Privacy Policy

Last Updated: April 2, 2026

Effective Date: April 2, 2026

1. Introduction and Scope

1.1 Screenza (“Screenza,” “Company,” “we,” “us,” “our”) is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, store, protect, and otherwise process your information when you:

1. Visit our website at https://screenza.tv and any associated subdomains (the “Website”);
2. Create an account and use the Screenza platform, including all cloud-based tools, dashboards, APIs, and related services (the “Platform”);
3. Use our Player Applications installed on display devices, smart TVs, Android devices, or kiosk systems;
4. Use our AI-powered features, including AI image generation, AI-powered OCR menu parsing, and AI-generated content creation;
5. Communicate with us via email, contact forms, support channels, or other means; or
6. Otherwise interact with us in connection with our products and services.

The Website, Platform, Player Applications, and all associated services are collectively referred to as the “Service.”

1.2 This Privacy Policy applies to all users of the Service, including account holders, authorized users, website visitors, and anyone whose personal information is processed in connection with the Service. By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our data practices as described herein, you should not access or use the Service.

1.3 This Privacy Policy does not apply to third-party websites, applications, or services that may be linked to from or integrated with our Service. We are not responsible for the privacy practices of such third parties, and we encourage you to review their respective privacy policies.

1.4 This Privacy Policy is incorporated into and subject to our Terms of Service.

---

2. Who We Are

Screenza is the data controller (or “business” under the CCPA) responsible for the personal information described in this Privacy Policy, unless otherwise stated.

When we process personal information on behalf of our customers (for example, when a restaurant customer uploads its own customer data, employee data, or end-user data through the Platform), we act as a data processor (or “service provider” under the CCPA). In those cases, the customer is the data controller (or “business”), and their privacy policy governs the processing of such data. Our obligations as a processor are governed by our Terms of Service, this Privacy Policy, and any applicable Data Processing Agreement.

---

3. Definitions

For the purposes of this Privacy Policy:

“Personal Information” (also referred to as “Personal Data”) means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to an identifiable natural person or household. This includes, but is not limited to, names, email addresses, IP addresses, device identifiers, location data, and online activity information.

“Sensitive Personal Information” means Personal Information that reveals an individual’s racial or ethnic origin, religious beliefs, health information, biometric data, precise geolocation, financial account information (when combined with access credentials), or other categories designated as “sensitive” under applicable privacy laws.

“Processing” means any operation or set of operations performed on Personal Information, whether or not by automated means, including collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, alignment, combination, restriction, erasure, or destruction.

“Service Provider” / “Processor” means a third party that processes Personal Information on our behalf pursuant to a written contract.

“Sale” has the meaning given under the California Consumer Privacy Act, which broadly includes making personal information available to a third party for monetary or other valuable consideration.

“Share” has the meaning given under the California Consumer Privacy Act, which includes making personal information available to a third party for cross-context behavioral advertising purposes.

---

4. Information We Collect

We collect the following categories of information:

4.1 Account and Registration Information

When you create an account or register for the Service, we collect:

• Full name
• Business name and entity type
• Email address
• Phone number (if provided)
• Mailing address or business address
• Job title or role
• Password (stored in hashed, encrypted form)
• Billing and payment information (processed and stored by our payment processor; see Section 10)

4.2 Customer Content and Business Data

When you use the Platform, you may upload or submit:

• Restaurant menus (text, images, PDFs)
• Food photographs and images
• Business logos, branding assets, and trademarks
• Pricing information and menu item descriptions
• Nutritional data, allergen information, and calorie counts
• Promotional content and advertising materials
• Playlist configurations and scheduling data
• Screen and device configuration settings
• Location information for multi-location management

4.3 AI Feature Data

When you use our AI-powered features, we process:

• Text prompts and instructions submitted to AI image generation tools
• Menu data submitted for AI-powered OCR parsing
• Uploaded images for AI enhancement or modification
• AI configuration preferences (e.g., style settings, resolution preferences)
• Metadata about AI-generated outputs (generation parameters, timestamps, Credit usage)

We do not use your Customer Content, menu data, or AI prompts to train our own AI models or any third-party AI models, except as aggregated and anonymized in accordance with Section 4.8.

