Privacy Policy.
How Hangar.Media collects, uses, stores, and protects your personal data under UK GDPR.
Last updated: April 2026
Introduction
Hangar.Media Ltd ("Hangar.Media", "we", "us", "our") is the data controller for personal data collected through our digital signage management platform and website at hangar.media.
We are committed to protecting your privacy and handling your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and what rights you have. It applies to all visitors to our website and all users of our Service.
If you have any questions about this policy, please contact us using the contact form on our website.
Data We Collect
We collect different categories of personal data depending on how you interact with us:
Identity data
Your name, job title, and company name, provided when you create an account or contact us.
Contact data
Your email address, telephone number, and business address.
Account data
Your username, password (stored as a secure hash — we never store plain-text passwords), account preferences, role and permissions within your organisation's account, and activity logs (such as login history and actions taken within the platform).
Technical data
Your IP address, browser type and version, operating system, time zone, and device information. This data is collected automatically when you use the Service. For data collected from signage player devices specifically, see the "Signage Player Applications" section below.
Usage data
Information about how you use the platform, including pages visited within the dashboard, features used, screen configurations, and content management activity.
Payment data
Billing name, billing address, and transaction history. Payment card details are collected and processed directly by Stripe — Hangar.Media does not store your card numbers, CVV, or full payment card details. We receive only a tokenised reference and the last four digits of your card for identification purposes.
Signage Player Applications
Hangar.Media publishes signage player applications for multiple device platforms. Each player is a display application that shows content assigned by a business operator through the Hangar.Media dashboard. The players provide no interactive interface for end viewers. Except where an operator has explicitly enabled audience measurement features (see "Audience Measurement" below), the players collect no data about members of the public.
Supported platforms
| Platform | Distribution | Device identifier used |
|---|---|---|
| Android (AOSP / Android TV) | Direct APK, Google Play Store | Hashed install-time identifier |
| Windows | Direct installer | Hashed install-time identifier |
| Apple (iPadOS / tvOS) | Apple App Store | App-scoped vendor identifier |
| Samsung Tizen | Samsung TV App Store | App-scoped identifier |
| LG webOS | LG Content Store | App-scoped identifier |
| Sony / Philips (Android TV) | Google Play Store | Hashed install-time identifier |
Data we collect from signage players
Regardless of platform, each player reports the following to our servers solely to enable content delivery, device pairing, and fleet health monitoring:
- Device identifier: the Android system's
ANDROID_IDvalue (a per-device-per-application-signing-key identifier that survives reboots and resets on factory reset) and, where readable on the panel's hardware, the device serial number. Both are scoped to the operator's account and are never used to track the device across different operators or to combine with any external dataset. We do not use IMEI, persistent advertising identifiers, hardware fingerprints, or any identifier that would survive a factory reset of the device. - Application version, Android version, device manufacturer and model: transmitted with every diagnostic event so we can correlate fleet incidents to specific platform versions or hardware. These values identify a class of device, not an individual customer or person.
- IP address: collected at the network level for routing, rate-limiting, and abuse detection.
- Network connectivity metadata: Wi-Fi SSID and BSSID (where the operating system permits the player application to read them — typically on installations the customer has explicitly provisioned as a managed kiosk), Wi-Fi signal strength, link speed, the player's local IP address, and (where readable) the device's Wi-Fi MAC address. Used solely for the operator dashboard to report each panel's connectivity status. The player does not collect any other Wi-Fi data: no scanning of nearby networks, no tracking of connection history, no derivation of physical location beyond what the operating system exposes.
- Heartbeat and playback telemetry: online/offline status, current playlist, and playback errors.
- On-demand screen capture: when an operator explicitly requests a screenshot from the dashboard, the player captures the currently displayed content (the operator's own scheduled signage media) and transmits it to the operator's tenant. The capture is operator-initiated; the player never captures the screen autonomously or on a schedule. Captures contain only the displayed content — the player never accesses a device camera, microphone, or any other sensor. Any third-party content the operator has chosen to embed in a playlist (a public web page, an RSS feed) may be visible in the resulting capture; operators should consider this when configuring playlists with externally-sourced content.
- Diagnostic data: crash reports, watchdog recovery events, and — on operator request — recent application log output. Logs are filtered to the player application's own process only and contain no data from other applications on the device. Used for fleet health monitoring and field-debugging.
