Privacy Policy
KardoSign

KardoSign ("the Player") is the device-side companion app for Kardopal's digital signage platform. The Player runs on Android-powered displays you control (TVs, tablets, media sticks) and is administered by your organisation through the main Kardopal app at kardopal.com.

This policy explains what data the Player handles. The Kardopal account that owns the Player is responsible for any personal data shown on screen.

Data the Player handles

Device identifier (required)

On first launch, the Player generates a 6-character pairing code and exchanges it with the Kardopal server for an opaque device ID (a random cuid). The device ID lets the server send your display the correct content. It does not contain any personal information.

Device technical metadata (required)

For diagnostics and to surface the device in your organisation's admin console, the Player reports:

• Android version
• Device model and manufacturer
• App version
• Last seen timestamp
• Currently playing playlist and content reference

Screenshots (only on request)

The Kardopal app lets an admin in your organisation request a screenshot of the current display state to verify what is on screen. When such a request is issued:

• The Player captures the current frame as a JPEG
• Uploads it to Kardopal's secure storage
• The screenshot becomes visible in the admin console for users in your organisation only

Screenshots are stored in the same Kardopal storage your organisation already uses, retained for the standard period defined by your organisation's data-retention settings, and never shared with anyone outside your organisation. Screenshots are not taken on a schedule — only when explicitly requested by an admin.

What the Player does NOT collect

The Player does not collect:

• Personal data of end-viewers who walk past the display
• Camera or microphone audio (the Player does not request these permissions)
• Location data
• Contacts, calendar, SMS, call logs, or any other Android personal-data buckets

Data we share

Data is processed exclusively by Kardopal's own backend at api.kardopal.com (AWS, us-east-1). We do not sell or share device data with third parties.

Children

The Player is a B2B device-management tool. It is not directed at children.

Security

All communication uses HTTPS. Device-issued credentials are stored in Android's EncryptedSharedPreferences. Screenshots are stored under restricted-access keys.

Your rights

If your organisation no longer wants Kardopal to hold your device's data:

• Unpair the device from the Kardopal admin console — this deletes the device record and any associated screenshots
• Or contact privacy@kardopal.com to request deletion

Contact

Kardopal
privacy@kardopal.com
kardopal.com