1. Introduction

This Privacy Policy describes how Benex Technology LLC, doing business as Loop Digital Signage (“Loop”, “we”, “us”, or “our”), collects, uses, discloses, and safeguards your personal information when you access or use the Loop Digital Signage platform, websites, applications, player software, and related services (collectively, the “Service”), available at https://loopdigitalsignage.com and https://app.loopdigitalsignage.com.

This Privacy Policy applies to all users of the Service, including account administrators, authorized users, website visitors, and any person whose personal data is processed through the Service.

By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you are using the Service on behalf of an organization, you represent that you have authority to bind that organization to this Privacy Policy.

2. Information We Collect

2.1 Information You Provide Directly

When you register for an account, subscribe to a plan, or interact with the Service, we collect information you voluntarily provide, including: first name and last name; email address; organization or company name; phone number (optional); billing address; payment information (credit card details are processed and stored by our third-party payment processor, Stripe, and are not stored on Loop’s servers); account password (stored in encrypted form); and any other information you choose to provide through support requests, surveys, or feedback forms.

2.2 Information Collected Automatically

When you access or use the Service, we automatically collect certain technical and usage information, including: IP address; browser type and version; operating system and device type; unique device identifiers; access times, dates, and session duration; pages and features viewed within the Service; referring URL and exit pages; clickstream data and usage patterns; and language preferences.

2.3 Device and Player Data

When you connect hardware devices (players) to the Service, we collect information from those devices, including: device IP address and MAC address; device model, operating system, and firmware version; online/offline status and connectivity logs; content playback logs (what content was displayed and when); screenshot captures for remote monitoring (if enabled by you); storage capacity and resource utilization; and error logs and diagnostic data.

2.4 Content Data

We process and store the media files, images, videos, documents, web pages, and other content you upload to or create within the Service (“User Content”) for the purpose of delivering the Service. User Content is stored on our cloud infrastructure to enable content distribution to your connected display screens.

2.5 Cookies and Tracking Technologies

We use the following types of cookies and similar technologies:

(a) Strictly Necessary Cookies: Required for the Service to function, such as authentication cookies and session management. These cannot be disabled.

(b) Functional Cookies: Enable enhanced functionality and personalization, such as remembering your preferences and settings.

(c) Analytics Cookies: Help us understand how the Service is used, including page views, session duration, and feature usage. We use services such as Google Analytics for this purpose.

(d) Marketing Cookies: Used to deliver relevant advertisements and track the effectiveness of marketing campaigns. These are only placed with your consent where required by applicable law.

You can manage your cookie preferences through our cookie consent banner displayed on first visit, or through your browser settings. Disabling certain cookies may affect the functionality of the Service. For more details, see our Cookie Policy, available on our website.

3. How We Use Your Information

We use the information we collect for the following purposes:

(a) Service Delivery: To create and manage your account; to provide, operate, maintain, and improve the Service; to process transactions and send billing confirmations; to deliver content to your connected display screens; and to deliver automatic software and security updates to player devices.

(b) Communication: To send you service-related notices, including security alerts, maintenance notifications, and account activity alerts; to respond to your inquiries and provide customer support; and to send promotional communications if you have opted in (you may opt out at any time).

(c) Analytics and Improvement: To analyze usage patterns and trends to improve and optimize the Service; to conduct research and development for new features; and to generate aggregated, de-identified analytics and benchmarks.

(d) Security and Compliance: To detect, prevent, and address technical issues, fraud, and security concerns; to enforce our Terms of Service and other policies; to comply with applicable legal obligations; and to protect the rights, property, and safety of Loop, our users, and the public.

(e) Artificial Intelligence Features: If you use AI-powered features within the Service, we process your inputs to generate outputs. Loop does not use your User Content or personal data to train, improve, or develop artificial intelligence or machine learning models unless you provide explicit prior written consent. We may use aggregated, anonymized, and de-identified usage data and metadata (which does not identify any individual or customer) to improve AI Features and the Service generally.

