Privacy Policy
Effective Date: 25 April 2026 · Last Updated: 25 April 2026
1. Introduction
PT Services UK Limited ("we", "us", "our") operates the SyncDisplay digital signage platform, including the SyncDisplay mobile and TV application ("the App") and the web dashboard at syncdisplay.uk ("the Service"). This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the App or Service.
We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and where applicable the EU GDPR and the California Consumer Privacy Act (CCPA).
Controller: PT Services UK Limited
Contact: [email protected]
2. Data We Collect
2.1 Account and Identity Data
When you register for SyncDisplay, we collect your full name, email address, company name and job title (optional), and a password stored as a one-way cryptographic hash.
2.2 Device and Technical Data
When you install and use the App, we automatically collect device model and OS version, app version, device identifier (for screen management), network information (IP address, connection type), and crash reports.
2.3 Usage and Analytics Data
We collect anonymised data about how you use the Service, including pages accessed, content schedules created, screen uptime statistics, and proof-of-play logs.
2.4 Content Data
Content you upload (images, videos, text) is stored on our servers to enable display on your registered screens. You retain full ownership of all content you upload.
2.5 Payment Data
Payment processing is handled by Stripe, Inc. We do not store full card numbers, CVV codes, or other sensitive payment card data. We store only the Stripe Customer ID, subscription status, and billing address.
2.6 Audit Log Data
For compliance and security, we log administrative actions including login/logout events, content changes, user management actions, and data export or deletion requests.
3. How We Use Your Data
| Purpose | Legal Basis (UK GDPR) |
|---|---|
| Providing and operating the Service | Contract performance (Art. 6(1)(b)) |
| Account authentication and security | Contract performance / Legitimate interests |
| Sending service notifications and alerts | Contract performance |
| Processing payments | Contract performance |
| Improving the Service through analytics | Legitimate interests (Art. 6(1)(f)) |
| Compliance with legal obligations | Legal obligation (Art. 6(1)(c)) |
| Marketing communications (with consent) | Consent (Art. 6(1)(a)) |
4. Data Sharing
We do not sell your personal data. We share data only with:
| Recipient | Purpose | Data Shared |
|---|---|---|
| Stripe, Inc. | Payment processing | Billing information, subscription data |
| Manus (authentication provider) | OAuth login | Authentication tokens only |
| Amazon Web Services | Cloud infrastructure | Encrypted data storage |
| Legal authorities | Legal compliance | As required by law |
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Duration of account + 30 days after deletion |
| Audit logs | Configurable (30–730 days, per your retention policy settings) |
| Content files | Until deleted by you or account termination |
| Payment records | 7 years (UK legal requirement) |
| Crash logs | 90 days |
| Analytics data | 24 months (anonymised) |
6. Your Rights
Under UK GDPR, you have the right to:
- AccessRequest a copy of your personal data
- RectificationCorrect inaccurate or incomplete data
- ErasureRequest deletion of your data ("right to be forgotten")
- RestrictionRestrict processing of your data in certain circumstances
- PortabilityReceive your data in a machine-readable format
- ObjectObject to processing based on legitimate interests
- Withdraw consentWhere processing is based on consent
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
7. Data Security
We implement the following security measures:
- • All data in transit is encrypted using TLS 1.3
- • All data at rest is encrypted using AES-256
- • OAuth tokens are encrypted using AES-256-GCM
- • Passwords are hashed using bcrypt
- • Access is controlled by role-based permissions
- • Regular security audits and penetration testing
- • SOC 2 Type II compliance (in progress)
8. International Data Transfers
Our servers are located in the United Kingdom and the European Economic Area. If we transfer data outside these regions, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the UK ICO.
9. Children's Privacy
SyncDisplay is a business-to-business service intended for users aged 18 and over. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us immediately at [email protected].
10. Cookies
The SyncDisplay web dashboard uses essential cookies for session management and authentication, and optional analytics cookies for anonymised usage statistics (which can be disabled via the cookie banner). The SyncDisplay App uses browser cookies within the WebView for session persistence — these are essential for the App to function.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or via an in-app notification. The "Last Updated" date at the top of this policy reflects the most recent revision.
12. Contact and Complaints
Data Controller
PT Services UK Limited
[email protected]
syncdisplay.uk
UK Supervisory Authority
Information Commissioner's Office (ICO)
ico.org.uk
Helpline: 0303 123 1113