Privacy Matters

Privacy Matters

We’re an internet provider, not an ad company.

What the big ISPs actually do with your data

In 2017, Congress voted to let ISPs sell your browsing history to advertisers — without your permission.1

The major providers got to work immediately.

AT&T built an entire advertising technology company — Xandr — on the back of its subscribers’ data, then sold it to Microsoft for a billion dollars.2

AT&T sees every website its customers visit. Microsoft sees what they do on their computers, in their email, and at work. When AT&T sold Xandr to Microsoft, those two worlds got connected.

Comcast runs a full advertising division called Comcast Advertising, powered by what they describe as “first-party, deterministic data” from 30 million subscriber households.3 They aren’t hiding it. They have a website.

Verizon embedded invisible tracking cookies into every packet its mobile customers sent — cookies you couldn’t block or delete, even if you knew they existed. The FCC fined them $1.35 million.4 AT&T tried charging customers 50% more if they wanted to opt out of being tracked.5

Ask yourself: why does your internet provider own an ad agency?

Because you are the product.

In 2021, the FTC investigated the six largest ISPs and found they collect far more data than customers expect — browsing history, app usage, real-time location, even race and ethnicity — and that the “choices” they offer consumers are, in the FTC’s words, “often illusory.”6

And then there’s Starlink

In January 2026, Starlink updated its privacy policy to allow customer data to be used to train AI models — not just their own, but those of unnamed “third-party collaborators.” Starlink collects your location, your IP address, your payment info, and what they call “communication data,” which includes audio, visual content, shared files, and inferences they draw from everything else.

Meanwhile, SpaceX is in active talks to merge with xAI, Musk’s AI company. This isn’t abstract “we might share data someday.” They’re building the corporate structure to make it happen right now.7

They collect your data to monetize it. Then they lose it.

These companies don’t collect your data because they need it to provide your internet service. They collect it because it’s profitable. And then they fail to keep it safe.

AT&T disclosed two separate data breaches in 2024. The first exposed Social Security numbers, dates of birth, and account passcodes for roughly 73 million current and former customers. The second exposed the call and text records of nearly every AT&T wireless customer. AT&T settled the resulting lawsuits for $177 million.8

Comcast had its own breach in late 2023 — 36 million Xfinity customers had their usernames, passwords, and partial Social Security numbers exposed.9 A separate 2024 breach through a former vendor exposed another 237,000 customers’ personal data, including driver’s license numbers.10

They hoarded data they didn’t need to run their networks, spread it across sprawling vendor systems, and then couldn’t keep track of where it all lived.

We’re not in the data business

We don’t run an ad platform. We don’t train AI models with your data. We don’t collect information we don’t need. We connect you to the internet, we support you when something breaks, and that’s it.

We deliberately chose to collect as little as possible. The less we have, the less there is for anyone to steal. We don’t have your Social Security number, your date of birth, your browsing history, or your call records — because we never collected them in the first place.

We also do not have your credit card number. We’ve deliberately designed our systems so your card data goes directly to Stripe, one of the most trusted payment processors in the world — it never passes through ours. That is a security best practice that is surprisingly rare among Internet Service Providers.

What we actually know about you

Here is a complete list. It won’t take long.

  • Whatever name you gave us
  • Your phone number
  • Your email address
  • Roughly where your house is, so we can point an antenna at it
  • Limited technical logs to monitor your connection quality — so when you call us and say things are slow, we can actually help

And here is what we do not collect, do not store, and do not sell:

  • Social Security numbers
  • Driver’s license numbers
  • Dates of birth
  • Browsing history
  • App usage data
  • Location tracking
  • Credit card numbers (securely handled by Stripe)
  • Anything monetized for advertising or sold to third parties

That’s the whole list. We’re a small company that provides internet on the Mendocino Coast. We don’t need your Social Security number to do that, so we don’t ask for it. Everything else is yours.

Side by side

Corporate ISP
Further Reach
Social Security number
Collected
Never collected
Driver’s license number
Collected
We wouldn’t know what to do with it
Browsing history
Domain-level tracking via DNS
Not tracked — we don’t run our own DNS
Credit card data
Stored on their systems
Securely handled by Stripe
Your data monetized for advertising
Yes, in many scary ways
We’re an internet company, not an ad company
Major data breaches
AT&T: 73 million
Comcast: 36 million
Nothing to breach
Your dog’s name
They have no idea
So we can bring biscuits next time we’re in your driveway

What our policy actually says

We’re legally required to have a privacy policy, so we do. Here’s what it says: we don’t sell your data, we collect as little as possible, we don’t monetize any of it, and we only use the information you give us to provide your service and support. Period.

The only time we’d share anything with a third party is if we receive a legitimate, legally-mandated request — and even then, only the narrow scope of what’s required.

Read the Customer Agreement →

See also: How we manage your traffic

Privacy is one side of the coin. The other is what your ISP does with your traffic while it’s on their network — throttling, blocking, picking favorites.

Read our Network Management Policy →