Privacy Policy
Effective Date: March 1, 2026 Last Updated: March 26, 2026
1. Introduction
Wallboard Display-US LLC ("Wallboard," "we," "us," or "our") operates the Wallboard digital signage platform ("Software"). This Privacy Policy explains how we collect, use, store, share, and protect personal information when you use the Software and visit our websites.
By accessing or using the Software, you consent to the practices described in this Privacy Policy. If you do not agree with this policy, do not use the Software.
2. Data Controller
Wallboard Display-US LLC acts as the data controller for personal data collected through the Software. For customers in the European Economic Area (EEA) or United Kingdom, Wallboard processes personal data in accordance with the EU General Data Protection Regulation (GDPR) and UK GDPR.
Contact for privacy matters:
- Email: [email protected]
3. Information We Collect
3.1 Account Data (Required)
When you create an account, we collect:
| Data | Purpose |
|---|---|
| Name | Account identification and personalization |
| Email address | Authentication, password reset, account communications |
| IP address | Security, fraud prevention, access logging |
3.2 Billing Data (Optional)
If you subscribe to a paid plan, we may collect:
- Country, city, address, ZIP code
- Company name
- VAT number
Billing and subscription management is handled by our sub-processor Chargebee. See Sub-processor List for details.
3.3 Third-Party Integration Data (Optional)
If you choose to connect third-party services, we collect and store data necessary to provide the integration:
| Integration | Data Collected | Storage |
|---|---|---|
| Google Calendar | Calendar events | Stored, not shared externally |
| Google Drive | File metadata and files | Stored, not shared externally |
| Google Sheets | Spreadsheet data | Stored, not shared externally |
| Microsoft 365 Calendar | Calendar events | Stored, not shared externally |
| OneDrive / SharePoint | File metadata and files | Stored, not shared externally |
| Microsoft Power BI | Report visualizations | Used in real-time, not stored |
| Page/group feed data | See Facebook Data Handling Policy |
Users retain control over all integration data and decide whether to display it on digital signage screens. Integration data is not shared with external systems or third parties.
3.4 Device Data
Wallboard signage client applications collect non-personally identifying information about playback devices:
| Data | Purpose |
|---|---|
| IP address | Device identification and diagnostics |
| Operating system | Compatibility and optimization |
| Hardware specs (CPU, RAM, storage) | Performance diagnostics |
3.5 Usage Data
We collect de-identified, aggregated data about how the Software is used, including system performance metrics and feature usage patterns. Usage Data does not identify any individual or customer and is used to improve the Software.
3.6 Analytics (Optional)
Some deployments may use Google Analytics to understand usage patterns. Where enabled, Google Analytics collects data such as pages visited, session duration, and device type. This is configurable per deployment and is not enabled by default. See our Cookie Policy for details.
4. Legal Basis for Processing (EEA/UK)
Where applicable under GDPR, we process personal data on the following legal bases:
| Legal Basis | Data | Purpose |
|---|---|---|
| Contractual necessity | Account data, billing data | Providing and maintaining the Software |
| Legitimate interest | IP addresses, device data, usage data | Security, fraud prevention, service improvement |
| Consent | Third-party integration data, analytics | Optional features initiated by the user |
| Legal obligation | Various | Compliance with applicable laws |
5. How We Use Your Data
We use collected data to:
- Provide, operate, and maintain the Software
- Authenticate users and manage accounts
- Process payments and billing
- Provide customer support
- Detect and prevent fraud, abuse, and security incidents
- Improve the Software and develop new features
- Comply with legal obligations
We do not sell personal data to third parties.
6. Data Sharing and Sub-processors
We share personal data only with trusted sub-processors who are contractually bound to protect your data. Each sub-processor is bound by data protection obligations no less protective than those set forth in our agreements.
See our Sub-processor List for the current list of sub-processors and their purposes.
We may also disclose personal data:
- When required by law, regulation, or legal process
- To protect the rights, safety, or property of Wallboard, our customers, or the public
- In connection with a merger, acquisition, or sale of assets (with prior notice)
7. International Data Transfers
Wallboard operates infrastructure in both the United States and the European Union.
- EU customer data stays in the EU. Customer Data for EU-based deployments is hosted on infrastructure located within the European Union.
- US customer data is hosted in the US.
Where personal data is transferred outside the EEA or UK, we ensure appropriate safeguards are in place, including:
- EU Standard Contractual Clauses (SCCs)
- Data Processing Addendums with sub-processors
- Assessment of destination country data protection adequacy
A Data Processing Addendum (DPA) is available upon request for customers who require one. Contact [email protected] to request a DPA.
8. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Retained until account deletion |
| Customer Data | Retained during Subscription Term + 30 days post-termination for data export |
| Web server access logs (IP addresses only) | 30 days |
| Application logs (email addresses only) | 90 days |
| Backups | 90 days (restorable only via full server restoration) |
| Usage Data | Retained in aggregated, de-identified form indefinitely |
9. Data Security
We implement commercially reasonable administrative, physical, and technical safeguards to protect personal data, including:
- Encryption in transit: All data transmitted between your device and Wallboard servers uses HTTPS/TLS
- Access controls: Personal data is accessible only to authorized personnel with a legitimate need
- Infrastructure security: Kubernetes-based deployment with network isolation per tenant
- Monitoring: Continuous security monitoring via internal Grafana-based observability stack
- Regular assessments: Periodic security audits and vulnerability assessments
10. Data Breach Notification
In the event of a confirmed unauthorized access to or disclosure of personal data in our possession, we will:
- Notify affected customers without undue delay and within 72 hours of confirmation
- Investigate the incident and take reasonable steps to mitigate its effects
- Cooperate with customer requests for information regarding the incident
- Notify relevant authorities as required by applicable law (e.g., supervisory authorities under GDPR)
Our internal incident management procedures follow a severity-based classification system with defined escalation paths and post-mortem analysis.
11. Your Rights
All Users
You have the right to:
- Access your personal data
- Correct inaccurate data
- Delete your account and associated data
- Export your data
Additional Rights (EEA/UK - GDPR)
- Right to restrict processing
- Right to data portability
- Right to object to processing based on legitimate interest
- Right to withdraw consent at any time (without affecting prior processing)
- Right to lodge a complaint with a supervisory authority
Additional Rights (California - CCPA)
- Right to know what personal information is collected and how it is used
- Right to delete personal information
- Right to opt-out of the sale of personal information (we do not sell personal data)
- Right to non-discrimination for exercising privacy rights
How to Exercise Your Rights
To exercise any of these rights, contact us at [email protected] from the email address associated with your account. We will respond within 30 days (or within the timeframe required by applicable law).
Account deletion is also available within the Software.
12. Children's Privacy
Wallboard does not knowingly collect personal information from children under the age of 13 (or 16 in jurisdictions where applicable). If you learn that a child has provided us with personal information, please contact us at [email protected] and we will promptly delete such data.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page
- Notify affected customers via the Software or email
Your continued use of the Software after the effective date of any update constitutes acceptance of the revised Privacy Policy.
14. Contact
For any privacy-related questions or concerns:
- Email: [email protected]
- Entity: Wallboard Display-US LLC