Introduction

TheiaCast ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard information when you use our digital signage software and services.

Open Source Nature

TheiaCast is open-source software licensed under the GNU Affero General Public License v3.0 (AGPL-3.0). The source code is publicly available on GitHub, and you can review exactly how the software operates. We believe in transparency and encourage users to inspect our code.

Information We Collect

Self-Hosted Deployment

TheiaCast is designed to be self-hosted on your own infrastructure. When you deploy TheiaCast:

All data remains on your servers and under your control
We do not have access to your deployment or data
No telemetry or analytics are sent to external servers
You maintain complete ownership of all information

Data Stored Locally

Your TheiaCast installation stores the following information in your PostgreSQL database:

Device Information: Device IDs, names, authentication tokens, and connection status
User Accounts: Administrator usernames and hashed passwords (using bcrypt)
Content Data: URLs, playlist configurations, and scheduling information
Screenshots: Base64-encoded JPEG images captured from connected displays
Device Logs: System logs from connected client devices
Health Metrics: CPU, memory, and disk usage statistics from devices

Stored Credentials

TheiaCast's auto-authentication feature allows you to store website credentials for automatic login. These credentials are stored in your database in plain text by default. We strongly recommend encrypting sensitive data in production environments.

How We Use Information

Since TheiaCast is self-hosted, "we" in this context refers to your own deployment. Information is used solely for:

Managing and controlling connected digital signage displays
Authenticating users and devices
Delivering content to displays according to configured playlists
Monitoring device health and status
Providing remote control capabilities
Generating screenshots for monitoring purposes

Data Security

TheiaCast implements the following security measures:

Authentication: JWT-based authentication for administrators
Device Tokens: Persistent, rotatable tokens for device authentication
Password Hashing: User passwords are hashed using industry-standard bcrypt
HTTPS Support: Configurable HTTPS for encrypted communication
Two-Factor Authentication: Optional 2FA support for admin accounts

As the system administrator, you are responsible for:

Securing your server infrastructure and network
Implementing SSL/TLS certificates for HTTPS
Regularly updating the software to receive security patches
Encrypting stored credentials if using auto-authentication
Configuring appropriate firewall rules
Backing up your database securely

Third-Party Services

TheiaCast does not integrate with third-party analytics or tracking services. All functionality operates within your own infrastructure. However, content displayed on your digital signage devices may load third-party websites and services according to your playlist configuration.

Chromium Browser

TheiaCast clients use Chromium (via Puppeteer or Playwright) to render web content. Chromium may have its own privacy considerations when displaying web content. We disable automation detection and run in kiosk mode, but Chromium may still perform standard browser functions like DNS lookups, certificate validation, and safe browsing checks.

Data Retention

All data is retained in your database according to your own retention policies. You have full control over data deletion and can remove any information at any time through the admin interface or direct database access.

Your Rights

As the operator of your own TheiaCast installation, you have complete control over all data. You can access, modify, export, or delete any information stored in the system at any time.

Children's Privacy

TheiaCast is designed for business and organizational use. We do not knowingly collect information from children under 13. If you deploy TheiaCast in an environment where children may be present, ensure compliance with applicable laws such as COPPA.

Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be posted on our GitHub repository and website. Since you control your own deployment, you can review the privacy practices of any version by examining the source code.

Open Source Transparency

Unlike proprietary software, TheiaCast's complete source code is available for review at https://github.com/jimmyeao/TheiaCast. We encourage security researchers and privacy advocates to audit our code and report any concerns.

Contact Us

If you have questions about this Privacy Policy or TheiaCast's privacy practices, please contact us through:

GitHub Issues: github.com/jimmyeao/TheiaCast/issues
Email: Via the contact form on our website

Important Note: This privacy policy describes the default behavior of TheiaCast software. As open-source software that you deploy and control, you are responsible for ensuring your specific deployment complies with applicable privacy laws and regulations in your jurisdiction, including GDPR, CCPA, or other relevant legislation.