Privacy Policy & Cookies

Coco Signs is a cloud digital signage platform operated by SPACECORE LTD, a company incorporated in the United Kingdom under company number 11841328, with registered office at 124 City Road, London, England, EC1V 2N.

SPACECORE LTD is the Data Controller for personal data collected through the Coco Signs website (cocosigns.com) and platform. For data processed on behalf of customers as part of service delivery, we act as Data Processor — this relationship is governed by our Data Processing Addendum.

If you have any questions about this policy or our data practices, contact us at info@cocosigns.com.

We collect data in the following ways:

Account and registration data — When you create an account, we collect your name, email address, company name, and password (stored in hashed form). This is necessary to provide you with access to the platform.

Billing data — When you subscribe to a paid plan, we collect billing address and payment method details. Card information is processed directly by our payment provider (Stripe) and is never stored on our servers.

Usage data — We collect information about how you use the platform, including features accessed, screens connected, content uploaded, and session activity. This helps us improve the service and troubleshoot issues.

Device and technical data — We collect IP address, browser type, operating system, and device identifiers when you access the platform. This data is used for security, fraud prevention, and service optimisation.

Communications — If you contact our support team or send us an email, we retain records of that correspondence to resolve your enquiry and improve our support.

Customer content — Any media files, text, or other materials you upload to the platform are stored on your behalf. We do not use your content for any purpose other than delivering the service to you.

We use the data we collect for the following purposes:

Service delivery — To provide, maintain, and improve the Coco Signs platform, process transactions, manage your account, and deliver technical support.

Security and fraud prevention — To detect and prevent unauthorised access, fraudulent activity, and abuse of our services.

Communications — To send you service-related notifications (e.g. billing confirmations, security alerts, product updates). We may also send you marketing emails if you have opted in — you can unsubscribe at any time.

Legal compliance — To comply with applicable UK and EU law, respond to lawful requests from public authorities, and enforce our Terms of Service.

Analytics and product improvement — To understand how users interact with the platform, identify areas for improvement, and develop new features. Where possible, we use aggregated or anonymised data for this purpose.

Under UK GDPR and the Data Protection Act 2018, we process your personal data on the following legal bases:

Contract performance — Processing your account and billing data is necessary to fulfil our contract with you and provide the service you have subscribed to.

Legitimate interests — We process usage data and technical data to operate our business securely, prevent fraud, and improve our product. We balance these interests against your rights and freedoms.

Legal obligation — We may process data where required by UK law, regulation, or court order.

Consent — Where we send marketing communications or use non-essential cookies, we rely on your explicit consent. You may withdraw consent at any time without affecting the lawfulness of prior processing.

We retain your personal data for as long as your account is active or as needed to provide you with the service.

If you close your account, we will delete or anonymise your personal data within 90 days, unless we are required to retain it longer to comply with legal obligations (e.g. tax and accounting records, which we retain for 7 years under UK law).

Customer content (media files, playlists, etc.) is deleted within 30 days of account closure. Anonymised usage statistics may be retained indefinitely as they cannot be linked back to you.

We do not sell your personal data. We share it only in the following circumstances:

Service providers — We work with trusted third-party providers to operate our platform, including Stripe (payment processing), Amazon Web Services (cloud infrastructure), and analytics tools. These providers act as Data Processors and are contractually bound to process data only on our instructions.

Legal requirements — We may disclose data to public authorities where required by applicable law, regulation, or valid legal process.

Business transfers — In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity. We will notify you of any such change and your rights in connection with it.

With your consent — We may share data with third parties where you have explicitly consented.

Your data may be transferred to and processed in countries outside the United Kingdom, including the United States, where our cloud infrastructure providers operate. When we transfer data internationally, we ensure appropriate safeguards are in place, such as UK International Data Transfer Agreements (IDTAs) or equivalent Standard Contractual Clauses.

You may request details of the safeguards applicable to your data by contacting us at info@cocosigns.com.

As a data subject, you have the following rights regarding your personal data:

Right of access — You may request a copy of the personal data we hold about you.

Right to rectification — You may ask us to correct inaccurate or incomplete data.

Right to erasure — You may request that we delete your personal data, subject to legal retention obligations.

Right to restriction — You may ask us to pause processing of your data in certain circumstances.

Right to data portability — You may request your data in a structured, machine-readable format.

Right to object — You may object to processing based on legitimate interests or for direct marketing purposes.

Rights related to automated decision-making — You have the right not to be subject to solely automated decisions that have a legal or significant effect on you.

To exercise any of these rights, contact us at info@cocosigns.com. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These include encryption of data in transit (TLS) and at rest, access controls and authentication, regular security assessments, and staff training on data protection.

No method of transmission over the internet is completely secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the ICO as required by UK GDPR.

We use cookies and similar tracking technologies on our website (cocosigns.com) and platform (app.cocosigns.com). This section explains what cookies we use and how you can control them.

What are cookies? Cookies are small text files placed on your device by a website. They serve various functions, from keeping you logged in to helping us understand how people use our service.

Essential cookies — These cookies are strictly necessary for the website and platform to function. They enable core features such as authentication, session management, and security. You cannot opt out of these cookies without disabling the service itself.

Preference cookies — These cookies remember your settings and preferences (e.g. language, currency selection, billing period toggle) to provide a more personalised experience. They are active for the duration of your session or up to 12 months.

Analytics cookies — We use analytics tools (such as Google Analytics) to understand how visitors interact with our website — which pages are visited, how long users stay, and where they come from. This data is aggregated and anonymised. You may opt out by adjusting your cookie preferences.

Marketing cookies — If you have consented, we may use cookies to track your interaction with our ads across third-party platforms (e.g. Google Ads, LinkedIn). These cookies help us measure campaign effectiveness. You can withdraw consent at any time.

When you first visit our website, you will be shown a cookie consent banner where you can accept all cookies, reject non-essential cookies, or customise your preferences.

You can change your cookie preferences at any time by clearing your browser cookies and revisiting the site, or by adjusting your browser settings. Note that disabling certain cookies may affect the functionality of the website.

To opt out of Google Analytics tracking, you can install the Google Analytics Opt-out Browser Add-on available at tools.google.com/dlpage/gaoptout.

We may update this Privacy Policy and Cookie Policy from time to time to reflect changes in our practices, the services we offer, or applicable law. When we make material changes, we will notify you by email or via a notice on our platform at least 30 days before the changes take effect.

The date at the top of this page reflects when the policy was last updated. We encourage you to review this policy periodically.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection contact at:

SPACECORE LTD · 124 City Road, London, England, EC1V 2N · info@cocosigns.com

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's independent data protection authority, at ico.org.uk or by calling 0303 123 1113.