4.4 Usage and Analytics Data

We automatically collect information about how you interact with the Service:

• Pages viewed, features used, and actions taken within the Platform
• Date, time, frequency, and duration of activities
• Click patterns, navigation paths, and interaction sequences
• Search queries and filter selections within the Platform
• Content creation and editing activity
• Screen deployment and publishing activity
• Error logs and performance data

4.5 Device and Technical Information

We collect technical information from devices used to access the Service:

• IP address
• Browser type and version
• Operating system and version
• Device type, model, and manufacturer
• Screen resolution and display capabilities
• Unique device identifiers (e.g., Android Advertising ID, hardware serial numbers for registered Player devices)
• Network information (connection type, ISP, Wi-Fi network name for Player devices)
• Time zone and language settings
• Referral URLs and landing pages

4.6 Player Application Data

When you use our Player Application on display devices, we collect:

• Device registration and pairing information
• Device online/offline status and connectivity history
• Content rendering performance metrics
• Cache status and storage utilization
• Software version and update status
• Display output resolution and orientation
• Playback logs (which content was displayed, when, and for how long)
• Error and crash reports from the Player Application

4.7 Communications Data

When you communicate with us, we collect:

• Email correspondence with our support, sales, or other teams
• Contact form submissions
• Live chat transcripts (if applicable)
• Survey and feedback responses
• Phone call recordings (if applicable, with prior notice and consent)
• Social media messages and interactions

4.8 Aggregated and De-Identified Data

We may derive aggregated, anonymized, or de-identified data from Personal Information (“Aggregated Data”). Aggregated Data does not identify any individual and is not considered Personal Information under applicable law. We may use Aggregated Data for any lawful business purpose, including analytics, benchmarking, industry research, product improvement, and marketing, without restriction or obligation.

---

5. How We Collect Information

We collect information through the following methods:

5.1 Directly from You. When you create an account, fill out forms, upload content, use features, contact support, or otherwise interact with the Service.

5.2 Automatically. Through cookies, web beacons, pixels, log files, SDKs, and similar tracking technologies when you access and use the Service (see Section 11).

5.3 From Your Devices. Through the Player Application and any other Screenza software installed on your devices.

5.4 From Third-Party Sources. We may receive information about you from:

• Payment processors (e.g., Stripe), including transaction confirmation and billing details (but not full payment card numbers);
• Analytics providers (e.g., Google Analytics), including website usage data;
• AI service providers that process your prompts and content on our behalf;
• Authentication providers if you use single sign-on (SSO) or social login;
• Publicly available sources, including business registries and public websites; and
• Marketing partners, including referral information and campaign attribution data.

---

6. How We Use Your Information

We use the information we collect for the following purposes:

6.1 Providing and Operating the Service

• Creating and managing your account
• Processing subscriptions, payments, billing, and invoicing
• Enabling you to create, manage, schedule, and deploy digital signage content
• Processing your requests through AI-powered features (image generation, OCR menu parsing, content creation)
• Delivering content to your registered Screens and Player Applications
• Providing customer support and responding to your requests
• Sending transactional communications (account confirmations, billing receipts, service notifications, security alerts)

6.2 Improving and Developing the Service

• Analyzing usage patterns and trends to improve features and user experience
• Identifying and fixing bugs, errors, and performance issues
• Developing new features, products, and services
• Conducting internal research and analytics
• Testing and quality assurance

6.3 Security and Fraud Prevention

• Protecting against unauthorized access, misuse, fraud, and security threats
• Monitoring for violations of our Terms of Service and Acceptable Use Policy
• Verifying identity and preventing account takeover
• Detecting and preventing bot activity, credential stuffing, and other abuse
• Complying with legal and regulatory obligations

6.4 Communications and Marketing

• Sending promotional emails, newsletters, and marketing communications (with your consent or as permitted by applicable law)
• Informing you of new features, product updates, and special offers
• Conducting surveys and gathering feedback
• Personalizing your experience within the Service

You may opt out of marketing communications at any time by clicking the “unsubscribe” link in any marketing email or by contacting us at click to reveal email. Opting out of marketing communications does not affect transactional or service-related communications.

6.5 Legal and Compliance

• Complying with applicable laws, regulations, legal processes, and governmental requests
• Establishing, exercising, or defending legal claims
• Enforcing our Terms of Service and other agreements
• Protecting the rights, property, and safety of Screenza, our customers, and others
• Responding to law enforcement requests and court orders

---

7. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom (UK), or Switzerland, we process your Personal Data based on the following legal grounds:

7.1 Performance of a Contract. Processing necessary to perform our contract with you (the Terms of Service), including providing the Service, managing your account, processing payments, and delivering AI-generated content.

