Last updated: 2026-01-04
Cell Lite helps fans connect to the Stadium Network and related services during live events. This policy explains what we collect, why, and the choices you have. It applies to our mobile apps and sites.
Short version: We collect the minimum needed to operate your account, provision the Stadium eSIM, secure the service, and measure reliability. Optional analytics is off until you say yes, and you can withdraw consent at any time.
Who we are
Controller: Weaver Labs Ltd (“Cell Lite”)
Contact: [email protected]
Registered office: 9th Floor 107 Cheapside, London, United Kingdom, EC2V 6DN
If you use Cell Lite in the UK/EEA, Weaver Labs is the controller for your personal data.
What we collect (by category)
We separate Essential data (needed to run and protect the service) from Optional data (analytics/diagnostics you can switch on).
Essential (no toggle; lawful basis: contract / legitimate interests)
- Device trust & account basics (on-device): We generate a secure device key and store it with your name and email in your phone’s secure storage (iOS Secure Enclave/Keychain; Android StrongBox/Keystore). No passwords; we don’t store your account data on our servers.
- Device registration (server-side, minimal): Non-sensitive metadata to recognise a trusted device and deliver entitlements, e.g. device_id, public_key, platform/OS, trust state, timestamps, and venue eligibility.
- eSIM provisioning: device capability flags (eSIM/5G), provisioning path, duration, result/error. We may store a hashed EID and the last 4 digits for support—never full ICCID/IMSI.
- Edge presence & health: venue ID, transport type (stadium eSIM/Wi‑Fi), connection checks (ping, reachability).
- Security & abuse: anti‑fraud and rate‑limit signals (e.g., IP prefix /24).
- Consent ledger: your choices for analytics, personalisation, marketing, and timestamps.
Optional (only with your consent)
- Analytics & diagnostics: crash signatures, performance traces (e.g., time‑to‑interactive), session‑level QoE for video (startup delay, buffering, bitrate).
- Personalised content: if enabled, we tailor replays/tips using in‑app behaviour (not third‑party data).
We do not use advertising IDs (IDFA/AAID) or cross‑app tracking.
Why we use your data (purposes & lawful bases)
| Purpose | Examples | Lawful basis |
|---|---|---|
| Operate the service | account, eSIM provisioning, on‑net checks | Contract / Legitimate interests |
| Security & abuse prevention | rate limits, suspicious activity logs | Legitimate interests |
| Operational notifications | setup nudges, venue safety updates | Legitimate interests |
| Analytics & diagnostics | crashes, performance, QoE | Consent |
| Personalised content | tailored replays/tips | Consent |
| Direct marketing email | news/offers | Consent (PECR) |
We complete a Legitimate Interests Assessment (LIA) for areas where we rely on LI and retain the outcome in our records.
Cookies & SDKs
We use essential cookies/SDKs to operate the service. Optional analytics SDKs only load after you opt in. See Cookies & SDKs for the current list and how to refuse.
Children
If our service is likely to be accessed by under‑18s, we apply the UK Children’s Code standards (high privacy by default). For online services, the UK age of digital consent is 13. Below that age, certain processing requires parental responsibility consent.
Sharing & subprocessors
We use a small number of vendors to help deliver the service (e.g., hosting, security, crash reporting, email). We remain responsible for their processing. See Subprocessors for a current list, regions, and transfer tools.
We don’t sell your personal data.
International transfers
If personal data leaves the UK, we use appropriate safeguards (e.g., International Data Transfer Agreement (IDTA) or the UK Addendum to the EU SCCs) and carry out a transfer risk assessment.
Retention
- Essential ops logs: 90 days by default; security/abuse up to 12 months (minimum necessary).
- Optional analytics/diagnostics: 90 days or less, and deleted if you withdraw consent.
- Marketing consents & email events: retained while consent stands + 24 months audit trail.
We keep data only as long as needed for the stated purposes or legal obligations.
Your choices
- Analytics & diagnostics: toggle any time in Settings → Data & Privacy.
- Marketing emails: opt in/out in Settings and via the unsubscribe link in each email.
- Personalised content: toggle in Settings.
- Device settings: you can also use your device’s system controls (notifications, etc.).
Your rights (UK GDPR)
You have rights to access, rectify, erase, restrict, port, and object, subject to limits. We aim to respond within one month. Start in the app under Settings → Data & Privacy → Your data, or visit /privacy/your-rights.
To verify identity, we may ask you to confirm your email or basic details linked to your account.
If you’re unhappy with our response, you can complain to the ICO (see footnotes).
Security
We use encryption in transit and at rest, access controls, and monitoring. If you discover a vulnerability, please see /security or email [email protected].
Changes to this policy
We may update this policy to reflect new features, vendors, or legal requirements. If changes are significant, we’ll notify you in‑app or by email. The “Last updated” date shows the latest version.
Contact
Email: [email protected]
Postal: 9th Floor 107 Cheapside, London, United Kingdom, EC2V 6DN
We’re happy to answer questions about this policy or our data practices.