turned off.

Data Retention:  Skyhook will retain the data generally for no longer than two (2) years or in limited cases for a longer time period, as necessary to provide the services or for any other purposes described above. After that time, some of the information may be aggregated, anonymized and/or archived for statistical purposes and stored indefinitely.

Data Security: Skyhook uses a variety of technical, administrative, and organizational measures to protect data, both during transmission and once we receive it. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee the absolute security of all information.

8. How We May Share Information

Skyhook may share information that we collect from our Location Services or obtain via partners as follows:

• With our Qualcomm affiliates;
  
  
• With our customers to provide location-based services, including location determination, geofencing, and/or proximity-based insights;

• With third party market research and information companies, to create anonymous datasets for market research, business intelligence or information products which analyze and monitor location statistics (e.g., the aggregate number of location data requests in a given area);

• With customers (including brands, data platforms, online advertising networks, and other entities) to enable research and analysis on geolocation and real-world movement patterns;
  
  
• With agents, vendors or service providers that help Skyhook to process the data or operate our business;

• To comply with legal requirements or to respond to a lawful subpoena, search warrant or other legal process or government request received by Skyhook;

• When Skyhook believes in good faith that disclosure is necessary to protect our legal and contractual rights or the safety of others or to investigate fraud;

• If Skyhook is involved in a merger, acquisition, or sale of all or a portion of our assets, in which case users will be notified via a prominent notice on our Web site of any change in ownership or uses of the information; or

• Where you have granted us permission.

Skyhook may also disclose any of the data we collect to any member of Qualcomm group of companies. Information about Qualcomm group of companies can be found at https://www.qualcomm.com/company/locations. If the disclosure to Qualcomm group companies requires a cross-border data transfer, please see Section 11, below.

9. Children's Privacy

The TPS solution is not developed or intended for persons under 13 years of age. We do not knowingly solicit or collect any personally identifiable information including from children under the age of 13, nor do we knowingly market our Services to children under the age of 13.

10. GDPR and Data Protection

As of May 25, 2018, with respect to individuals in the European Union, the European Economic Area and Switzerland who use the Skyhook Services, the following policies, clarifications and rules also apply.

Key Terms

“Personal Data” means any information relating to an identified or identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of such natural person.

“Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Purposes and Legal Bases for Processing Personal Data

Skyhook processes data for the purposes as set forth in this Services Privacy Policy, including to provide the TPS solution to our customers. To fulfill these purposes, Skyhook may access information, which may include Personal Data, to provide the TPS solution, to develop additional products or features, or in response to contractual requirements. Please see the sections above for additional details on how we collect, use, disclose and share data, make automated decisions and retain data, including Personal Data.

In general, the lawful bases for Skyhook’s Processing of Personal Data are: (i) informed consent, including as obtained via partners through contractual requirements and/or established consent frameworks or (ii) any other applicable legal bases, such as our legitimate interest.

In particular, with respect to collection, use and other processing of data specified under Section 3 of this Policy, including location data, MAC address, and unique device identifier of end user devices, which may constitute Personal Data, Skyhook relies upon the informed consent of the end user, as received through our customers and supply partners.

With respect to the collection of the approximate location of wireless hotspot information (MAC address, received signal strength, and location-related information), Skyhook relies upon legitimate interest as a basis for collection and processing. 

With respect to the collection of IP addresses and approximate location associated with their use, Skyhook is not an Internet Service Provider (or ISP) providing the connectivity and does not maintain or have access to information linking the IP address to an individual subscriber. Nevertheless, to the extent that such information might constitute Personal Data as Skyhook uses it to develop a coarse (greater than 100m) geolocation position, Skyhook relies among other things on legitimate interest as a basis for processing and collection.

The foregoing statements of legal bases for processing are intended to be non-exhaustive, and do not preclude Skyhook’s reliance on additional legal bases either now or in the future.

Additional Rights for Individuals in Europe

You may have one or more of the following additional rights available to you:

• Access. With the exception of customer account information (signed up for at my.skyhookwireless.com), which is governed by the Website Privacy Policy, Skyhook does not maintain any information regarding names, e-mail addresses, home addresses, nor do we attempt to link any location data to such fields. Accordingly, while you may request a copy of the Personal Data we have collected from you by contacting us at privacy@qualcomm.com, you must provide an applicable IP Address in order for Skyhook to locate any information that might constitute Personal Data.

• Objection / Opt-Out / Erasure. To object to or correct Personal Data about you (e.g., online identifiers such as an IP Address) being Processed for direct marketing purposes, you may contact us at privacy@qualcomm.com. In addition, as described above, you may directly opt-out from Skyhook’s use of certain online device identifiers (including MAC Address, or IP Address), by visiting our opt-out page available here.  In general, upon receipt of an opt-out request, within a reasonable time period, Skyhook will delete any collected data about this the requested online identifier from Skyhook’s database, and quarantine the identifier so that Skyhook does not collect any future data or share any information about the online identifier.

• Right to Lodge a Complaint with a DPA. If you believe our Processing of Personal Data about you is inconsistent with the applicable data protection laws, to lodge a complaint with your local supervisory data protection authority (“DPA”).

To exercise any of the above-listed rights (with the exception of the right to lodge a complaint with a DPA, which you may do directly to a DPA), please contact us at privacy@qualcomm.com. We will process any requests in accordance with applicable law and within a reasonable period of time. We may need to verify your identity before processing your request.

Compelled Disclosures.

Skyhook may be required to disclose Personal Data in response to lawful requests by public authorities, including disclosures necessary to meet national security or law enforcement requests or requirements, or pursuant to judicial orders, subpoenas, or similar legal process.

