Back to home
Legal · Privacy

Privacy Policy

Last updated: · Effective:

The short version

We collect only what we need to deliver fiber service: account & billing details, the network traffic metadata required to keep your link healthy, and basic site analytics. We do not sell your personal information. We do not sell your browsing history. You can access, correct, export, or delete your data at any time by emailing privacy@sfinnov.com.

1. Scope and definitions

This Privacy Policy describes how SF Innovations Inc. ("SF Innovations," "we," "our," or "us") collects, uses, shares, and protects information when you visit sfinnov.com, sign up for fiber-internet service, use our network, or interact with our support and sales teams. It applies to residential and business customers, prospective customers, and visitors to our website.

Throughout this policy, "personal information" means information that identifies, relates to, or could reasonably be linked with you or your household. "Service" means the internet-access service we provide and any related applications, equipment, or support.

2. Information we collect

2.1 Information you provide

  • Account details: name, service address, email, phone number, date of birth (for identity verification), and password.
  • Billing details: billing address, payment instrument (last four digits and tokenized card data — full card numbers are stored only by our PCI-DSS Level 1 payment processor), and billing history.
  • Identity verification: for new business accounts we may request a tax ID, business address, and the name of an authorized signer.
  • Support communications: the content of emails, chat transcripts, and recorded phone calls you have with our team.
  • Marketing preferences: the channels you've opted into and any survey responses.

2.2 Information generated by the Service

  • Network operations data: aggregated bandwidth utilization, link state, signal levels, error counts, and outage events at your optical network terminal.
  • Traffic metadata: the IP addresses we assign to your equipment and DHCP / RADIUS / DNS records used to route packets. We do not inspect the contents of your traffic.
  • Equipment information: serial numbers, firmware versions, and configuration of devices we provide (ONT, router, mesh nodes).

2.3 Information collected on our website

  • Usage data: pages viewed, referrer, approximate location (city / region) derived from IP, device type, and browser.
  • Cookies and similar technologies: see our Cookie Policy for the full list.

What we do not collect: we do not log the URLs you visit or the contents of your packets. We are not in the surveillance-advertising business.

3. How we use information

We use the information described above to:

  • Provision, deliver, monitor, and repair your internet service.
  • Bill you accurately and prevent fraudulent activity on accounts.
  • Provide customer and technical support, including triaging outages and processing service requests.
  • Operate, secure, and improve the network — including DDoS mitigation, abuse handling, and capacity planning.
  • Send transactional communications about your account, outages, and policy changes.
  • Send marketing communications, only with your consent and only about our own services. You can opt out at any time using the link in any marketing email.
  • Comply with applicable laws and respond to lawful requests from courts and regulators.

4. When we share information

We share personal information only in the limited situations below.

  • Service providers. We use vetted vendors for payment processing (Stripe), email delivery, customer-support tooling, error monitoring, and underground locate / utility-coordination services. They process information only on our behalf and under written contracts.
  • Network peering and routing. Routing your traffic necessarily involves IP-level interaction with other networks at internet exchanges. No personally identifiable information is shared in this process.
  • Legal compliance. We disclose information when required by valid subpoena, court order, search warrant, or law that we determine, in good faith, applies to us. Where lawful, we notify affected customers in advance.
  • Safety and security. To protect our network, our customers, or the public from imminent harm.
  • Business transfers. If we merge with or are acquired by another entity, customer information will move with the business under the same protections.
  • With your consent. Any other sharing requires opt-in.

We do not sell personal information as that term is defined under California, Virginia, Colorado, Connecticut, Utah, or any other US state privacy law. We do not share personal information for cross-context behavioral advertising.

5. Customer Proprietary Network Information (CPNI)

As a telecommunications carrier, we are subject to Section 222 of the Communications Act and the FCC's CPNI rules. CPNI includes information about the type, technical configuration, and amount of service you purchase.

We use CPNI only to provide and bill for your service unless you opt in to other uses. We do not use, disclose, or permit access to CPNI for marketing of products or services outside of your existing service category without your express written consent. You may contact us at any time to revoke previously granted consent.

6. Your privacy rights

Regardless of where you live, you can:

  • Access a copy of the personal information we hold about you.
  • Correct information that is inaccurate or out of date.
  • Delete your account and associated personal information (some records, like billing history, must be retained for tax and regulatory reasons — see Section 9).
  • Export a portable copy of your account information.
  • Opt out of marketing emails at any time, with no effect on your service.

To exercise any of these rights, email privacy@sfinnov.com from the address on file or call us at (305) 330-4788. We respond within 30 days.

7. California (CCPA / CPRA) rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively "CCPA").

In the past 12 months, we have collected the following categories of personal information about California residents:

CategoryExamplesSource
IdentifiersName, address, email, phone, IP addressYou; the network
Customer recordsBilling history, payment instrument metadataYou; payment processor
Commercial informationPlan, service type, equipmentYou; the network
Internet / network activityAggregated bandwidth use, link diagnosticsThe network
GeolocationService address; approximate IP geolocationYou; standard databases
Audio / electronicCall recordings (with disclosure)You

You have the right to know, correct, delete, and limit use of sensitive personal information. We do not sell or share personal information for cross-context behavioral advertising, so the "Do Not Sell or Share" right is automatically honored. You may designate an authorized agent in writing to act on your behalf.

To submit a CCPA request, email privacy@sfinnov.com with the subject line "California privacy request."

8. Children's privacy

Our service is not directed to children under 13, and we do not knowingly collect personal information from anyone under 13. If you believe a child has provided us information, contact us and we will delete it.

9. Data retention

  • Active account data — for the duration of your service plus 24 months.
  • Billing records — 7 years (US tax and accounting requirements).
  • Network operational logs — 90 days, then aggregated and anonymized.
  • DHCP / RADIUS lease records — 6 months.
  • Support call recordings — 12 months.
  • Marketing preferences — until you withdraw consent.

When the retention period ends, we either delete the records or irreversibly anonymize them.

10. Security

We protect personal information with administrative, technical, and physical safeguards appropriate to its sensitivity. These include encryption in transit (TLS 1.3) and at rest (AES-256), least-privilege access with mandatory multi-factor authentication, segregated production environments, annual penetration testing by independent third parties, and an internal incident-response plan that meets the standards of NIST SP 800-61. No method of transmission or storage is perfectly secure; we will notify you and the appropriate regulators in the event of a confirmed breach affecting your information.

11. International transfers

We are a US company and our infrastructure is located in the United States. If you access our website or services from outside the United States, your information will be transferred to and processed in the US, where data-protection laws may differ from those in your jurisdiction. We rely on Standard Contractual Clauses with vendors that process EU/UK personal data on our behalf.

12. Changes to this policy

We may update this Privacy Policy to reflect changes in our practices or in the law. Material changes will be announced at least 30 days in advance via email and a banner on our website. The "Last updated" date at the top of this page always reflects the most recent revision.

13. Contact

Questions, requests, and concerns are always welcome. We try to respond within five business days.

Privacy team — SF Innovations Inc.
66 West Flagler Street, Suite 900 — #4488
Miami, FL 33130, USA
Email: privacy@sfinnov.com
Phone: (305) 330-4788