Data we do not collect from signage players
The signage players never collect, transmit, or store:
- Camera images, photographs, or video from any device camera
- Microphone audio or voice recordings
- Biometric data of any kind
- TV viewing behaviour, channel history, or electronic programme guide data
- Browser history or bookmarks
- Demographic inference (age, gender, ethnicity) about individual viewers
- Identification or recognition of specific individuals
- Tracking of individuals across visits or venues
- Hardware identifiers
- GPS coordinates, cellular triangulation, or any other precise-location data. The Wi-Fi metadata described above is collected on managed-kiosk installs but is not used to derive a physical location for the device.
- Contact lists, calendar entries, or data from other applications on the device
Who is the "user"?
For the purposes of this section, the "user" of a signage player is the business operator whose Hangar.Media account the device is paired to — not members of the public who may see the screen. Public viewers are not tracked, identified, or measured in any way by the player application, except through the optional aggregate measurement features described below.
Audience Measurement
Some Hangar.Media signage players will support optional audience measurement features in a future release — for example, counting the number of people present in a venue, or measuring approximate dwell time in front of a screen. These features are not active today and will only be enabled for a specific device when a business operator explicitly opts in. This section describes how these features will operate when released.
When audience measurement is enabled, the player may process input from sensors connected to or built into the display device, such as cameras, depth sensors, Bluetooth or Wi-Fi proximity sensors, or passive infrared sensors. This processing is carried out for the purposes of generating aggregate, anonymous statistics, such as:
- Total visitor count per hour, day, or week
- Approximate dwell time in front of a screen
- Zone occupancy counts within a venue
What is processed on the device only
When audience measurement is enabled, the following are processed on the device itself and are never transmitted to or stored on Hangar.Media servers:
- Raw camera frames, video, or images
- Raw sensor readings that could identify an individual
- Biometric templates, facial recognition data, or skeletal tracking data
- Bluetooth or Wi-Fi MAC addresses, before being hashed and discarded
The device derives an anonymous count or measurement and immediately discards the raw input.
What is stored on our servers
Only the resulting aggregate, anonymous statistics are transmitted to Hangar.Media and stored against the operator's account. These statistics do not identify any individual and cannot be used to re-identify a specific visitor.
Controller and processor roles
When audience measurement is enabled, the business operator is the data controller for any personal data processing that occurs on the device. Hangar.Media acts as a data processor on the operator's instructions. The operator is responsible for:
- Establishing a lawful basis for the processing under UK GDPR (typically legitimate interest or, where required, consent)
- Displaying appropriate signage at the venue entrance or near the screen, informing visitors that audience measurement is in use
- Completing any Data Protection Impact Assessment (DPIA) required by the Information Commissioner's Office
Hangar.Media publishes a template Data Processing Agreement to assist operators with these obligations.
Features not offered
Hangar.Media does not offer, and signage players do not support, the following under any circumstances:
- Facial recognition or identification of individual people
- Demographic inference (age, gender, ethnicity) from camera input
- Tracking of the same individual across multiple visits or multiple venues
- Sharing or selling of audience measurement data to advertising networks or third parties
- Combining audience measurement data with any other identifying dataset
How We Use Your Data
We only use your personal data when we have a lawful basis to do so. The table below sets out our purposes and the corresponding legal basis:
| Purpose | Lawful basis |
|---|---|
| Providing and operating the Service, including account management, content delivery, and screen management | Performance of our contract with you (Art. 6(1)(b)) |
| Providing customer support and responding to your enquiries | Performance of our contract with you (Art. 6(1)(b)) |
| Improving the platform, identifying usage patterns, and developing new features | Legitimate interest (Art. 6(1)(f)) — improving our service for all users |
| Maintaining the security of the platform and detecting fraud or abuse | Legitimate interest (Art. 6(1)(f)) — protecting you and our platform |
| Sending transactional emails (account confirmations, password resets, billing receipts, service notifications) | Performance of our contract with you (Art. 6(1)(b)) |
| Sending marketing communications (product updates, newsletters, promotional content) | Your consent (Art. 6(1)(a)) — you can withdraw at any time |
| Complying with legal and tax obligations (such as maintaining financial records) | Legal obligation (Art. 6(1)(c)) |
Data Sharing
We do not sell, rent, or trade your personal data to any third party.
We share your data only with the following categories of service providers (sub-processors), who process data on our behalf and under our instructions:
| Sub-processor | Purpose | Location |
|---|---|---|
| DigitalOcean | Infrastructure hosting (servers, databases, storage) | UK (London) |
| Stripe | Payment processing | EU (Ireland) |
We may also disclose your personal data if required to do so by law, court order, or a regulatory authority, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
International Transfers
Your personal data is stored and processed within the United Kingdom (UK):
- Hosting: Our servers are located in DigitalOcean's UK (London) data centre.