11. Cross-Border Transfers & Privacy Shield

Skyhook is a global organization, with legal entities, business processes, and technical systems that operate across borders. The information we collect is stored and processed on cloud servers (e.g., Amazon Web Services and Microsoft Azure) in regions comprising the United States and other locations around the world.  We may transfer information that is collected to affiliated entities, or to other third parties across borders and to other locations around the world. Use of the TPS technology and services constitutes consent to the transfer of the information described in this Privacy Policy to locations that may be outside of the country in which you live, and such places may be in the United States. In particular, if you are located within the European Union (the “EU”) or the United Kingdom (the “UK”), please note that personal data received by Skyhook may be transferred outside the EU / the UK / European Economic Area (the “EEA”). If we transfer personal data outside of these regions, we utilize standard contractual clauses (a copy of which can be obtained at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en) or other transfer mechanisms determined lawful by applicable laws.

In addition, although it is no longer in force, Skyhook complies with the principles of the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Skyhook has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the EU-U.S. Privacy Shield Framework, please visit our Privacy Shield page and/or view our certification at www.privacyshield.gov.  

Skyhook is accountable for information that it receives under Privacy Shield and subsequently transfers to a third party, including third parties that Skyhook engages to process this information on its behalf. The Federal Trade Commission has jurisdiction over Skyhook’s compliance with the Privacy Shield.

In accordance with the Privacy Shield Principles (the "Principles"), Skyhook has established procedures to periodically verify its implementation and compliance. Skyhook conducts an annual self-assessment of its practices regarding Personal Information intended to verify that the assertions Skyhook makes about its practices are true and that such practices have been implemented as represented. In addition, in compliance with the Privacy Shield Principles, Skyhook commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact privacy@qualcomm.com or by mail to Qualcomm Incorporated, Attn. Scott Goss, VP, Privacy Counsel, 5775 Morehouse Drive, San Diego, CA 92121.  

Skyhook has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit here for more information or to file a complaint. The services of JAMS are provided at no cost to you.

For residual complaints not fully or partially resolved by other means, you may be able to invoke binding arbitration as detailed in the Principles available here.  

12. Your California Privacy Rights (For California Residents Only)

Our privacy practices are aligned with the requirements of the California Consumer Privacy Act (as may be amended from time to time) (CCPA). If you reside in California, we are required to provide additional information to you about how we use and disclose your Personal Information, and you may have additional rights with regard to how we use your Personal Information.

Personal Information. Consistent with section 5 above, we collect certain categories and specific pieces of information about individuals that are (or may be) considered “personal information” under the CCPA. Specifically, we may collect, receive or process the following types of personal information:

• Identifiers: unique online identifiers, hashed online identifiers, Internet Protocol addresses, and MAC Addresses of nearby Wi-Fi routers;
• Geolocation: data regarding the physical location of devices or things (including mobile phones, Wi-Fi routers, etc.), or information about the location where internet connections are used;
• Inferences drawn from Personal Information: we may infer preferences, characteristics, predispositions, behaviors, attitudes, abilities, and demographic information from other Personal Information collected.

Sources. The categories of third parties from whom we may collect or receive the Personal Information described above include the following:

• Device makers or other enterprises who utilize our software or API services;
• Partners, resellers and/or distributors of our software or API services;
• Third party applications (such as Android or iOS applications); and
• Data aggregators.

Purposes. We collect your Personal Information for the business and commercial purposes described in this Policy. 

Your Rights.  Subject to certain exceptions, as a California resident, you have the right to:

• Request that we disclose access to your Personal Information;
• Request deletion of your Personal Information;
• Request information about the Personal Information we have disclosed for a business purposes and/or “sold” (as such term is defined under the CCPA) to third parties within the past 12 months; and
• Opt-out of the “sale” of your Personal Information, as detailed above and below.
• “Do Not Sell My Personal Information”. You have the right, as a California resident, to opt-out of the “sale” of your Personal Information, e., to remove Skyhook from using, selling or processing information linked to your Mobile Device ID or IP Address or to remove your Wi-Fi access point from our location database. If you wish to exercise this right, please click on the "Do Not Sell My Personal Information" link available at the skyhook.com home page or exercise your opt-out right here.

If you are a California resident and wish to exercise any of the rights described in this section, you may use the following methods to submit a request in relation to your Personal Information:

• Enter on this webpage the MAC Address or your home IP Address which you would like to opt-out;
• Contact us via the contact information in the end of this Policy

Please note that in order to opt-out your MAC Address or IP Address, you need to provide us with that information or use the “Do Not Sell My Personal Information” link and webpage as we do not have the ability to connect your name with your device(s).

To the extent that you elect to designate an authorized agent to make a request on your behalf, the above methods to submit a request apply. Please note that you are limited by law in the number of requests you may submit per year.

13. Updates and Changes to Privacy Policy

Skyhook may amend this Privacy Policy from time to time. When we do, we will also revise the “last updated” date at the beginning of the Policy. We encourage you to review this policy periodically to stay informed about how we collect, use, and share personal data.

14. Privacy Questions / Contact Information

If you have any questions, concerns or complaint regarding our privacy practices, or if you’d like to exercise your choices or rights, you can contact us as follows:

• By email at privacy@qualcomm.com
• By mailing to Qualcomm Incorporated, Attn. Privacy Office, 5775 Morehouse Dr., San Diego, CA, 92121, USA

We will make every effort to resolve your concerns.

Skyhook Privacy Policy Version: 2023 v.1