Privacy Policy

1. Introduction

Welcome to pong.com ("we," "us," or "our"). We are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at pong.com and use our internet speed testing and connection health services.

This policy complies with the European Union General Data Protection Regulation (GDPR), the UK General Data Protection Regulation (UK GDPR), the Swiss Federal Act on Data Protection (FADP), and the California Consumer Privacy Act (CCPA). We apply these standards globally, regardless of your location.

By using pong.com, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please discontinue use of our website.

2. Data Controller

The data controller responsible for your personal data is pong.com. For any privacy-related inquiries, you can reach us at:

• Email: social@pong.com
• Contact form: pong.com/contact

3. Information We Collect

3.1 Speed Test Data

When you run an internet speed test on pong.com, we collect connection performance metrics including download speed, upload speed, ping (latency), jitter, bufferbloat measurements, and packet loss indicators. We also collect your approximate geographic location (city level, derived from your IP address), device type and browser information, ISP name (when available), and the timestamp of each test. If you are signed in, results are associated with your account for history and trend tracking. If you are not signed in, results are stored locally in your browser.

Speed tests may be routed through our global network of dedicated test servers hosted by Akamai/Linode in cities including Newark, Los Angeles, Toronto, London, Frankfurt, Tokyo, Singapore, Mumbai, Sydney, and São Paulo. When you select a specific test server or use the automatic (nearest) server, your connection data is processed by that server to measure performance. These servers do not store your personal data beyond the duration of the test. Alternatively, tests may be routed through Cloudflare's global edge network, which automatically connects you to the nearest point of presence.

3.2 Account Data

If you create an account using Google Sign-In (via Supabase Authentication), we collect your email address, display name, and profile picture as provided by Google. We do not store your Google password. Authentication is handled securely by Supabase, our authentication provider.

3.3 Contact Form Data

When you submit our contact form, we collect your name, email address, subject selection, and message content. This data is stored in Google Sheets for inquiry management and triggers an email notification to our team.

3.4 Analytics Data

We use Google Analytics (measurement ID: G-731C94XWH6) to understand how visitors interact with our website. Google Analytics collects information such as pages visited, time spent on pages, referral sources, device and browser information, and approximate geographic location. This data is aggregated and used to improve our services. Google Analytics uses cookies to distinguish unique users.

3.5 Advertising Data

We use Google AdSense (publisher ID: ca-pub-8600566863524260) to display advertisements on certain pages. Google AdSense may use cookies and device identifiers to serve personalized ads based on your browsing history. For EU/EEA users, personalized advertising requires your consent. You can manage your ad personalization preferences at Google Ad Settings.

3.6 Anonymous Browsing Data

When you visit pong.com, we automatically collect anonymous session data including your approximate geographic location (country, city, and region, derived from your IP address), device type (mobile, tablet, or desktop), operating system and version, browser type, screen resolution, language preference, referring website, and the page you visited. This data does not include your name, email address, or any other personally identifiable information. It is collected once per browser session and stored in an external spreadsheet for analytics. We use this data for service improvement and may use it in anonymized, aggregated form for commercial purposes (see Section 7).

3.7 Automatically Collected Data

Our servers automatically collect certain technical information including your IP address, browser type and version, operating system, referring URL, and pages visited. This information is used for security monitoring, abuse prevention, and service optimization.

4. Cookies and Tracking Technologies

We use the following categories of cookies and local storage:

You can manage cookies through your browser settings. Disabling essential cookies may affect the functionality of our website. Analytics and advertising cookies can be declined without impacting core functionality.

5. How We Use Your Information

We use your information for the following purposes:

• Providing speed test services — Running tests, displaying results, tracking history and trends
• Account management — Authenticating users, syncing data across devices
• Service improvement — Analyzing usage patterns, optimizing performance, fixing bugs
• Customer support — Responding to contact form inquiries and support requests
• Advertising — Displaying relevant advertisements via Google AdSense
• Security and abuse prevention — Protecting against unauthorized access, spam, and abuse
• Anonymized data analysis — Compiling aggregate, anonymized datasets about internet usage patterns, device distribution, and geographic trends for internal analysis and potential future commercial use
• ISP performance reports — Publishing aggregated, anonymized speed test data in blog posts and reports that compare ISP performance across regions. These reports contain only statistical averages and distributions — no individual test results, IP addresses, or personally identifiable information are included

6. Legal Basis for Processing (GDPR)

Under Article 6 of the GDPR, we process your data based on the following legal grounds:

• Consent (Art. 6(1)(a)) — For analytics tracking, personalized advertising, and marketing communications. You may withdraw consent at any time.
• Contract performance (Art. 6(1)(b)) — For providing our speed test service and managing your user account.
• Legitimate interest (Art. 6(1)(f)) — For service improvement, security monitoring, abuse prevention, and compiling anonymized aggregate analytics data. We balance our interests against your rights and freedoms.

