← Back to RemoteDisplay
Privacy Policy
Last updated: March 24, 2026
1. Overview
RemoteDisplay ("we", "us", "our") respects your privacy. This policy explains what data we collect, how we use it, and your rights regarding your information.
2. Information We Collect
2.1 Account Information
| Data | Purpose | Retention |
|---|
| Email address | Authentication, notifications | Until account deletion |
| Name | Display in dashboard | Until account deletion |
| Password hash | Authentication (bcrypt, never stored in plain text) | Until account deletion |
| OAuth provider ID | Google/Microsoft sign-in | Until account deletion |
2.2 Device Information
| Data | Purpose | Retention |
|---|
| Device ID | Unique device identification | Until device removal |
| IP address | Network connectivity, security | Overwritten each connection |
| Android version, screen resolution | Compatibility, display optimization | Until device removal |
| Battery, storage, RAM, CPU, WiFi | Device health monitoring | 90 days (rolling) |
| Device fingerprint (hardware hash) | Prevent trial abuse | Until device removal |
2.3 Usage Data
| Data | Purpose | Retention |
|---|
| Content play logs | Proof-of-play reporting | 90 days |
| Activity log (API actions) | Audit trail, security | 90 days |
| Screenshots (on-demand) | Remote monitoring | Latest only per device |
2.4 Content
Media files (images, videos) you upload are stored on our servers solely to deliver them to your devices. We do not analyze, sell, or share your content.
3. How We Use Your Information
- Provide the Service: Deliver content to devices, enable remote management, process subscriptions
- Security: Detect unauthorized access, prevent abuse, protect accounts
- Communications: Send device offline alerts, subscription notifications, service updates
- Improvement: Analyze aggregate usage patterns to improve the Service (no individual tracking)
4. Data Sharing
We do not sell your personal information. We share data only in these limited circumstances:
- Service providers: Payment processing (Stripe), email delivery, hosting infrastructure
- Team members: If you belong to a team, other team members can see shared devices and content
- Legal requirements: When required by law, subpoena, or court order
- Business transfers: In the event of a merger, acquisition, or sale of assets
5. Self-Hosted Deployments
If you self-host RemoteDisplay on your own infrastructure:
- All data stays on your servers. We have no access to it.
- You are the data controller and responsible for compliance with applicable privacy laws.
- No telemetry or usage data is sent to us from self-hosted instances.
6. Data Security
- Passwords are hashed with bcrypt (never stored in plain text)
- API authentication uses JWT tokens with auto-expiry
- All connections use HTTPS/TLS encryption
- Android app uses encrypted storage for credentials
- Rate limiting protects against brute force attacks
- Regular security audits of the codebase
7. Your Rights
You have the right to:
- Access: View all data associated with your account from the Settings page
- Correction: Update your account information at any time
- Deletion: Delete your account and all associated data from Settings
- Export: Download your data via the database backup feature (admin) or API
- Portability: Export content and reports in standard formats (CSV, PNG, MP4)
8. Cookies and Local Storage
- We use localStorage to store your authentication token and preferences (language, theme)
- The web player uses a Service Worker for offline content caching
- We do not use third-party tracking cookies
- Google/Microsoft OAuth may set cookies as part of their authentication flow
9. Children's Privacy
The Service is not intended for use by children under 13. We do not knowingly collect information from children under 13.
10. International Data Transfers
If you access the Service from outside the United States, your data may be transferred to and processed in the United States. By using the Service, you consent to this transfer.
11. Data Retention
- Account data: retained until you delete your account
- Device telemetry: 90 days (automatically pruned)
- Play logs: 90 days (automatically pruned)
- Activity logs: 90 days (automatically pruned)
- Content: retained until you delete it or your account
- After account deletion: all data removed within 30 days
12. Changes to This Policy
We may update this policy from time to time. We will notify registered users of material changes via email. The "Last updated" date will be revised accordingly.
13. Contact Us
For privacy-related questions or data requests, contact us at:
Email: [email protected]