Privacy Policy
Last updated: March 19, 2026
1. Identity of the data controller
HiCellTek
Sole proprietorship (Entreprise individuelle). Takwa Sebai
SIREN: 882 716 228
Registered office: Antony, France
Data protection contact:
Email: privacy@hicelltek.com
Postal address: Antony, France
2. Purpose
This privacy policy informs users of the HiCellTek application (hereinafter "the Application") and the website hicelltek.com (hereinafter "the Website") about how their personal data is collected, processed, and protected, in accordance with Regulation (EU) 2016/679 of April 27, 2016, on the protection of natural persons with regard to the processing of personal data (GDPR) and French Law No. 78-17 of January 6, 1978, as amended (Loi Informatique et LibertΓ©s).
3. Data collected, purposes, and legal bases
3.1 Processing activities
| Category | Data | Purpose | Legal basis | Nature |
|---|---|---|---|---|
| Identification data | Email address, password (hashed) | Account creation & management, authentication | Performance of contract (Art. 6.1.b) | Required |
| Device identifiers | ANDROID_ID | License-to-device binding, fraud prevention | Performance of contract (Art. 6.1.b) | Required |
| Cryptographic key | RSA public key generated on device | Securing the license-device binding | Performance of contract (Art. 6.1.b) | Required |
| Location data | GPS coordinates (latitude, longitude) | Network coverage mapping, drive test, indoor walk test | Consent (Art. 6.1.a) | Optional |
| Network diagnostic data | RSRP, RSRQ, SINR, L3 signaling messages | Provision of the network diagnostic service | Performance of contract (Art. 6.1.b) | Required (local storage only) |
| Purchase data | Google Play receipts, subscription ID | Verification & activation of HiCellTek Pro subscription | Performance of contract (Art. 6.1.b) | Required (HiCellTek Pro) |
| Crash data | Stack traces, device model, OS version | Bug resolution, stability improvement | Legitimate interest (Art. 6.1.f) | Required (Firebase Crashlytics) |
3.2 Data not collected
HiCellTek does not collect the following categories of data:
- Contacts from the phone directory
- Photos, videos, or multimedia files
- SMS or call logs
- Browsing history
- Advertising ID
- Biometric data
4. Data recipients
4.1 Internal access
Personal data is accessible only to authorized personnel within HiCellTek, limited to what is necessary for the performance of their duties.
4.2 Processors
| Processor | Service | Data processed | Location | Safeguards |
|---|---|---|---|---|
| o2switch | Backend hosting | Account data, device IDs, RSA key, purchase data | France (Clermont-Ferrand) | Hosting contract, servers in France |
| Google Ireland Limited | Google Play Billing | Purchase data, Google identifier | Ireland / USA | Google DPA, EU-US Data Privacy Framework |
| Google LLC | Firebase Crashlytics | Stack traces, model, OS version | USA | Google DPA, EU-US DPF, Standard Contractual Clauses |
| Google Ireland Limited | Google Maps API | GPS coordinates (client-side only) | Ireland / USA | Google Maps Platform ToS |
| Cloudflare Inc. | Speed Test endpoints | IP address, throughput metrics | USA / Global | Cloudflare DPA, EU-US DPF, SCCs |
4.3 Other recipients
Personal data is never sold, rented, or transferred to third parties for commercial purposes. Data may be disclosed to third parties in the event of a legal obligation or for the defense of HiCellTek's rights.
5. Data transfers outside the European Union
Certain processors process data outside the European Union, particularly in the United States. These transfers are governed by the following mechanisms:
| Mechanism | Legal basis | Processors |
|---|---|---|
| EU-US Data Privacy Framework | Adequacy decision of July 10, 2023 | Google LLC, Cloudflare Inc. |
| Standard Contractual Clauses (SCCs) | Decision (EU) 2021/914 | Google LLC (Crashlytics), Cloudflare Inc. |
HiCellTek regularly assesses the need for supplementary measures to ensure a level of protection equivalent to that guaranteed within the European Union, in accordance with EDPB recommendations.
