Privacy Policy
Last updated: April 27, 2026
1. What we collect
| Data | Why | Where stored |
|---|---|---|
| Email address, name | Account creation, login, notifications | Supabase PostgreSQL |
| Organization and event data | Core app functionality | Supabase PostgreSQL |
| Sign device info (hostname, OS, IP, MAC, screen resolution) | Sign management, troubleshooting | Supabase PostgreSQL |
| Sign heartbeat data (status, latency, network quality) | Real-time monitoring, analytics | Supabase PostgreSQL + Upstash Redis (cache) |
| Content URLs | Displaying content on signs | Supabase PostgreSQL |
| Uploaded media files | Content display on signs | Cloudflare R2 |
| Error reports and crash data | Bug fixes, stability improvement | Sentry |
| Usage metrics (sign-days per billing period) | Billing | Supabase PostgreSQL + Stripe |
| Payment information | Subscription billing | Stripe (we never store card numbers) |
2. Third-party services
| Service | Purpose | Their privacy policy |
|---|---|---|
| Google (OAuth) | Sign-in via Google account | Privacy policy |
| Stripe | Payment processing, subscription billing | Privacy policy |
| Sentry | Error monitoring, crash reporting | Privacy policy |
| Resend | Transactional email delivery | Privacy policy |
| Supabase | Database hosting (PostgreSQL) | Privacy policy |
| Fly.io | Application hosting | Privacy policy |
| Cloudflare | Website hosting (Pages), DNS, file storage (R2) | Privacy policy |
3. How we use your data
- Provide and operate the DisplaySync service
- Send transactional emails (verification, password reset, sign alerts)
- Monitor sign connectivity and display status
- Calculate usage-based billing
- Fix bugs and improve the product (via error reports)
We do NOT sell your data.
We do not use your data for advertising. We do not share your data with third parties except as listed above.
4. Data retention
- Account data: retained while your account is active. Deleted on account deletion request.
- Sign analytics and heartbeat data: retained for 90 days, then automatically purged.
- Error reports (Sentry): retained per Sentry's default retention (90 days).
- Payment records: retained as required by law (typically 7 years for tax/audit purposes). Managed by Stripe.
- Uploaded media: deleted when removed by the user or on account deletion.
5. Your rights
- Access: request a copy of your data
- Correction: update your information via your account settings
- Deletion: request account deletion and removal of all associated data
- Export: request an export of your data in a standard format
Contact support@displaysync.live for any privacy-related requests.
6. Cookies and local storage
- Session cookies for authentication (httpOnly, secure)
- CSRF token cookie for security
- No third-party tracking cookies
- No analytics cookies (we don't use Google Analytics or similar)
- Mobile app uses SecureStore for authentication tokens
7. Children's privacy
DisplaySync is a business tool for event production. We do not knowingly collect data from children under 13. If you believe a child has provided us with data, contact us for removal.
8. Changes to this policy
We may update this policy. Material changes will be communicated via email to account holders. The “last updated” date at the top of the page reflects the most recent revision.
9. Contact
For privacy questions or data requests: support@displaysync.live