7.2 Legitimate Interests. Processing necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. Our legitimate interests include operating and improving the Service, ensuring security and preventing fraud, conducting analytics and internal research, and marketing our products and services to existing customers.

7.3 Consent. Processing based on your freely given, specific, informed, and unambiguous consent, such as when you opt in to receive marketing communications, consent to the use of non-essential cookies, or submit data for specific AI features. You may withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

7.4 Legal Obligation. Processing necessary for compliance with a legal obligation to which Screenza is subject, such as tax obligations, data retention requirements, or responding to valid legal requests from public authorities.

---

8. AI-Powered Features and Data Processing

8.1 How AI Features Work. The Service utilizes artificial intelligence and machine learning technologies to provide features such as AI image generation, AI-powered OCR menu import, and AI-assisted content creation. When you use these features, the data you submit (e.g., text prompts, uploaded menus, images) is transmitted to and processed by AI model providers on our behalf to generate outputs.

8.2 Third-Party AI Providers. We use third-party AI model providers (such as Google Gemini and others) to power our AI features. Your prompts, uploaded content, and related data are transmitted to these providers solely to generate the requested output. These providers process your data as subprocessors under our Data Processing Agreements and are contractually prohibited from using your data for their own purposes, including training their own models, to the extent permitted by their terms.

8.3 Data Minimization for AI Processing. We transmit only the minimum data necessary for the requested AI operation. We do not transmit your account information, payment details, or other personal information unrelated to the specific AI request.

8.4 AI Output Data. Metadata about AI-generated outputs (e.g., generation timestamps, resolution parameters, Credit consumption records) is retained for billing, analytics, and service improvement purposes. The AI-generated content itself is stored on our servers as part of your account’s media library for as long as your account is active.

8.5 No Training on Your Data. We do not use your Customer Content, menu data, uploaded images, prompts, or AI-generated outputs to train, fine-tune, or improve any proprietary or third-party AI models. Your content is processed solely to generate the output you requested.

8.6 AI Content Moderation. We may use automated systems to review AI-generated content for compliance with our content policies. This processing is limited to detecting prohibited or harmful content and is conducted in accordance with our legitimate interests in maintaining the integrity and safety of the Service.

---

9. Information Sharing and Disclosure

We do not sell your Personal Information. We do not share your Personal Information for cross-context behavioral advertising. We disclose your information only in the following circumstances:

9.1 Service Providers and Subprocessors

We share information with third-party service providers and subprocessors who perform services on our behalf, subject to contractual obligations requiring them to protect the confidentiality and security of your information and to use it only for the purposes for which it was disclosed. See Section 10 for details.

9.2 With Your Consent or at Your Direction

We may share information when you direct us to do so or when you provide explicit consent. For example, if you integrate the Service with a third-party application or authorize a third-party to access your account.

9.3 Legal Compliance and Protection

We may disclose information when we believe in good faith that disclosure is necessary to:

• Comply with applicable law, regulation, legal process, or governmental request (including court orders, subpoenas, or requests from law enforcement);
• Enforce our Terms of Service or other agreements;
• Protect the rights, property, or safety of Screenza, our customers, or the public;
• Detect, prevent, or address fraud, security issues, or technical problems; or
• Respond to an emergency involving danger of death or serious physical injury to any person.

9.4 Business Transfers

In connection with, or during negotiations of, any merger, acquisition, sale of assets, financing, reorganization, bankruptcy, receivership, dissolution, or similar transaction involving all or a portion of our business, your information may be transferred or disclosed as part of the due diligence process or as a transferred asset. We will notify you via email and/or a prominent notice on our Website of any change in ownership or uses of your Personal Information, as well as any choices you may have regarding your information.

9.5 Aggregated and De-Identified Data

We may share Aggregated Data that cannot reasonably be used to identify you with third parties for any lawful purpose, including analytics, benchmarking, industry research, and marketing.

9.6 Affiliates

We may share information with our corporate affiliates (entities that control, are controlled by, or are under common control with Screenza) for the purposes described in this Privacy Policy. Our affiliates are required to honor this Privacy Policy.

