Privacy Policy
Last updated: April 3, 2026
Screenivo is committed to protecting your personal data. This Privacy Policy explains what data we collect, how we use it, who we share it with, and your rights under the GDPR and other applicable data protection laws.
1. Data Controller
Screenivo operates as the data controller for personal data collected through the Service. For privacy-related questions or to exercise your rights, contact us at [email protected].
2. Data We Collect
Account data
When you register, we collect your name, email address, and a hashed version of your password. If you sign in with Google, we receive your Google account ID, name, and email through the OAuth flow. We also store your preferred language (locale).
Session data
Each time you sign in, we record your IP address and browser User-Agent string. This data is stored in the session record and used for security purposes.
Content data
We store media files you upload (images, videos, PDFs) along with metadata such as file name, size, dimensions, duration, and MIME type. Uploaded files are stored in Backblaze B2 object storage and delivered through Cloudflare CDN.
Device data
When a player device connects, we generate and store a device token, pairing code, and connection timestamps. No personal data is collected from player devices.
Analytics data
We use self-hosted Umami analytics, a privacy-focused tool that does not use cookies and does not track individuals across sessions. It collects aggregated page views, referrer URLs, browser type, operating system, and country-level geolocation. No personal identifiers are stored.
3. How We Use Your Data
We use your data to:
- Provide and operate the Service (authentication, content delivery, screen pairing)
- Send transactional emails (account verification, password reset) via our email provider
- Process subscriptions and billing through our billing partner
- Protect against abuse, unauthorized access, and security threats
- Improve the Service based on aggregated, anonymized usage patterns
We do not sell your personal data to third parties.
4. Legal Basis for Processing (GDPR)
We process your personal data on the following legal bases:
- Contract performance: To provide the Service you signed up for (account management, content storage, screen pairing, playlist delivery)
- Legitimate interests: Security, fraud prevention, abuse detection, and service improvement
- Legal obligation: Where required by applicable law
5. Third-Party Services
We share data with the following service providers, who process it on our behalf under data processing agreements:
| Provider | Purpose | Data shared |
|---|---|---|
| Backblaze B2 | File storage | Uploaded media files and thumbnails |
| Cloudflare | CDN and DNS | Cached media files, request metadata |
| Resend | Transactional email | Recipient email address, email content |
| Polar | Subscription billing | User ID, subscription status |
| OAuth sign-in | Standard OAuth flow (only if you choose Google sign-in) | |
| Hetzner | Server hosting | All data processed on our servers |
When you embed YouTube videos in playlists, the YouTube player loads directly on the display device and is subject to Google's Privacy Policy.
6. Cookies and Local Storage
We use minimal cookies:
- Session cookie: A secure, HTTP-only cookie that keeps you signed in. Required for the Service to function.
- Locale cookie: Stores your language preference. Not HTTP-only. Expires after one year.
We also use browser localStorage on player devices to persist device tokens and cache playlist data for offline resilience, and on the dashboard to store your theme preference. None of this data is transmitted to third parties.
We do not use advertising or tracking cookies. Our analytics tool (Umami) is cookie-free.
7. Data Retention
- Account data: Retained for as long as your account is active.
- Session data: Retained until the session expires or you sign out.
- Uploaded media: Retained until you delete the file or your account.
- After account deletion: All personal data, uploaded files, and associated records are permanently deleted within 30 days. Cached copies on Cloudflare's CDN may persist briefly until cache expiry.
8. Data Security
We protect your data through encrypted connections (HTTPS/WSS), hashed passwords, secure session tokens, and infrastructure hosted in the European Union (Hetzner, Germany). Access to production systems is restricted and monitored.
9. International Transfers
Our servers are hosted in the EU (Hetzner, Germany). Some third-party providers (Backblaze, Cloudflare, Resend) may process data outside the EU. Where this occurs, transfers are protected by Standard Contractual Clauses or equivalent safeguards as required by the GDPR.
10. Your Rights
Under the GDPR, you have the right to:
- Access your personal data
- Correct inaccurate data
- Delete your data (you can delete your account from the dashboard settings at any time)
- Export your data (data portability)
- Object to processing based on legitimate interests
- Lodge a complaint with your local data protection authority
To exercise these rights, contact us at [email protected]. We will respond within 30 days.
11. Children
The Service is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has created an account, contact us and we will delete it.
12. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes via email or a notice in the dashboard. Continued use of the Service after changes take effect constitutes acceptance.
13. Contact
For privacy-related questions, contact us at [email protected].