Summary
The REALLY PrivateCore™ is like a VPN for telecom, and protects your privacy and enhances security.
Anonymous by default (no PII). We don’t collect personal identifiable information to sign up or operate your line. No government ID. No PII dossier.
Minimum to run service, only as long as needed. No adtech. No data brokering.
No centralized, identity-linked archive. Host networks don’t receive any identifier mapping from us; tower CDRs on their side aren’t tied to your account through us.
Two clean boundaries: (1) Telco data stays with REALLY and (2) Aura only gets the indicators you enable, no telco usage data. Any third party vendors are optional to the customer.
Proof-ready: policies, diagrams, audits, tests, and contracts (see Proof & Verification).
The Critic’s Question
“Exactly what data do you collect about me, where does it live, who can see it, and for how long? Show me the list.”
What We Collect
Principle: If a dataset isn’t required to deliver service or meet a legal duty, we don’t collect it—and we don’t collect PII.
A) Account & Billing (required to operate service, no PII)
Anonymous account identifier (pseudonymous handle/token; no PII).
Plan & SIM details (e.g., ICCID/eSIM metadata).
Contact channel (optional) a privacy-preserving method you choose (e.g., alias email).
Payment artifacts (processor-side), tokenized references and receipts; we do not store full card numbers and no PII is required by us.
Retention: Short, purpose-bound ceilings (see Retention Matrix). Finance artifacts kept only as legally required (still without PII on our side).
B) Network Operations (to make the SIM work, no PII)
Authentication & policy events (e.g., SIM attach, policy enforcement).
Session metadata (technical parameters to route/limit/terminate a session).
No PII associated in our systems.
What’s not happening:
No centralized, identity-linked archive of historical usage.
Hosts do not receive our account↔identifier mapping.
Retention: Short technical windows for troubleshooting, then deletion.
C) Event Records at the Tower (radio reality, no PII from us)
Tower-side CDRs exist at the host (time, cell, technical IDs).
Key boundary: Those records are not tied to your REALLY account via us (we do not share mapping), and we don’t warehouse them for years.
Retention: Strict ceilings for what we keep; hosts don’t get our mapping.
D) Security & Abuse Prevention (no PII)
Login/recovery telemetry (success/failure counts, coarse device signals as needed).
Fraud & SIM-swap defenses (signals to prevent takeovers).
Rate-limited logs for anomaly detection.
Retention: Tight TTLs; logs masked at ingest; no PII.
E) Optional Aura Features (lives outside your telco data)
What moves: Basic account bootstrap + only the indicators you add (e.g., an email to monitor).
What does not: No CDRs, no tower history, no subscriber mapping, no PII from us.
Retention: Governed by Aura’s policies; you can delete your Aura account independently.
What We Don’t Collect (Highlights)
No PII to create or maintain your line.
No ad identifiers / data-broker feeds for profiling.
No location-history warehouse tied to identity.
No content of calls/SMS beyond ephemeral delivery.
No app-level web browsing history in telco systems.
(Website analytics are covered separately, with opt-out guidance.)
Where It Lives (System Boundaries)
REALLY PrivateCore™ (includes the “brains”) — no PII
Provisioning, billing, care, policy.
Minimal, siloed datasets with strict access control.
No identifier mapping shared with hosts.
Host Network (the “towers”) — technical only
Radio-side CDRs/technical events.
No mapping from us; cannot tie to a named subscriber via REALLY.
How Long We Keep It (and Why)
We publish a Retention Matrix with examples like:
Auth/session diagnostics: ≤ 30 days (ops troubleshooting).
Billing artifacts: only as required by law/tax; otherwise short ceilings (still no PII).
Security logs: 60 days with masking; rotate & delete.
Support tickets: until resolved + short TTL, then delete.
Access & Controls (Who Can See What)
Least-privilege by default (role-based; periodic review).
Strong auth + Just-In-Time elevation for sensitive systems.
Immutable audit logs (every access recorded; anomalies flagged).
Data subject actions (export/delete paths where applicable—no PII to begin with).
Big Wireless vs. REALLY (Data Layer)
Topic | Big Wireless (typical) | REALLY |
|---|---|---|
PII at signup | Government ID/SSN common | No PII |
Identity-linked archives | Centralized, long-retained | No centralized, identity-linked archive |
Host visibility | Broad systems view | Hosts don’t receive any mapping |
Monetization | Common | No monetization |
Retention | Multi-year by default | Short, purpose-bound TTLs |
FAQs
Do you sell or share my data for ads?
No. We don’t monetize customer data.
Do you require PII to start service?
No. Accounts are anonymous (no PII). You choose a privacy-preserving contact method.
Can the host carrier tie tower records to me?
Not via us. We do not send our account↔identifier mapping to hosts.
What about legal requests?
We respond to valid, targeted requests. Because we keep minimal, short-lived records and no PII, disclosures are naturally narrow.
What about my web browsing on cellular?
We don’t keep an identity-linked browsing history. For app-level privacy, use our built-in VPN (Explainers #5/#6) and privacy-respecting apps.
Wrap-Up
We operate a full mobile network without PII, without a one-stop archive, and with short retention. We don’t share mapping with hosts, because we don't have it, and we never monetize your data. The result: reliable service, targeted due-process access when required, and no mass-surveillance substrate.
Proof & verification (in progress)
Policy:
Public No-PII Signup policy and Privacy Spec (datasets, purpose, access, TTL).
Retention Matrix with concrete ceilings (days/months) and deletion methods.
No-Monetization Statement (CTO/GC attestation).
Architecture:
Data-flow diagram: REALLY Core/B/OSS (no PII) ↔ Host (towers) with No Mapping Shared boundary.
Interface inventory with field whitelists (what never leaves).
Audit:
SOC 2 / ISO 27701 summaries covering access control, logging, retention enforcement, and vendor oversight.
Quarterly access reviews (role pruning, JIT elevations).
Tests:
TTL drills (“request after retention window” → no data found).
Field-level export checks proving hosts do not receive our mapping.
Log-masking verification at ingest.
Transparency:
Privacy/security changelog (e.g., “CDR TTL reduced from 30 → 14 days on YYYY-MM-DD”).
Law-enforcement transparency report (received/complied/narrowed/rejected).
Contracts:
DPAs & roaming agreements with field whitelists, purpose limitation, retention ceilings, no re-ID, no secondary use, no adtech.
Join the only carrier that makes privacy non-negotiable.