4. Legal Basis for Processing (EEA, UK, and Switzerland)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, our legal basis for collecting and using your personal data depends on the specific data and the context in which we collect it:

(a) Performance of a Contract: Processing necessary to provide the Service under our Terms of Service (e.g., account management, content delivery, billing).

(b) Legitimate Interests: Processing necessary for our legitimate business interests, provided those interests are not overridden by your data protection rights (e.g., analytics, fraud prevention, service improvement).

(c) Consent: Where you have given us specific consent to process your data for a particular purpose (e.g., marketing communications, optional cookies).

(d) Legal Obligation: Processing necessary to comply with a legal obligation to which Loop is subject (e.g., tax reporting, responding to lawful data access requests).

You may withdraw your consent at any time where consent is the legal basis for processing, without affecting the lawfulness of processing based on consent before its withdrawal.

5. How We Share Your Information

We do not sell your personal information. We may share your information only in the following limited circumstances:

(a) Service Providers and Sub-processors: We use third-party companies to facilitate and support the Service, including cloud infrastructure hosting (Microsoft Azure), payment processing (Stripe), email delivery services, customer support tools, and analytics providers. These third parties process your information only on our behalf, under our instructions, and are bound by contractual obligations to protect your data. A current list of our sub-processors is maintained on our website at loopdigitalsignage.com/sub-processors.

(b) Legal Requirements: We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or where we believe disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a government request.

(c) Business Transfers: If Benex Technology LLC is involved in a merger, acquisition, reorganization, bankruptcy, or sale of all or substantially all of its assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice within the Service of any change in ownership or uses of your personal data, and any choices you may have regarding your personal data.

(d) With Your Consent: We may share your information with third parties when you have given us explicit consent to do so.

(e) Aggregated and De-identified Data: We may share aggregated or de-identified data that cannot reasonably be used to identify you, for industry analysis, benchmarking, and other purposes.

6. International Data Transfers

The Service is hosted on Microsoft Azure infrastructure. Your data may be stored and processed in data centers located in the United States, Europe, and other regions where Azure operates.

If you are located in the EEA, UK, or Switzerland and your data is transferred to a country that has not been deemed to provide an adequate level of data protection, we implement appropriate safeguards, including: EU Standard Contractual Clauses (SCCs) approved by the European Commission; the UK International Data Transfer Agreement or UK Addendum to the EU SCCs, as applicable; and any additional supplementary measures as required by applicable data protection guidance.

By using the Service, you acknowledge and consent to the transfer and processing of your data in these locations, subject to the safeguards described above.

7. Data Retention

We retain your personal information in accordance with the following principles:

(a) Account Data: We retain your account information for as long as your account is active or as needed to provide the Service. Upon account termination, we will retain your data for thirty (30) days to allow for data export, after which it will be scheduled for secure deletion.

(b) Billing and Transaction Data: We retain billing records for the period required by applicable tax and accounting laws (typically five to seven years).

(c) Usage and Analytics Data: We retain usage logs and analytics data for up to twenty-four (24) months, after which they are aggregated and de-identified or deleted.

(d) Device and Player Data: Device logs and playback records are retained for up to twelve (12) months from the date of collection, unless a longer retention period is required for troubleshooting an active support case.

(e) Content Data: User Content is retained for the duration of your subscription and for thirty (30) days following account termination, after which it may be permanently deleted.

(f) Legal Obligations: We may retain certain information for longer periods as necessary to comply with legal obligations, resolve disputes, enforce our agreements, or as otherwise permitted by applicable law.

8. Data Security

We implement industry-standard technical and organizational measures designed to protect your personal information, including: encryption of data in transit (TLS 1.2 or higher) and at rest (AES-256); access controls and role-based permissions; multi-factor authentication for administrative access; regular security assessments and penetration testing; secure data backup and disaster recovery procedures; employee security awareness training; and incident response procedures.

While we strive to protect your information using commercially reasonable measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security and shall not be liable for unauthorized access, data loss, or security breaches except as set forth in our Terms of Service.

