Legal

Privacy Policy

This Privacy Policy explains what personal data Display Manager collects, how it is used, who it is shared with, how long it is kept, and which privacy rights may apply.

Last updated May 29, 2026support@display-manager.com
Corredera Baja de San Pablo 37, 2C28004 MadridSpain

Online-only business. No customer walk-in location.

1. Who we are

This Privacy Policy applies to the Display Managerwebsite, account services, digital checkout flow, and related license-management features operated by Display Manager, operated by David Julian Spiess.

Privacy contact: support@display-manager.com

Trader address: Corredera Baja de San Pablo 37, 2C, 28004 Madrid, Spain

Online-only business. No customer walk-in location.

2. Personal data we collect

  • Account and authentication data: email address, hashed password for local sign-in, OAuth provider identifier, provider name, and account role.
  • Purchase and licensing data: order ID, price/package selected, quantity, payment-status events, Stripe checkout session identifiers, and license entitlements linked to your account.
  • Device and entitlement data: device identifiers, device name, platform, app version, last seen time, desktop approval-session data, and refresh token records used to maintain companion-app access.
  • Technical and security data: IP address, request metadata, logs, fraud-prevention signals, and cookie or local-storage identifiers necessary to operate the site securely.
  • Support and communications data:information you include when you contact us about orders, privacy rights, bugs, or account issues.

3. How we collect data

  • Directly from you when you sign in, buy a license, or contact us.
  • From identity providers you choose to use, such as Apple, Google, or GitHub, when you sign in with OAuth.
  • From payment and fulfillment events generated by our payment processor.
  • From your browser, desktop app, or mobile app when they connect to account and licensing services.

4. Why we use personal data

  • To create and maintain accounts, authenticate sessions, and let you sign in across supported surfaces.
  • To process payments, create and fulfill license orders, and keep an accurate record of entitlements and device usage.
  • To protect the service, prevent abuse, investigate fraud, detect security incidents, and enforce our terms and license rules.
  • To respond to support requests, troubleshoot bugs, and communicate about purchases or account issues.
  • To comply with legal, tax, accounting, and regulatory obligations.

5. Legal bases for EEA/UK-style privacy regimes

  • Contract: when we need the data to provide the account, fulfill a purchase, or deliver license-management features you requested.
  • Legitimate interests: for security, fraud prevention, service integrity, troubleshooting, and proportionate business operations where those interests are not overridden by your rights.
  • Legal obligation: when we need to retain or disclose information for tax, accounting, security, or other compliance requirements.
  • Consent: where a law specifically requires consent, such as for non-essential cookies or similar tracking if we introduce them in the future.

6. Sharing of personal data

  • Payment processor: Stripe handles card payment workflows. We do not store full payment-card numbers in this application.
  • Identity providers: Apple, Google, or GitHub when you choose those sign-in methods.
  • Hosting and infrastructure providers:service providers that host or secure the app and its related APIs, database, and deployment environment.
  • Professional and legal recipients: where reasonably necessary for legal compliance, fraud prevention, dispute handling, or business reorganization.

We do not currently sell personal data, and we do not currently share personal data for cross-context behavioral advertising.

7. International transfers

Depending on where you are located and which providers are involved in your transaction, personal data may be processed in countries outside your own. When a transfer requires safeguards under applicable law, we aim to rely on lawful transfer mechanisms such as contractual safeguards, adequacy-based transfers, or equivalent protections as required.

8. How long we keep data

  • Browser authentication cookies: stored for up to 7 days, while the current signed session token itself is configured to expire after roughly 24 hours.
  • Desktop sign-in approval sessions:designed to expire after about 10 minutes.
  • Desktop access tokens: designed to expire after about 15 minutes.
  • Desktop refresh-token records: designed to expire after about 90 days unless revoked or rotated earlier.
  • Licenses, device bindings, and order records: retained while your account is active and afterward for as long as reasonably necessary to prove purchase, enforce licensing, resolve disputes, and satisfy tax or accounting obligations.
  • Support and security logs: retained only as long as reasonably necessary for troubleshooting, abuse prevention, audit, and compliance purposes.

9. Your privacy rights

Depending on your location and the law that applies, you may have the right to access, correct, delete, restrict, object to, or port certain personal data, and to withdraw consent where consent is the legal basis.

California and certain other U.S. state privacy laws may also provide rights to know, correct, delete, opt out of sale or sharing, limit certain sensitive-data uses, and receive equal treatment for exercising those rights where applicable.

You can request to exercise applicable rights by emailing support@display-manager.com. We may need to verify your identity before completing a request. We will respond within the time required by applicable law.

10. Cookies and similar technologies

We use cookies and browser storage for authentication, shopping-cart persistence, and theme preferences. More detail appears in our Cookie Notice.

11. Automated decision-making

We do not currently use personal data for fully automated decisions that produce legal or similarly significant effects about you.

12. Children

The service is not directed to children under 16, and we do not knowingly collect personal data from children in a way that would require parental authorization under applicable law. If you believe a child provided personal data to us, contact us so we can review and delete it where appropriate.

13. Changes to this policy

We may update this Privacy Policy when our practices, services, vendors, or legal obligations change. The latest version will be posted on this page with an updated revision date.