7. Data Sharing and Third Parties

We do not sell your personal data. We may in the future share, license, or sell anonymized, aggregated datasets derived from browsing analytics. These datasets contain statistical trends and patterns — such as device type distributions, geographic traffic patterns, and browser usage statistics — and cannot be used to identify any individual user. We do not currently sell or share any data with third parties for their own commercial purposes. If this changes, we will update this policy and provide advance notice. You may opt out of anonymous data collection at any time by contacting us.

We share data with the following third-party processors who assist in operating our services:

• Google Analytics (Google LLC) — Website usage analytics. Google Privacy Policy
• Google AdSense (Google LLC) — Advertisement display and personalization. Google Ads Policy
• Supabase (Supabase Inc.) — Authentication and database services. Supabase Privacy Policy
• Cloudflare (Cloudflare Inc.) — Speed test infrastructure and edge computing. Cloudflare Privacy Policy
• Vercel (Vercel Inc.) — Website hosting and deployment. Vercel Privacy Policy
• Resend (Resend Inc.) — Transactional email delivery for contact form notifications. Resend Privacy Policy
• Google Sheets (Google LLC) — Storage of anonymous browsing analytics and contact form submissions. Google Privacy Policy
• Akamai/Linode (Akamai Technologies Inc.) — Dedicated speed test server infrastructure in 10 global locations. Processes connection data during speed tests only; no personal data is stored. Akamai Privacy Policy

We may also disclose your data if required by law, regulation, or legal process, or to protect the rights, safety, or property of pong.com, our users, or others.

7.1 ISP Performance Reports

We periodically publish aggregated ISP performance reports on our blog that analyze speed test data across internet service providers. These reports include only statistical averages, grade distributions, and aggregate metrics. No individual test results, IP addresses, account information, or personally identifiable data is ever included in these reports. All data is anonymized and aggregated before publication.

7.2 AI and Machine-Readable Access

We provide a machine-readable file (llms.txt) and allow access from AI crawlers and large language model services to our publicly available blog content and documentation. This enables AI assistants to reference our published guides, ISP reports, and educational content when answering user questions about internet performance. Only publicly available content is accessible — no user accounts, test results, or personal data is exposed to these services.

8. Data Retention

We retain your data for the following periods:

• Speed test results — Retained for the duration of your account. Guest results stored locally in your browser can be cleared at any time.
• Account data — Retained until you delete your account, plus up to 30 days for backup removal.
• Contact form data — Retained for up to 12 months or until your inquiry is resolved.
• Analytics data — Retained by Google Analytics for up to 26 months (Google default).
• Server logs — Retained for up to 90 days for security and debugging purposes.
• Speed test server data — Connection data processed by our Akamai/Linode test servers is not stored beyond the duration of each test. No personal data persists on these servers.
• Anonymous browsing data — Individual session records may be retained for up to 36 months. Aggregated, anonymized data may be retained indefinitely.

9. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the GDPR:

• Right of access (Art. 15) — You can request a copy of the personal data we hold about you.
• Right to rectification (Art. 16) — You can request correction of inaccurate or incomplete personal data.
• Right to erasure (Art. 17) — You can request deletion of your personal data ("right to be forgotten").
• Right to restrict processing (Art. 18) — You can request that we limit how we use your data in certain circumstances.
• Right to data portability (Art. 20) — You can request your data in a structured, commonly used, machine-readable format.
• Right to object (Art. 21) — You can object to processing based on legitimate interest or for direct marketing purposes.
• Right related to automated decision-making (Art. 22) — You have the right not to be subject to decisions based solely on automated processing. Pong.com does not engage in automated decision-making or profiling that produces legal or significant effects.
• Right to withdraw consent — Where processing is based on consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

To exercise any of these rights, contact us at social@pong.com or use our contact form. We will respond to your request within 30 days. If your request is complex, we may extend this period by an additional 60 days and will notify you accordingly.

You also have the right to lodge a complaint with your local data protection supervisory authority if you believe your rights have been violated.

California Residents (CCPA)

If you are a California resident, you have the right to know what personal information we collect, request its deletion, and opt out of the sale of personal information. Although we do not currently sell personal data, if we begin sharing anonymized aggregate data commercially, you may opt out by contacting us at social@pong.com or using our contact form. We will not discriminate against you for exercising your CCPA rights.

10. International Data Transfers

Your data may be transferred to and processed in countries outside the EEA, including the United States. Our third-party processors (Google, Supabase, Vercel, Cloudflare, Resend, Akamai/Linode) may store and process data in the United States and other jurisdictions. When you select a specific speed test server, your test data is processed in the country where that server is located (e.g., Tokyo, São Paulo, Frankfurt). These transfers are protected by appropriate safeguards, including the EU-U.S. Data Privacy Framework, Standard Contractual Clauses (SCCs), and the processors' own data protection commitments.

11. Children's Privacy

Pong.com is not directed at children under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that a child under 16 has provided us with personal data, we will take steps to delete such information. If you believe a child has provided us with personal data, please contact us at social@pong.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Your continued use of pong.com after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: social@pong.com
• Contact form: pong.com/contact

For privacy-specific requests (data access, deletion, portability), please include "Privacy Request" in the subject line of your email or select "Privacy/Data Request" as the subject on our contact form. We aim to respond to all inquiries within 30 days.