Uscreen and GDPR / UK GDPR
Uscreen is designed to help our publishers comply with the EU General Data Protection Regulation (GDPR), the UK GDPR, the UK Data Protection Act 2018, and the California Consumer Privacy Act (CCPA).
Under the GDPR, you are the data controller of your subscribers' personal information β you decide how it's collected and used. Uscreen acts as your data processor, handling subscriber information on your behalf and at your direction, as set out in our Data Processing Agreement.
The platform includes the technical controls that support compliance: account deletion with a 30-day purge, opt-in/opt-out marketing flags, SSL/TLS encryption in transit, encryption at rest, PCI DSS for payments, and cookie consent. We do not sell your data or your subscribers' data.
Because GDPR compliance also depends on how you configure and operate your store β what you collect at checkout, what marketing emails you send, who your sub-processors are β we recommend you consult a qualified privacy lawyer to confirm your full compliance posture.
For data-subject requests or privacy questions, contact privacy@uscreen.tv.
π This article is informational and does not constitute legal advice.
Compliance
Uscreen provides tools and infrastructure designed to help you, the Store Owner, comply with data-protection laws that apply to your business and your end users.
End users can permanently delete their accounts, supporting the data-subject rights granted under the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). As the Store Owner, you remain the data controller for your end users and are responsible for your overall compliance program.
βΉοΈ INFO: The GDPR is a law in the European Union that oversees what companies can do with clients' personal information from the European Economic Area (EEA). The CCPA gives California consumers more control over their personal information and what businesses collect about them.
Account Deletion Process
Users can permanently delete their accounts or ask you, as a site Admin, to delete their accounts for them. Whenever a user permanently deletes an account, all of their private information is deleted from Mailchimp, Drip, and your store, including subscriptions, invoices, analytics, etc.
We will disassociate all identifying information and preserve the integrity of as much non-identifying data as we can. This means you will not lose sales history if a user deletes their account, however, you will lose their identifying information (name, email, etc.).
To delete an account, users will have to:
Sign in to their account on your website
Navigate to the User Dashboard: Profile page
Scroll down to the Danger Zone
Click Delete My Account
Confirm and complete the process
π Learn more about Deleting a User's Account
π NOTE: For members who purchased via mobile apps, you should advise them to cancel their in-app subscription first before deleting their account, as app store subscriptions are managed separately.
GDPR Compliance Guidelines
If you run an online business, odds are you have already heard and read about the GDPR, even if you are not in Europe. After this breakthrough law came into effect, other laws like Brazil's LGPD and California's CCPA have been brought forward as well, modeled largely after the GDPR, but each with its own differences.
βΉοΈ INFO: As your service provider (data processor), Uscreen builds and maintains the tools you need to manage your store's data, including personally identifiable information. Compliance responsibility β including determining lawful bases, responding to data-subject requests, and meeting transfer requirements β sits with you as the Store Owner / data controller.
End-users' accounts can be deleted and their information anonymized, aka the "right to be forgotten", from the People area, or the customer can delete their account directly from the Dashboard.
Emails
Emails comply with soft opt-in principles that allow you to send follow-up marketing emails to users who purchased on your site.
π Learn more about the Soft Opt-in Principle
Users are opted into emails when purchasing on Uscreen, but can opt out of any email they receive or directly from their dashboard.
Marketing tools like our Email Broadcast, where a purchase is not made, will show an opt-in checkbox since a prior relationship has not been established.
π Learn more about Email Broadcasts
Our system automatically filters your contacts to safeguard your email reputation. It filters out any contact who hasn't been active or opened any of your emails in 12 months. This precautionary measure helps minimize the likelihood of bounced and spam reports.
π Learn more about Spam Account Prevention & Removal
π NOTE: The opt-in checkbox is a mandatory field on your checkout page and is part of the tooling Uscreen provides to support GDPR-aligned consent capture. It dynamically appears based on the user's geo-location.
Cookie Compliance
Uscreen automatically uses several essential cookies that are necessary for the platform to function properly:
Session tracking: Manages user sessions and login status
Country and IP tracking: Used for location-based features and security
Offer tracking: Applied during checkout processes
Email tracking: Used during checkout processes
You may consider adding a cookie consent pop-up to your site. Since Uscreen does not provide a built-in cookie consent feature, you'll need to implement a third-party solution.
π Learn more about Adding a Cookie Consent Banner
For a complete list of cookies used by Uscreen, please refer to our Essential Cookies at Uscreen article.
Terms & Conditions
All stores have a default terms of service page that users must agree to before making purchases. When users sign up on your website, they must "agree to any terms & conditions" as part of the account creation process before they can continue and complete their purchase.
Similarly, when users sign up through your mobile apps with in-app purchases, they're required to agree to the Terms of Service and Privacy Policy during the account creation step.
π Learn more about the Terms of Service Page
Data Storage and Security
Uscreen implements robust encryption and security protocols:
All data transferred between viewers and our servers is encrypted using the Transport Layer Security (TLS) protocol
Your storefront URL is secured by SSL certificates, ensuring all connections between web servers and customer browsers are encrypted
We provide free SSL certificates for all domains, automatically renewing them
For payment security:
We're PCI DSS compliant and use validated third-party providers like Stripe and PayPal
We don't store, process, or transmit cardholder data on our systems
Additional content protection includes:
Token-signed URLs prevent unauthorized downloads
IP concurrent session limits reduce password sharing
reCAPTCHA protection on sign-in and checkout pages
π Learn more about the Security Settings
Additional Recommendations for Compliance
Update Your Privacy Policy and Terms of Service
Review and update your VOD's privacy policy and terms of service, and consult with legal counsel
Ensure your policy clearly explains how you handle user data and cookies
Review Your Subprocessors
Review third-party subprocessors you're sending data to and determine whether these services are compliant with the GDPR
Set up proper data processing agreements with these services
Implement a Cookie Consent Banner
Add a cookie consent pop-up to inform your customers about tracking cookies
Ensure your banner is visible, accessible, and provides clear choices for users
Create a Data Retention Policy
Establish clear guidelines for how long you retain user data
Regularly review and delete data that's no longer needed
Document Your Compliance Efforts
Keep records of your compliance measures
This documentation can be valuable if you ever face questions about your practices
For more information on GDPR Compliance and Uscreen, check out our Blog post.
π NOTE: Uscreen does not provide legal advice. You should consult qualified legal counsel to confirm your store's compliance obligations under GDPR, UK GDPR, CCPA, and any other applicable data-protection laws.
FAQs
Do I need to comply with GDPR if I'm not based in Europe?
Do I need to comply with GDPR if I'm not based in Europe?
Yes, if you collect and store any EU residents' personal data, that includes anything as simple as processing names and email addresses of customers signing up to your VOD service.
What happens to user data when an account is deleted?
What happens to user data when an account is deleted?
When an account is deleted, all identifying information (name, email, etc.) is permanently removed, supporting your ability to honor data-deletion requests under GDPR and CCPA. Invoices and records will show as "Deleted User" with a number. This process is irreversible, and the data cannot be recovered.
Can I disable specific cookies on my Uscreen site?
Can I disable specific cookies on my Uscreen site?
Uscreen does not currently have a feature to disable specific cookies, so end-users will need to accept the full cookie track or not use the site.
Where is Uscreen user data stored?
Where is Uscreen user data stored?
Uscreen primarily stores data on US-based servers and global CDN servers. We are committed to supporting your compliance with GDPR, UK GDPR, and other applicable data-privacy laws β including by providing the contractual and technical safeguards (DPA, SCCs/transfer mechanism) you need as the data controller.