We make the Circle device because we’re passionate about giving grown-ups control over how the Internet is used by their families. This requires some trust, and we hope that by explaining a bit about how the Circle device works, we’ll show that we’re worthy of your trust.
The Circle device in your home
Your home network probably contains a router that functions as the “default gateway” to the Internet for all your computers, tablets, game consoles, and other network-connected devices. This router receives all network traffic for the Internet from your home and then forwards it on, commonly by sending it through a cable or DSL modem.
When the Circle device is configured in a home, it identifies the router and begins to pose as the gateway to the other devices on the network. This allows the Circle device to receive traffic for the Internet and to inspect it. Any traffic that the Circle device allows is sent on to the the router, which in turn sends it on the Internet.
The Circle device poses as the gateway using a technique called “ARP spoofing” or “ARP poisoning,” which are alarming-sounding names, and it’s true that ARP spoofing can be used by “black hats” to compromise network security. The technique also has legitimate uses, and the Circle device uses ARP spoofing for good reason: it allows the Circle device to monitor all traffic on the home network automatically and without special configuration.
Your data is yours
The Circle device operates by inspecting connections between devices in the home and Internet sites and makes decisions to allow or deny traffic based on the destination. For example, if the Circle device is configured to block access to gambling content, then it does so by blocking attempts to connect to sites that are known to host such content (we have a frequently updated database that categorizes Internet sites).
The Circle device does not analyze the actual traffic going to or from a site (in many cases, the traffic is encrypted and could not be analyzed anyway). This is comparable to looking at envelopes in a mailbox and making decisions based on the destination address, without opening the envelopes to read the letters inside.
Connections from devices you’ve told the Circle device to manage are tracked, and information about them is maintained on the physical Circle device. When you use the Circle app, information about your family’s activity is transmitted to the app so that you can view it. If you happen to be using the Circle app when you are away from your home network, then that information must flow through a Circle-owned server to the app, but our servers do not retain this information beyond what is necessary for the Circle app to function.
We don’t store your family’s Internet use on our servers, nor do we anonymize it and store aggregated information. We won’t sell or share your information with anyone. For that reason, we are unable to view or provide logs or timestamps of your devices' browsing history; only you can view this data.
Securing the connections
We protect the connection between the Circle device and the Circle app with TLS (Transport Layer Security), so that the communication is encrypted and unauthorized access is prevented. Your router’s firewall protects unauthorized access to the Circle device from the Internet.
We want the Circle device to be simple to use in your home and require a minimum of fuss to set up and start using. In our experience, most homes can use the Circle device without noticing any slowdown in Wi-Fi speed.
In normal (all Wi-Fi) use, the Circle device does require extra transmission of outbound network traffic. Each outbound packet is transmitted from a device to the router (as normal), but then the router transmits it to the Circle device for inspection, and the Circle device retransmits it to the router for transfer to the Internet. In some cases, those two extra transmissions will be noticeable. Their impact can be greatly reduced by attaching the Circle device to your router with the included Ethernet cable. This takes advantage of the Circle device's 1Gbps Ethernet port (using a compatible router), whereas a wireless connection is at the mercy of the slowest active device on your network.