Brix Signage — Privacy Policy

1) Who we are

Controller: For our website, marketing, account setup, and billing, Brix is the data controller.

Processor: For the content you upload to the service and for end-user/device data that you configure, Brix acts as a data processor to you (the Customer). Our Data Processing Addendum (DPA) governs this processing. You can request our DPA at [email protected] or download it here: https://brixsignage.com/legal/dpa.pdf.

Company details

Legal name: Brix Signage, LLC
Address: 131 Continental Dr Suite 305, Newark, DE 19713, US
Email: [email protected]

2) Scope

This Policy covers:

• Our websites and web apps (collectively, the "Service").
• Our player apps that run on media players/TV sticks/tablets ("Players").
• Our support channels and sales communications.

It does not cover third-party sites that link to or from us.

3) Data we collect

We collect data in four main ways: (A) you provide it, (B) it’s collected automatically, (C) we receive it from others, or (D) it is customer-provided content.

A. Data you provide

• Account & profile: name, email, password (hashed), role, team, time zone.
• Business details: company name, industry, number of screens, addresses.
• Billing: billing contact, address, tax IDs, payment method tokens (stored by our payment processor), plan and invoices.
• Support: messages, attachments, call notes, and troubleshooting details.

B. Data we collect automatically

• Usage & logs: IP address, device/browser type, pages viewed, actions, timestamps, referrer.
• Cookies & similar tech: session cookies for sign-in; analytics cookies; preference cookies. See our Cookie Notice.

C. Data from others

• Payment processors: payment status, last four digits (tokenized), charge outcomes.
• Auth providers (if enabled): your email and profile basics.
• Partners/resellers: account setup details.

D. Customer content & device telemetry (Processor role)

• Uploaded content: media files, schedules, tags, and metadata you choose to store.
• Playback logs: what played, on which Player, at what time.
• Player telemetry: device ID, Player app version, OS version, last check-in, uptime, basic health status, storage/CPU usage, and approximate location only if you configure it (e.g., site name or address). We do not collect precise GPS from Players unless you enable it.

We do not intend to collect sensitive personal data. Do not upload or display special categories of personal data on screens.

4) Why we use data (purposes)

For controller activities

• Provide and secure the Service.
• Create and manage accounts.
• Process payments and issue invoices.
• Detect and prevent fraud or abuse.
• Provide support and respond to requests.
• Improve features and performance (analytics and testing).
• Send service and transactional emails.
• Send marketing communications where permitted (you can opt out).

For processor activities (on your instructions)

• Store and deliver your content to Players.
• Maintain Player connectivity, schedules, and health.
• Provide reports and logs you request.

5) Legal bases (EEA/UK users)

We process personal data under these legal bases:

• Contract: to provide the Service you requested.
• Legitimate interests: to secure our Service, prevent abuse, and improve functionality. We balance these interests against your rights.
• Consent: for non-essential cookies/analytics and for marketing where required.
• Legal obligation: to meet tax, accounting, and compliance duties.

When we act as a processor for Customers, the Customer is responsible for choosing the legal basis for their processing of personal data.

6) Retention

We keep personal data only as long as necessary for the purposes above:

• Account and billing records: for the life of the account and then 7 years for tax/accounting.
• Support records: 2 years after ticket closure unless law requires longer.
• Logs and analytics: 90–365 days depending on the log type.
• Player telemetry and playback logs: 90–365 days configurable by the Customer, unless needed for security or legal reasons.
• Backups: up to 35 days rolling.

We will delete or anonymize data when no longer needed.

7) Sharing & sub-processors

We share personal data with:

• Service providers/sub-processors: hosting, storage, CDN, email delivery, analytics, customer support, payment processing. They may only use data to provide services to us.
• Resellers/partners: if your account was created through them.
• Professional advisers: lawyers, accountants, auditors.
• Authorities: when required by law or to protect rights, safety, and security.
• Business transfers: as part of a merger, acquisition, or asset sale. We will notify you where required.

We keep an updated list of sub-processors here: https://brixsignage.com/legal/subprocessors.

We do not sell personal data. We do not share personal data for cross-context behavioral advertising.

8) Security

We use technical and organizational measures to protect data, including encryption in transit, access controls, least-privilege practices, and regular backups. No system is 100% secure. If we learn of a breach, we will notify you and regulators as required by law.

9) International transfers

We may transfer personal data to countries outside your own, including the United States. Where we do, we use approved safeguards:

• EU/EEA & UK: Standard Contractual Clauses (SCCs) and, where applicable, the UK IDTA or UK Addendum.
• Additional measures as needed.

Copies of relevant safeguards are available on request where permitted by law.

10) Your rights

Depending on your location, you may have the right to:

• Access your data.
• Correct inaccurate data.
• Delete your data.
• Port your data.
• Object to or restrict certain processing.
• Withdraw consent where we rely on consent.

To exercise these rights, email [email protected]. We may need to verify your identity. You also have the right to complain to a supervisory authority. In the UK this is the ICO. In the EEA, contact your local data protection authority.

11) California privacy notice (CPRA)

This section applies to California residents.

Categories of personal information collected

Identifiers (e.g., name, email, IP), commercial information (plans, transactions), internet or network activity (usage logs), and professional information (company, role).

Sources

You, your devices, our service providers, partners/resellers.

Business or commercial purposes

To provide the Service, secure it, process payments, support you, and improve features.

Sale/Sharing

We do not sell or share personal information as defined by the CPRA. We use service providers under contractual limits.

Retention

See Section 6.

Rights

You may request access, deletion, correction, and to limit use of sensitive information (we do not use sensitive information for inferring characteristics). You can also designate an authorized agent. To submit a request, email [email protected].

We will not discriminate against you for exercising your rights.

12) Marketing choices & cookies

• You can opt out of marketing emails at any time via the unsubscribe link.
• You can manage cookie preferences in our Cookie Notice and in your browser settings. Essential cookies are needed for the Service to work.

13) Children

Our Service is for businesses. It is not directed to children. Do not use the Service if you are under 16, or under the age required by your country’s laws.

14) Third-party links and integrations

Our Service may link to third-party sites or include integrations you choose to enable. Their privacy practices are their own. Review their policies.

15) Changes to this Policy

We may update this Policy to reflect changes to our practices or laws. We will post the new version with a new "Last updated" date. If changes are material, we will notify you by email or through the Service.

16) Contact us

Brix Signage, LLC
Address: 131 Continental Dr Suite 305, Newark, DE 19713, US
Email: [email protected]
If you are in the UK/EEA and wish to contact our EU/UK representative or DPO, email [email protected].

17) Definitions

• Customer: the business that signed up for Brix.
• End User: a person who uses our Service on behalf of a Customer.
• Player: a device that runs the Brix player app.
• Content: media and other data a Customer uploads to Brix.

18) Appendix — Data categories & purposes (summary table)