---

10. Third-Party Service Providers and Subprocessors

We engage the following categories of third-party service providers and subprocessors that may process your Personal Information:

All service providers are bound by contractual obligations to:

• Process Personal Information only on our documented instructions;
• Maintain appropriate security measures;
• Not use Personal Information for any purpose other than providing the contracted service;
• Assist us in fulfilling our obligations to respond to data subject rights requests;
• Delete or return Personal Information upon termination of the service relationship; and
• Allow and contribute to audits and inspections as required by applicable law.

We maintain a current list of subprocessors. Customers may request this list by emailing click to reveal email. We will notify customers of any material changes to our subprocessor list.

---

11. Cookies, Tracking Technologies, and Automated Data Collection

11.1 Types of Technologies Used

We use the following tracking technologies:

Cookies: Small text files stored on your device by your web browser. We use both session cookies (which expire when you close your browser) and persistent cookies (which remain until they expire or you delete them).

Web Beacons / Pixels: Small, invisible graphic images embedded in web pages or emails that allow us to track page views, email opens, and other interactions.

Local Storage: Browser-based storage mechanisms (such as HTML5 Local Storage) used to store preferences and session data.

Log Files: Server-side records of requests made to our servers, including IP addresses, browser types, referring/exit pages, date/time stamps, and clickstream data.

SDKs and Device Identifiers: Software development kits and device-level identifiers used within the Player Application to monitor device status, performance, and content delivery.

11.2 Categories of Cookies

11.3 Managing Cookies

You can manage your cookie preferences through:

• Browser Settings: Most browsers allow you to control cookies through their settings, including blocking all cookies, accepting all cookies, or receiving a notification when a cookie is set. Note that disabling cookies may affect the functionality of the Service.
• Cookie Consent Banner: When you first visit our Website, we present a cookie consent banner that allows you to accept or decline non-essential cookies.
• Opt-Out Links: For specific analytics providers, you may use their opt-out mechanisms (e.g., Google Analytics Opt-Out Browser Add-on).

11.4 Do Not Track / Global Privacy Control

See Section 19 for our response to Do Not Track and Global Privacy Control signals.

---

12. Data Retention

12.1 General Retention Principles. We retain your Personal Information only for as long as necessary to fulfill the purposes for which it was collected, as described in this Privacy Policy, unless a longer retention period is required or permitted by law. When determining retention periods, we consider:

• The nature and sensitivity of the data;
• The purposes for which we process the data;
• Whether we can achieve those purposes through other means;
• Applicable legal, regulatory, tax, accounting, and reporting requirements;
• Applicable statutes of limitations; and
• The need to establish, exercise, or defend legal claims.

12.2 Specific Retention Periods

12.3 Deletion Upon Request. If you request deletion of your Personal Information (see Section 15), we will delete or anonymize the information within the timeframes required by applicable law, subject to legitimate retention exceptions (such as legal obligations, fraud prevention, and defending legal claims).

12.4 Backup Retention. Deleted data may persist in encrypted backups for up to 90 additional days. Backup data is not actively processed and is permanently purged in the normal backup rotation cycle.

---

13. Data Security

13.1 Security Measures. We implement and maintain commercially reasonable administrative, technical, and physical security measures designed to protect Personal Information from unauthorized access, disclosure, alteration, destruction, or loss. These measures include, but are not limited to:

• Encryption: All data transmitted between your browser/device and our servers is encrypted using TLS 1.2 or higher. Data at rest is encrypted using AES-256 or equivalent encryption.
• Access Controls: Role-based access controls, multi-factor authentication for administrative access, and the principle of least privilege for all internal systems.
• Network Security: Firewalls, intrusion detection/prevention systems, DDoS protection, and network segmentation.
• Application Security: Regular vulnerability assessments, penetration testing, secure development practices, and code review.
• Employee Security: Background checks for personnel with access to Personal Information, mandatory security awareness training, and confidentiality agreements.
• Incident Response: Documented incident response procedures for detecting, investigating, containing, and remediating security incidents.
• Vendor Security: Security assessments and contractual requirements for all third-party service providers that process Personal Information.

13.2 No Absolute Security. Despite our efforts, no method of electronic transmission or storage is 100% secure. We cannot guarantee the absolute security of your information. You are responsible for maintaining the confidentiality of your account credentials and for any activity that occurs under your account.

