Privacy Policy

Effective: September 17, 2025 • Last updated: September 17, 2025

EZ Plus (also referred to as “EZTV”, “we”, “us”, or “our”) provides digital signage software and related services operated from San Francisco, California, USA. This Privacy Policy describes how we collect, use, disclose, and protect information when you use our websites (including eztv.plus), apps (including our tvOS app and management apps), and integrations with third-party services (e.g., Google Workspace).

By using our Services, you agree to this Privacy Policy. If you do not agree, please do not use the Services.

Google user data: When you connect your Google account, we access only the data necessary to provide specific features (e.g., showing selected Google Slides on TVs, rendering calendar events). We comply with Google’s API Services User Data Policy, including the Limited Use requirements. You can revoke access at any time at myaccount.google.com/permissions.

1) Information We Collect

  • Account & Contact Info. Name, email, organization, and authentication identifiers when you register or sign in.
  • Integrations Data (Google).
    • Google Slides (read-only): titles, IDs, metadata such as modifiedTime, thumbnails, and presentation content necessary to display slides on signage.
    • Google Calendar (read-only): calendar lists and event data (summary, time, location, description) used to render schedules on signage.
    • Google Drive (scoped access): for files you explicitly select or open with our app, we may read file metadata (e.g., modifiedTime) to decide whether to re-capture or refresh displayed content.
  • Device & Usage Data. IP address, device and OS information, app version, logs, and activity within the Services to operate, secure, and improve functionality.
  • Support & Communications. Messages, support tickets, and contact information you send us.

2) How We Use Information

  • Provide, operate, and improve the Services (including displaying selected Slides/Calendars on signage).
  • Authenticate users; maintain accounts; provide customer support.
  • Secure our Services, prevent abuse/fraud, and troubleshoot issues.
  • Comply with legal obligations and enforce terms.

We do not use personal information for targeted advertising.

3) Google User Data – Limited Use

When you connect your Google account, we access only the data necessary to provide specific features (for example, showing selected Google Slides on TVs or rendering calendar events). Our use and transfer of information received from Google APIs will adhere to Google’s API Services User Data Policy, including the Limited Use requirements. You can revoke our access at any time at myaccount.google.com/permissions. We also comply with the Google Privacy Policy.

  • We request the minimum Google OAuth scopes required to deliver the features you choose to use.
  • We use Google data only to provide or improve user-facing features; we do not use it for advertising or create unrelated profiles.
  • We do not sell Google user data or transfer it except as necessary to provide the Services or as required by law.
  • Human access to Google data occurs only with your consent, to comply with law, or for security/abuse investigations.

4) Data Protection & Security

Security procedures are in place to protect the confidentiality of your data. We use encryption to protect your information. Specifically, we implement:

  • Encryption in transit and at rest: TLS 1.2+ for data in transit; industry-standard encryption (e.g., AES-256) for data at rest. OAuth tokens and other secrets are stored encrypted.
  • Access controls: least-privilege access, role-based permissions, strong unique credentials, and scoped access keys for administrative access.
  • Auditing & monitoring: logging of access and changes in production systems; anomaly monitoring.
  • Secure development: code reviews, dependency patching, and vulnerability management.
  • Backups & availability: encrypted backups and redundancy to minimize service disruption.
  • Incident response: documented procedures for detecting, responding to, and notifying (as required by law) about security incidents.

4a) Sensitive Data

We do not intentionally collect “sensitive personal information” as defined by applicable law (e.g., precise geolocation, government IDs, racial or ethnic origin, health information) unless you or your organization provide it to us for a specific purpose. If we process any such information, we apply additional safeguards and restrict access on a need-to-know basis. Security procedures are in place to protect the confidentiality of your data, and we use encryption in transit and at rest.

5) Data Retention & Deletion

  • Account data is retained while your account is active. Upon account deletion, we delete or anonymize personal data within 30 days, unless we must retain it to meet legal obligations.
  • OAuth tokens are retained only while integration is active and are deleted within 7 days after you revoke access or delete your account.
  • Derived signage assets (e.g., slide screenshots) are cached to operate the service and are purged when you unlink the source or within 30 days of last use, whichever comes first.
  • You may request deletion at any time (see Contact below) or revoke Google access at myaccount.google.com/permissions.

6) When We Share Information

  • Service providers (processors): cloud hosting, analytics, logging/monitoring, email delivery, and similar vendors under contract and confidentiality obligations.
  • Legal requirements: when we believe disclosure is necessary to comply with law, regulation, or legal process, or to protect rights, safety, or security.
  • Business transfers: if we engage in a merger, acquisition, or asset sale, your data may transfer as part of that transaction, subject to this Policy.

We do not sell or share your personal information for cross-context behavioral advertising.

To request our current subprocessor list, email behrang@eztv.plus.

7) Your Rights & Choices

  • Access, correct, delete: you may request access to, correction of, or deletion of your personal data.
  • Portability: request a copy of certain data in a portable format.
  • Revoke Google access: visit myaccount.google.com/permissions.
  • California (CCPA/CPRA): California residents may exercise the rights to know, correct, delete, and opt-out of sale/share (we do not sell/share), and to limit use of sensitive personal information. You will not be discriminated against for exercising rights.
  • EEA/UK (GDPR): where applicable, we rely on lawful bases such as contract, legitimate interests, and consent. You may object or withdraw consent where we rely on consent.

To exercise rights, contact us (see Contact below). We may verify your request consistent with applicable law.

For EEA/UK users, EZ Plus is the data controller for personal data collected via our websites and apps (unless we act as a processor on behalf of your organization, such as a school or district). For school deployments, please direct student data requests to the educational institution; we will support the institution in responding.

8) Children, Schools & Student Data

Our Services are intended for use by organizations (e.g., schools, districts, businesses) and are not directed to children under 13. When used by educational institutions, we act as a service provider/processor under the institution’s direction. We do not use student personal information for advertising or create student profiles unrelated to providing the Services.

9) Cookies & Local Storage

We use cookies and similar technologies (including HTML5 local storage) to keep you signed in, remember preferences, and improve the Services. We may use privacy-preserving analytics to understand product usage and improve performance. You can control cookies in your browser settings; some features may not function if cookies are disabled.

Do Not Track: Some browsers send “Do Not Track” signals. Because there is no common industry standard, we currently do not respond to these signals. We do not sell or share your personal information for cross-context behavioral advertising.

10) International Data Transfers

We operate in the United States. If you access the Services from other regions, your information may be transferred to and processed in the U.S. Where required, we use appropriate safeguards (e.g., standard contractual clauses) for cross-border transfers.

11) Changes to this Policy

We may update this Policy from time to time. The “Effective” date above reflects the latest version. If changes materially affect your rights, we will provide additional notice.

12) Contact

Email: behrang@eztv.plus
Location: EZTV, San Francisco, CA 94109, USA.

References