- Payments: Stripe processes payment data within the EU (Ireland).
As a UK-based company with UK-based infrastructure, your data does not leave the United Kingdom for core hosting purposes. Where sub-processors operate within the European Union (such as Stripe in Ireland), we rely on the UK adequacy regulation for the EU, which recognises EU data protection standards as adequate under UK GDPR — meaning no additional transfer safeguards are required for those services.
If in the future we engage sub-processors outside the UK or EU, we will ensure appropriate transfer mechanisms are in place (such as Standard Contractual Clauses) and will update this policy accordingly.
Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. Our retention periods are as follows:
| Data category | Retention period | Reason |
|---|---|---|
| Account data | Duration of account + 30 days | Service delivery and post-termination export window |
| Billing and invoice records | 7 years | HMRC legal requirement |
| Platform usage logs | 90 days | Security monitoring and service improvement |
| API and security logs | 365 days | Security analysis and incident investigation |
| Marketing consent records | Until consent is withdrawn | Demonstrating lawful basis |
| Signage device telemetry (heartbeat, crash, watchdog events) | 365 days | Fleet health monitoring and incident investigation |
| Database backups | 30-day rolling cycle | Disaster recovery |
When data reaches the end of its retention period, it is securely deleted or anonymised.
Your Rights
Under the UK GDPR, you have the following rights in relation to your personal data:
- Right of access (Article 15): You can request a copy of the personal data we hold about you.
- Right to rectification (Article 16): You can ask us to correct any inaccurate or incomplete data.
- Right to erasure (Article 17): You can ask us to delete your personal data where there is no compelling reason for us to continue processing it.
- Right to restriction (Article 18): You can ask us to restrict the processing of your data in certain circumstances.
- Right to data portability (Article 20): You can request a copy of your data in a structured, machine-readable format.
- Right to object (Article 21): You can object to processing based on legitimate interest or for direct marketing purposes.
How to exercise your rights
To exercise any of these rights, please contact us using the contact form on our website. You can also email your request to the address provided on the contact page.
We will respond to all legitimate requests within 30 days. In exceptional cases where a request is particularly complex or voluminous, we may extend this period by a further 60 days, but we will inform you of this within the initial 30-day period.
We may ask you to verify your identity before processing your request. We will not charge a fee for most requests, but we may charge a reasonable fee or refuse requests that are manifestly unfounded or excessive.
Business operators may also request export or deletion of telemetry data for any signage device paired to their account, within the same 30-day response window.
Cookies
We use a small number of cookies that are essential for the Service to function. We do not use any third-party analytics or marketing cookies.
For full details of the cookies we use, their purposes, and how to manage them, please see our Cookie Policy.
Children
The Service is a business-to-business platform and is not directed at individuals under the age of 18. We do not knowingly collect personal data from children.
If we become aware that we have collected personal data from someone under the age of 18, we will take steps to delete that data as soon as reasonably practicable. If you believe we may hold data relating to a child, please contact us immediately.
Signage player applications are deployed in commercial environments and provide no interactive interface for end viewers of any age. The players do not capture images, audio, or behavioural data from passers-by, and are not designed for or directed at minors.
Security
We take the security of your data seriously and have implemented appropriate technical and organisational measures to protect it, including:
- Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.3.
- Encryption at rest: Data stored in our databases and file storage is encrypted using AES-256.
- Access controls: Access to personal data is restricted to authorised personnel on a need-to-know basis, using role-based access controls.
- Regular review: We regularly review and update our security measures in response to evolving threats and industry best practices.
- Backups: Encrypted backups are maintained on a 30-day rolling cycle and stored in a geographically separate UK location.
While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we are committed to maintaining industry-standard protections.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the Service itself.
If we make material changes, we will notify you at least 30 days in advance by email to the address associated with your account and by displaying a prominent notice within the Service. Non-material changes (such as clarifications or formatting updates) may be made without prior notice.
We encourage you to review this policy periodically. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.
Contact
If you have any questions about this Privacy Policy or how we handle your personal data, please contact us using the contact form on our website.
If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection:
- Website: ico.org.uk
- Helpline: 0303 123 1113
- Registration number: ZC121410
- Date registered: 11 April 2026 (expires 10 April 2027)
We would, however, appreciate the chance to address your concerns before you approach the ICO, so please contact us in the first instance.