13.3 Breach Notification. In the event of a security breach that results in unauthorized access to, or disclosure of, your Personal Information, we will notify you and applicable regulatory authorities in accordance with the timeframes and procedures required by applicable data breach notification laws. Notification will be sent to the email address associated with your account and/or by posting a notice on our Website.

---

14. International Data Transfers

14.1 Screenza is based in the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States and potentially in other countries where our service providers maintain facilities.

14.2 The data protection laws of these countries may differ from, and may not provide the same level of protection as, the laws of your home country. By using the Service, you acknowledge and consent to the transfer of your information to the United States and other countries as described in this Privacy Policy.

14.3 Safeguards for International Transfers. For transfers of Personal Data from the EEA, UK, or Switzerland to the United States or other countries without an adequacy decision:

• We rely on applicable transfer mechanisms recognized under GDPR, including EU Standard Contractual Clauses (SCCs) as adopted by the European Commission, the UK International Data Transfer Agreement (IDTA) or UK Addendum to the EU SCCs, or other lawful transfer mechanisms as applicable.
• We implement supplementary measures where necessary, including encryption, pseudonymization, access controls, and contractual obligations with recipients.
• Where applicable, we may also rely on the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, or the Swiss-U.S. Data Privacy Framework, to the extent Screenza or its service providers are certified under such frameworks.

14.4 Customers may request a copy of the applicable transfer mechanism documentation by contacting us at click to reveal email.

---

15. Your Privacy Rights

Depending on your location and applicable law, you may have some or all of the following rights regarding your Personal Information. We respond to all verifiable requests in accordance with applicable law.

15.1 Summary of Rights

15.2 How to Exercise Your Rights

You may submit a privacy rights request by:

• Email: click to reveal email (subject line: “Privacy Rights Request”)
• Account Settings: Through the privacy settings section of your Account (when available)

15.3 Verification

To protect your privacy and security, we must verify your identity before processing your request. Verification methods may include confirming your email address, matching information you provide against our records, or requesting additional documentation. We will not fulfill a request if we cannot verify your identity.

15.4 Authorized Agents

If you designate an authorized agent to make a request on your behalf, we may require:

• Written proof of the agent’s authority (e.g., a signed authorization letter or power of attorney); and
• Verification of your identity directly with us.

15.5 Response Timing

We will respond to your verifiable request within the timeframes required by applicable law:

• CCPA/CPRA: Within 45 days (extendable by an additional 45 days with notice)
• GDPR: Within one month (extendable by two additional months for complex requests)
• Other U.S. State Laws: Within 45 days (extendable as permitted by the applicable state law)

15.6 Right to Appeal

If we deny your privacy rights request in whole or in part, you have the right to appeal our decision. To appeal, email click to reveal email with the subject line “Privacy Rights Appeal” within 60 days of receiving our decision. We will respond to your appeal within the timeframes required by applicable law. If your appeal is denied, you may contact your state attorney general or applicable data protection authority.

---

16. California Privacy Rights (CCPA/CPRA)

This Section applies to California residents and supplements the rest of this Privacy Policy with information required by the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (“CCPA”).

16.1 Categories of Personal Information Collected

In the preceding twelve (12) months, we have collected the following categories of Personal Information (as defined by the CCPA):

16.2 Sources of Collection

We collect Personal Information from the sources described in Section 5 of this Privacy Policy.

16.3 Business and Commercial Purposes

We use Personal Information for the business and commercial purposes described in Section 6 of this Privacy Policy.

16.4 Sale and Sharing

We do not sell your Personal Information. We have not sold Personal Information in the preceding twelve (12) months.

We do not share your Personal Information for cross-context behavioral advertising. We have not shared Personal Information for cross-context behavioral advertising in the preceding twelve (12) months.

16.5 Retention

We retain Personal Information for the periods described in Section 12 of this Privacy Policy.

