Privacy Policy

Last updated: March 16, 2026

1. Who we are

Skarmly AB ("Skarmly", "we", "us") operates the skarmly.com digital signage platform. We are the data controller for personal data processed through our service.

Contact: [email protected]

2. Data we collect

  • Account data: email address, hashed password, organization name, role.
  • Device data: device identifiers, screen resolution, platform info, app version, last-seen timestamps.
  • Content data: media files (images and videos) you upload, playlists, and schedules you create.
  • Usage data: playback logs (which content played on which device and when), audit logs (actions performed in the admin dashboard).
  • Technical data: IP addresses, browser type, and request logs for security and debugging purposes.

3. How we use your data

  • To provide and operate the Skarmly platform, including content delivery to your devices.
  • To authenticate your identity and enforce access controls.
  • To send transactional emails (password resets, team invitations).
  • To monitor service health, detect abuse, and troubleshoot issues.
  • To enforce plan limits and calculate storage usage.

4. Legal basis (GDPR)

  • Contract performance: processing necessary to deliver the service you signed up for.
  • Legitimate interest: security monitoring, fraud prevention, and service improvement.
  • Legal obligation: where we are required to retain data by law.

5. Data storage and transfers

Your data is stored on servers within the European Union. Media files are stored on Cloudflare R2 (edge locations globally). We use Resend for transactional emails (US-based, GDPR-compliant DPA in place).

6. Data retention

  • Account data is retained while your account is active and for 30 days after deletion.
  • Audit logs are automatically deleted after 90 days.
  • Playback logs are retained for 12 months, then automatically purged.
  • Media files are deleted when you remove them or when your account is closed.

7. Data sharing

We do not sell your personal data. We share data only with sub-processors necessary to operate the service:

  • Railway — application hosting and database.
  • Cloudflare — media storage and CDN.
  • Resend — transactional email delivery.
  • Google — OAuth sign-in (only if you choose Google sign-in).

8. Your rights

Under GDPR, you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate data.
  • Erase your data ("right to be forgotten").
  • Restrict or object to processing.
  • Data portability — receive your data in a structured, machine- readable format.
  • Lodge a complaint with your local data protection authority.

To exercise any of these rights, contact us at [email protected].

9. Cookies

Skarmly uses only essential cookies and localStorage for authentication tokens. We do not use tracking cookies, analytics cookies, or third-party advertising cookies.

10. Changes to this policy

We may update this policy from time to time. We will notify you of material changes via email or a notice in the dashboard. Continued use of the service after changes constitutes acceptance.