6. Data retention periods
| Category | Retention period | Justification |
|---|---|---|
| Account data | Duration of account + 3 years after deletion | Contract + statute of limitations |
| Device identifiers | Duration of account | License management |
| Location data | Local on device. Server: 12 months | Period necessary for purpose |
| Network diagnostic data | Local storage only | N/A |
| Purchase data | 10 years | Accounting obligations (Art. L123-22 French Commercial Code) |
| Crash data | 90 days (Firebase Crashlytics) | Malfunction analysis |
Upon expiration of these periods, data is deleted or irreversibly anonymized.
7. Data security
HiCellTek implements the following technical and organizational measures to protect personal data:
- Encryption: HLOG files are encrypted using XChaCha20-Poly1305
- Hashing: Passwords are stored in hashed form
- Communication encryption: All communications are encrypted via TLS (HTTPS)
- Authentication: License-device binding via RSA public key mechanism
- Secure hosting: Servers in France (o2switch, Clermont-Ferrand)
- Restricted access: Principle of least privilege
8. Rights of data subjects
In accordance with the GDPR and French data protection law, you have the following rights:
- Right of access (Art. 15 GDPR): obtain a copy of your data
- Right to rectification (Art. 16 GDPR): correct inaccurate data
- Right to erasure (Art. 17 GDPR): deletion of your data
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR): receive your data in a structured format
- Right to object (Art. 21 GDPR): object to processing based on legitimate interest
- Withdrawal of consent (Art. 7.3 GDPR): withdraw consent at any time for GPS location
8.1 How to exercise your rights
You may exercise your rights by the following means:
- By email: privacy@hicelltek.com
- By postal mail: HiCellTek, Antony, France, for the attention of the data protection officer
Your request must be accompanied by proof of identity in the event of reasonable doubt. HiCellTek will respond within one month, extendable by two additional months if necessary.
8.2 Complaint to the supervisory authority
If you consider that the processing of your personal data constitutes a violation of the GDPR, you have the right to lodge a complaint with the competent supervisory authority.
For users in France:
CNIL
3 Place de Fontenoy, TSA 80715
75334 Paris Cedex 07
Phone: +33 1 53 73 22 22
For users in other EU Member States: You may contact your local data protection authority.
9. Cookies and tracking technologies
9.1 Mobile application
The HiCellTek Application does not use cookies. Firebase Crashlytics uses technical identifiers (Crashlytics Installation ID) to aggregate crash reports. These identifiers are not used for advertising purposes.
9.2 Website
In accordance with the EU ePrivacy Directive (2002/58/EC) and CNIL guidelines of 17 September 2020, hicelltek.com obtains your consent before placing any non-essential cookies. You can change your preferences at any time via the "Cookie settings" link in the page footer.
Strictly necessary cookies
These cookies are essential for the website to function. They do not require consent under Article 5(3) of the ePrivacy Directive.
| Name | Purpose | Duration |
|---|---|---|
| hicelltek_cookie_consent | Stores your cookie consent preferences (localStorage) | 13 months |
Audience measurement cookies (consent required)
| Service | Provider | Purpose | Duration |
|---|---|---|---|
| Google Analytics 4 | Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland | Anonymous audience measurement (page views, session duration, traffic sources). IP anonymization enabled. | 13 months |
Marketing cookies (consent required)
| Service | Provider | Purpose | Duration |
|---|---|---|---|
| LinkedIn Insight Tag | LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland | Measures LinkedIn advertising campaign effectiveness. | 6 months |
How to manage your cookies
You can change your preferences at any time by clicking the "Cookie settings" link in the footer of every page. You can also configure your browser to reject all cookies or to alert you when a cookie is sent.
10. Minors
The Application is not intended for persons under the age of 16. HiCellTek does not knowingly collect personal data from minors under 16. If a parent or legal guardian believes their child has provided personal data to HiCellTek, they are invited to contact privacy@hicelltek.com to request its deletion.
11. Changes to this privacy policy
HiCellTek reserves the right to modify this privacy policy at any time. Any substantial modification will be brought to the attention of users by a notification in the Application or by email at least 30 days before it takes effect.
Continued use of the Application after the effective date of changes constitutes acceptance of the modified policy.
12. Contact
For any questions regarding this privacy policy or the processing of your personal data:
HiCellTek
Email: privacy@hicelltek.com
Address: Antony, France
13. Applicable law
This privacy policy is governed by French law and the GDPR. In the event of a dispute, the competent French courts or, for users in other EU Member States, the courts of the user's country of residence, shall have jurisdiction.
© 2026 HiCellTek. All rights reserved.