Privacy Policy
Version 2.2, March 2026
This is a translation of the Dutch privacy policy. In case of discrepancies, the [Dutch version](/nl/privacy) prevails.
1. Who we are
Screenbird is registered with the Dutch Chamber of Commerce under number 50466542, located at Peizerweg 97, 9727 AJ Groningen, the Netherlands.
Screenbird fulfills a dual role in the processing of personal data:
- Data controller for account data, website visits and payments
- Data processor for content that customers upload and display on screens (see our Data Processing Agreement)
2. What personal data we process
Account data
- Name and email address
- Company name
- Password (hashed, never stored in readable form)
- Team members and assigned roles
Authentication via third parties
- When logging in via Google or Microsoft: name and email address as provided by the OAuth provider
Technical data
- IP address
- Browser type and operating system
- Timestamps of sessions and actions
Payment data
- Billing name and address
- Payment processing via Stripe (Screenbird does not store credit card numbers)
Customer content
- Files (images, videos, documents) that customers upload to display on screens
- Playlists, schedules and screen settings
3. Purposes and legal basis
| Purpose | Legal basis (art. 6 GDPR) |
|---|---|
| Create and manage accounts | Performance of contract |
| Deliver service (upload, playlists, push-to-screen) | Performance of contract |
| Process payments via Stripe | Performance of contract |
| Technical logs and debugging | Legitimate interest |
| Retain invoices (7 years) | Legal obligation |
| Security monitoring | Legitimate interest |
| Product improvements and analytics | Legitimate interest |
4. Retention periods
| Data | Retention period |
|---|---|
| Account data | Up to 3 months after cancellation |
| Customer content (files) | Up to 30 days after cancellation |
| Invoice data | 7 years (legal retention obligation) |
| Technical logs | 30 days |
| Backups | 90 days after deletion from production |
After the retention period expires, data is permanently deleted.
5. Recipients and third parties
Screenbird only shares personal data with service providers that are necessary for delivering the service.
| Service provider | Function | Location |
|---|---|---|
| Supabase | Database and authentication | EU (eu-west-3) |
| Cloudflare | Hosting, CDN and security | Global (edge) |
| Stripe | Payment processing | EU and US |
| Google / Microsoft | OAuth login (only when chosen by customer) | US |
| Resend | Transactional emails | US |
| Backblaze | Backup replication (offsite storage) | EU (eu-central-003, Amsterdam) |
Data processing agreements have been concluded with each service provider that processes personal data.
6. Google Integration Data
When a customer connects their Google account to use Screenbird integrations (Google Analytics, Google Calendar, Google Docs, Google Sheets, Google Slides, or Google Drive), Screenbird accesses Google user data on behalf of that customer.
Data accessed
| Integration | Data accessed | Scope |
|---|---|---|
| Google Analytics | Website and app statistics (pageviews, sessions, active users) | `analytics.readonly` |
| Google Calendar | Calendar events and agenda items | `calendar.readonly` |
| Google Docs | Document content (text, formatting) | `documents.readonly` |
| Google Sheets | Spreadsheet data (cells, values) | `spreadsheets.readonly` |
| Google Slides | Presentation content (slides, text, images) | `presentations.readonly` |
| Google Drive | Individual files explicitly selected by the user via Google Picker | `drive.file` |
Data usage
Google user data is retrieved solely to display content on digital signage screens managed by the customer within Screenbird. Content is fetched in real time or on a scheduled basis and rendered on the customer's screens. Screenbird does not analyze, modify, or use Google user data for any purpose other than displaying it on screens as instructed by the customer.
Google user data accessed through these integrations is never used to train or improve any AI or machine learning model.
Data sharing
Google user data is not sold or shared with third parties. Data passes through Cloudflare's edge network as part of the hosting infrastructure when being delivered to screens. OAuth tokens are stored encrypted in Supabase (EU, eu-west-3).
Data storage and protection
- OAuth access tokens and refresh tokens are stored encrypted (AES-256) in the Supabase database
- Content fetched from Google APIs is not permanently stored by Screenbird; it is rendered on screens directly from Google's servers or held briefly in Cloudflare's edge cache for performance
- The `drive.file` scope limits access exclusively to files the user explicitly selects via Google Picker; Screenbird cannot access any other files in the user's Google Drive
Data retention and deletion
- OAuth tokens are retained for as long as the Google integration remains active
- When a customer disconnects the Google integration, all associated OAuth tokens are immediately and permanently deleted from Screenbird's systems
- Customers can disconnect the integration at any time from the Integrations page in the Screenbird dashboard
- Customers can also revoke Screenbird's access directly in their Google Account settings at myaccount.google.com
7. Microsoft Integration Data
When a customer connects their Microsoft account to use Screenbird integrations (OneDrive, SharePoint, Outlook Calendar, or Power BI), Screenbird accesses Microsoft user data on behalf of that customer.