9. Your Privacy Rights

9.1 Rights for All Users

Regardless of your location, you may: access the personal data we hold about you; request correction of inaccurate data; request deletion of your account and associated data; opt out of marketing communications at any time; and export your User Content in a commonly used, machine-readable format.

9.2 Additional Rights for EEA, UK, and Swiss Residents

If you are located in the EEA, UK, or Switzerland, you have additional rights under the GDPR, including: the right to restrict processing of your personal data; the right to object to processing based on legitimate interests; the right to data portability; the right to withdraw consent at any time; and the right to lodge a complaint with your local data protection supervisory authority. For a list of EEA supervisory authorities, visit: https://edpb.europa.eu/about-edpb/about-edpb/members_en.

9.3 California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

(a) Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources from which the information was collected, the business purpose for collection, and the categories of third parties with whom we share the information.

(b) Right to Delete: You may request that we delete personal information we have collected from you, subject to certain exceptions permitted by law.

(c) Right to Correct: You may request that we correct inaccurate personal information we maintain about you.

(d) Right to Opt-Out of Sale or Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising purposes.

(e) Right to Limit Use of Sensitive Personal Information: We do not use or disclose sensitive personal information for purposes other than those permitted under the CPRA.

(f) Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

To exercise any of these rights, please contact us at [email protected] or use the mechanisms provided within the Service. We will respond to verifiable requests within the timeframes required by applicable law (generally 45 days for CCPA requests, 30 days for GDPR requests).

Categories of personal information collected in the preceding twelve (12) months, as defined by the CCPA, include: identifiers (name, email, IP address); commercial information (billing records, subscription history); internet or electronic network activity (usage data, browsing history within the Service); and professional or employment-related information (company name, job title if provided).

9.4 Additional US State Privacy Rights

Residents of other US states with comprehensive privacy laws (including Colorado, Connecticut, Delaware, Iowa, Montana, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Virginia, and others as enacted) may have similar rights. Please contact us at [email protected] to exercise your rights under applicable state privacy laws.

10. Children’s Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have inadvertently collected personal data from a child without verification of parental consent, we will take steps to delete that information promptly. If you believe that we have collected information from a child under 18, please contact us immediately at [email protected].

11. Third-Party Links and Integrations

The Service may contain links to third-party websites, services, or integrations (such as social media widgets, analytics tools, or content sources). This Privacy Policy does not apply to such third-party services, and we are not responsible for their privacy practices, content, or security. We encourage you to review the privacy policies of any third-party services you access through our platform before providing personal information.

12. Marketing Communications

If you opt in to receive product updates and marketing communications during registration or at any subsequent point, you may receive promotional emails from us. You can opt out at any time by: clicking the “unsubscribe” link in any marketing email; adjusting your notification preferences in your account settings; or contacting us at [email protected]. Opting out of marketing communications does not affect transactional or service-related messages (such as billing confirmations, security alerts, or maintenance notices).

13. Do Not Track Signals

Some browsers transmit “Do Not Track” (DNT) signals. Because there is no common industry standard for DNT signals, the Service does not currently respond to DNT signals. We will update this Privacy Policy if and when a common standard for responding to DNT signals is established.

14. Data Protection Officer

We have designated a Data Protection Officer (DPO) to oversee compliance with applicable data protection laws. You may contact our DPO at: [email protected].

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. For material changes, we will provide at least thirty (30) days’ prior notice via email to the address associated with your account or through a prominent notice within the Service. Non-material changes (such as formatting corrections or clarifications) may be made without notice. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. We encourage you to review this Privacy Policy periodically. The “Last Updated” date at the top of this page indicates when this Privacy Policy was last revised.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, your personal data, or our data practices, please contact us at:

Benex Technology LLC

d/b/a Loop Digital Signage

General Inquiries: [email protected]

Privacy Inquiries: [email protected]

Data Protection Officer: [email protected]

Website: https://loopdigitalsignage.com