16.6 Your California Rights

As a California resident, you have the following rights under the CCPA:

• Right to Know: Request disclosure of the categories and specific pieces of Personal Information we have collected, the categories of sources, the business or commercial purposes for collection, and the categories of third parties to whom we have disclosed the information.
• Right to Delete: Request deletion of Personal Information we have collected from you, subject to statutory exceptions.
• Right to Correct: Request correction of inaccurate Personal Information.
• Right to Opt-Out of Sale/Sharing: We do not sell or share your Personal Information, so this right is not applicable. Should our practices change, we will provide a “Do Not Sell or Share My Personal Information” link on our Website and update this Privacy Policy.
• Right to Limit Use of Sensitive Personal Information: We do not use or disclose Sensitive Personal Information for purposes beyond those permitted under the CCPA (i.e., providing the Service you requested). Should our practices change, we will provide a “Limit the Use of My Sensitive Personal Information” link.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

16.7 Financial Incentive Programs

We do not offer financial incentives or price or service differences in exchange for the retention or sale of Personal Information.

16.8 Automated Decision-Making Technology (ADMT)

As of January 1, 2026, California regulations provide consumers with rights related to Automated Decision-Making Technology. To the extent our Service uses automated processing to make decisions that produce legal or similarly significant effects concerning you, you have the right to opt out of such processing and to request information about the logic involved. Contact click to reveal email for more information or to exercise this right.

16.9 California “Shine the Light” Law

California Civil Code Section 1798.83 permits California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. We do not disclose Personal Information to third parties for their direct marketing purposes.

---

17. Rights Under Other U.S. State Privacy Laws

If you are a resident of a state with a comprehensive consumer data privacy law (including but not limited to Virginia, Colorado, Connecticut, Utah, Iowa, Indiana, Kentucky, Rhode Island, Tennessee, Texas, Montana, Oregon, Delaware, New Hampshire, New Jersey, Nebraska, Minnesota, Maryland, and Florida), you may have rights similar to those described in Section 15, including the rights to access, correct, delete, and port your data, and to opt out of targeted advertising, the sale of personal data, and profiling.

17.1 Universal Application. We apply a consistent standard of privacy protections across all U.S. states. Regardless of your state of residence, we honor requests to access, correct, delete, and port your Personal Information, and requests to opt out of targeted advertising and profiling, to the extent applicable.

17.2 Right to Appeal. If you are a resident of a state that provides a right to appeal (including Virginia, Colorado, Connecticut, Indiana, Kentucky, and others), you may appeal our decision on your privacy request as described in Section 15.6. If your appeal is denied, you may contact your state attorney general.

17.3 Universal Opt-Out Mechanisms. We recognize and honor universal opt-out preference signals, including the Global Privacy Control (GPC), as required by applicable state laws (including California, Colorado, Connecticut, Montana, Texas, Delaware, Oregon, New Hampshire, New Jersey, Nebraska, Minnesota, Maryland, and others). See Section 19.

---

18. European Economic Area, United Kingdom, and Switzerland (GDPR)

This Section provides additional information for individuals located in the EEA, UK, or Switzerland.

18.1 Data Controller. Screenza is the data controller for Personal Data processed as described in this Privacy Policy, unless we are acting as a processor on behalf of a customer (see Section 2).

18.2 Legal Bases for Processing. See Section 7 for the legal bases on which we process your Personal Data.

18.3 Your Rights Under GDPR. In addition to the rights described in Section 15, you have the right to:

• Object to Processing: Object to the processing of your Personal Data based on our legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is necessary for establishing, exercising, or defending legal claims.
• Restrict Processing: Request restriction of the processing of your Personal Data in certain circumstances, including while we verify the accuracy of your data, while we assess an objection you have raised, or where processing is unlawful but you prefer restriction over deletion.
• Lodge a Complaint: File a complaint with a supervisory authority in the EEA member state of your habitual residence, place of work, or place of the alleged infringement. A list of EEA supervisory authorities is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en. For the UK, you may contact the Information Commissioner’s Office (ICO) at https://ico.org.uk.

18.4 Data Protection Impact Assessments. Where required by the GDPR, we conduct Data Protection Impact Assessments (DPIAs) for processing activities that are likely to result in a high risk to the rights and freedoms of individuals, including the use of AI-powered features and automated decision-making.

18.5 Data Protection Officer. Screenza has not appointed a Data Protection Officer (DPO) at this time. For data protection inquiries, please contact click to reveal email.

---

19. Do Not Track and Global Privacy Control

19.1 Do Not Track (DNT). Some browsers transmit “Do Not Track” (DNT) signals to websites. There is no universally accepted standard for how to respond to DNT signals. We currently honor DNT signals as a request to opt out of non-essential tracking.