Data accessed
| Integration | Data accessed | Scope |
|---|---|---|
| OneDrive / SharePoint | Files and documents (Excel spreadsheets, documents) | `Files.Read.All`, `Sites.Read.All` |
| Outlook Calendar | Calendar events and agenda items | `Calendars.Read` |
| Microsoft account | Name and email address | `User.Read` |
| Power BI | Reports, dashboards, and paginated reports | `Report.Read.All`, `Dashboard.Read.All`, `PaginatedReport.Read.All` |
Data usage
Microsoft user data is retrieved solely to display content on digital signage screens managed by the customer within Screenbird. Excel data is displayed as tables or data visualizations on screens. Calendar events are displayed as agenda views. Power BI reports and dashboards are displayed as embedded visuals on screens. Screenbird does not analyze, modify, or use Microsoft user data for any purpose other than displaying it on screens as instructed by the customer.
Microsoft user data accessed through these integrations is never used to train or improve any AI or machine learning model.
Data sharing
Microsoft user data is not sold or shared with third parties. Data passes through Cloudflare's edge network as part of the hosting infrastructure when being delivered to screens. OAuth tokens are stored encrypted in Supabase (EU, eu-west-3).
Data storage and protection
- OAuth access tokens and refresh tokens are stored encrypted (AES-256) in the Supabase database
- The `offline_access` scope is requested to maintain the connection without requiring repeated sign-ins
- Content fetched from the Microsoft Graph API and Power BI API is not permanently stored by Screenbird; it is rendered on screens directly from Microsoft's services or held briefly in Cloudflare's edge cache for performance
Data retention and deletion
- OAuth tokens are retained for as long as the Microsoft integration remains active
- When a customer disconnects the Microsoft integration, all associated OAuth tokens are immediately and permanently deleted from Screenbird's systems
- Customers can disconnect the integration at any time from the Integrations page in the Screenbird dashboard
- Customers can also revoke Screenbird's access directly in their Microsoft Account settings at account.microsoft.com
8. Meta Integration Data
When a customer connects their Meta account to use Screenbird integrations (Instagram or Facebook Pages), Screenbird accesses Meta user data on behalf of that customer.
Data accessed
| Integration | Data accessed | Scope |
|---|---|---|
| Basic profile information, posts, and account insights | `instagram_basic`, `instagram_manage_insights` | |
| Comment statistics and engagement data | `instagram_manage_comments` | |
| Facebook Pages | Page list and engagement statistics | `pages_show_list`, `pages_read_engagement` |
| Meta account | Email address | `email` |
Data usage
Meta user data is retrieved solely to display content and statistics on digital signage screens managed by the customer within Screenbird. Instagram posts and images are displayed on screens. Instagram and Facebook Page engagement statistics (reach, impressions, engagement) are displayed as KPI dashboards on screens. Screenbird does not analyze, modify, or use Meta user data for any purpose other than displaying it on screens as instructed by the customer.
Meta user data accessed through these integrations is never used to train or improve any AI or machine learning model.
Data sharing
Meta user data is not sold or shared with third parties. Data passes through Cloudflare's edge network as part of the hosting infrastructure when being delivered to screens. OAuth tokens are stored encrypted in Supabase (EU, eu-west-3).
Data storage and protection
- OAuth access tokens (long-lived, up to 60-day validity) are stored encrypted (AES-256) in the Supabase database
- Content fetched from the Instagram Graph API and Facebook Pages API is not permanently stored by Screenbird; it is rendered on screens directly from Meta's servers or held briefly in Cloudflare's edge cache for performance
Data retention and deletion
- OAuth tokens are retained for as long as the Meta integration remains active
- When a customer disconnects the Meta integration, all associated OAuth tokens are immediately and permanently deleted from Screenbird's systems
- Customers can disconnect the integration at any time from the Integrations page in the Screenbird dashboard
- Customers can also revoke Screenbird's access directly in their Facebook Account settings
9. Transfers outside the EEA
Some service providers process data in the United States. The following safeguards apply to these transfers:
- EU-US Data Privacy Framework where applicable
- Standard Contractual Clauses (SCCs) in accordance with the European Commission
- Additional technical measures such as encryption in transit and at rest
10. Security
Screenbird takes technical and organizational measures to protect personal data:
- TLS encryption for all connections
- AES-256 encryption for stored files
- Row Level Security (RLS) at the database level for tenant isolation
- HMAC-SHA256 for screen authorization verification
- Short-lived JWT tokens for sessions
- Regular security reviews
11. Cookies
Dashboard (app)
Strictly functional cookies for session and authentication management. No tracking, no cookie banner required.
Website (screenbird.app)
Functional cookies for language preference. No analytics or tracking cookies.
Player (player.screenbird.app)
No cookies.
12. Your rights
Under the GDPR you have the following rights:
- Access (art. 15) - request which data we process about you
- Rectification (art. 16) - have incorrect data corrected
- Erasure (art. 17) - have data deleted
- Restriction (art. 18) - temporarily halt processing
- Portability (art. 20) - receive data in a common format
- Objection (art. 21) - object to processing based on legitimate interest
Procedure
Send your request to privacy@screenbird.app. We will respond within 30 days. We may ask for identification to prevent misuse.
Complaint
You have the right to file a complaint with the Dutch Data Protection Authority.
13. Automated decision-making
Screenbird does not use automated decision-making or profiling with legal effects for data subjects.
14. Changes
We may update this privacy policy. In case of material changes, we will inform you via email or a notification in the dashboard. The current version is always available on this page.
15. Contact
Screenbird
Email: privacy@screenbird.app
Address: Peizerweg 97, 9727 AJ Groningen, the Netherlands
Chamber of Commerce: 50466542