19.2 Global Privacy Control (GPC). We recognize and honor Global Privacy Control (GPC) signals as a valid opt-out request under applicable state privacy laws, including the CCPA/CPRA, and the comprehensive privacy laws of Colorado, Connecticut, Montana, Texas, Delaware, Oregon, New Hampshire, New Jersey, Nebraska, Minnesota, Maryland, Indiana, Kentucky, Rhode Island, and other states that require recognition of universal opt-out preference signals. When we detect a GPC signal from your browser, we will treat it as a request to opt out of:

• The sale of Personal Information (to the extent applicable);
• The sharing of Personal Information for cross-context behavioral advertising (to the extent applicable); and
• Targeted advertising based on your Personal Information.

GPC signals apply on a browser-by-browser and device-by-device basis. For information on enabling GPC in your browser, visit https://globalprivacycontrol.org.

---

20. Children’s Privacy

20.1 The Service is not directed to children under the age of sixteen (16). We do not knowingly collect Personal Information from children under 16. If you are under 16, you may not use the Service or provide any Personal Information to us.

20.2 If we become aware that we have collected Personal Information from a child under 16 without verifiable parental consent, we will take steps to delete that information as quickly as possible. If you believe that we have inadvertently collected information from a child under 16, please contact us immediately at click to reveal email.

20.3 We comply with the Children’s Online Privacy Protection Act (COPPA) and equivalent provisions under applicable state and international laws.

---

21. Data Processing Agreement

21.1 When Screenza acts as a data processor on behalf of a customer (the data controller), the terms of data processing are governed by our Data Processing Agreement (DPA), which supplements our Terms of Service and this Privacy Policy.

21.2 Our DPA addresses the requirements of applicable data protection laws, including the GDPR, CCPA/CPRA, and other U.S. state privacy laws, and includes provisions for:

• The subject matter, duration, nature, and purpose of processing;
• The types of Personal Data processed and the categories of data subjects;
• The obligations and rights of the controller;
• Technical and organizational security measures;
• Subprocessor management and notification;
• Assistance with data subject rights requests;
• Data breach notification obligations;
• Data return and deletion upon termination;
• Audit rights; and
• International data transfer mechanisms (including Standard Contractual Clauses).

21.3 Customers requiring a DPA may request one by contacting click to reveal email.

---

22. Third-Party Links and Services

22.1 The Service may contain links to third-party websites, services, or applications that are not operated or controlled by Screenza. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you visit or use.

22.2 We are not responsible for the privacy practices, content, or data collection of third-party services, even if they are linked to or integrated with the Service.

22.3 Your use of Stripe or other payment processors is subject to their respective privacy policies:

• Stripe Privacy Policy: https://stripe.com/privacy

---

23. Business Transfers

In the event that Screenza is involved in a merger, acquisition, asset sale, bankruptcy, reorganization, dissolution, or similar business transaction, your Personal Information may be transferred to the acquiring entity or successor. We will provide notice (via email to the address associated with your account and/or via the Website) prior to your Personal Information becoming subject to a different privacy policy. You will have the opportunity to opt out of having your information transferred to the extent required by applicable law.

---

24. Changes to This Privacy Policy

24.1 We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational, legal, or regulatory reasons.

24.2 If we make material changes to this Privacy Policy, we will notify you by one or more of the following means:

• Posting the revised Privacy Policy on our Website with an updated “Last Updated” date;
• Sending an email to the address associated with your account; and/or
• Displaying a prominent notice within the Service or on our Website.

24.3 Material changes will become effective thirty (30) days after we provide notice, unless a longer period is required by applicable law. Non-material changes (such as typographical corrections or clarifications) take effect immediately upon posting.

24.4 Your continued use of the Service after the effective date of any updated Privacy Policy constitutes your acknowledgment and acceptance of the revised practices. If you do not agree with the updated Privacy Policy, you should discontinue your use of the Service.

24.5 We maintain an archive of previous versions of this Privacy Policy. You may request prior versions by contacting click to reveal email.

---

25. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

For privacy-specific inquiries, please use the subject line “Privacy Inquiry” in your email.

For data subject rights requests, please use the subject line “Privacy Rights Request” and include sufficient information for us to verify your identity and process your request.

We will respond to your inquiry within a reasonable timeframe, and in any event within the timeframes required by applicable law.

By using the Screenza Service, you acknowledge that you have read and understood this Privacy Policy.