Blink 5 Media logoBlink 5 Media
Host a screenStart advertising

Legal

Privacy Policy

Last updated · 2026-06-09Privacy PolicyTerms of ServiceCookie PolicyAccessibility

This policy explains what information Blink 5 Media collects, why we collect it, how we use it, and the choices you have. We've written it in plain language so you can actually read it.

§01

Overview

Blink 5 Media operates a local retail-media network: advertisers submit campaigns, store partners host display tablets in their stores, and our operators route approved ads to matching locations. This policy applies to the website at blink5media.com and to every related dashboard, signup flow, and tablet display.

We collect the minimum information needed to run the network. We do not sell personal information, and we do not currently run third-party analytics or advertising trackers on this site.

§02

Information we collect

Account information

When you create an advertiser or store-partner account we collect:

  • Identity: business name, contact name, owner name
  • Contact: email address, phone number, optional website or social link
  • Credentials: a password, which we store as a bcrypt hash. We never store the plain text.
  • Targeting: for advertisers, business category and target ZIP codes
  • Location: for store partners, store address, ZIP code, store type, and expected foot traffic

Campaign and content information

  • Creatives: images you upload (JPG, PNG, WebP, GIF, or sanitized SVG)
  • Campaign metadata: name, caption, plan choice, target ZIPs, approval state
  • Store specials: store-uploaded promotions with title, description, date range, and image

Operational information

  • Display assignments: which campaigns are routed to which stores
  • Approval history: store-level accept/reject decisions and optional rejection notes
  • Server logs: IP address, request path, timestamp, and user agent, used for security and rate limiting

What we do not collect

We do not currently run Google Analytics, Meta Pixel, LinkedIn Insight, or any other third-party analytics or advertising tracker. If we add one in the future, we will update this policy first and update the Cookie Policy in lockstep.

§03

How we use information

We use information to:

  • Operate your account and the campaigns you submit or host
  • Match advertiser campaigns with eligible store locations
  • Send transactional communications about your account, approvals, and status
  • Protect the platform from abuse (rate limiting, fraud detection)
  • Comply with legal obligations and respond to lawful requests
  • Send product updates and pilot news only if you opted in during signup. You can opt out at any time by emailing privacy@blink5media.com.
§04

How we share information

We do not sell personal information. We share it only with:

  • Counterparties on the network, to make the product work, store partners see the advertiser business name, campaign creative, and ZIP targets for ads assigned to their store. Advertisers see store names, neighborhoods, and approval status for ads assigned to those stores.
  • Service providers, infrastructure providers that store data on our behalf, including DigitalOcean (databases and object storage). These providers are bound by their own data protection agreements.
  • Legal authorities, when required by law, court order, or to protect rights, property, or safety.
  • Successors, if Blink 5 Media is acquired or merged, your information may transfer to the successor under the same protections.
§05

Cookies and tracking

We use only strictly necessary cookies. See the Cookie Policy for the complete list. The two cookies we set are:

  • blink5_session, HMAC-signed session token used to keep you signed in. HTTP-only, SameSite=Lax, 14-day expiry.
  • blink5_display_session, pairs a tablet to its store after the display code is entered. HTTP-only, SameSite=Lax, 14-day expiry.

Both cookies are essential to operating the service and do not require consent under most jurisdictions. We do not currently set any analytics, advertising, or third-party cookies.

§06

Data retention

  • Account information: retained while your account is active. If you close your account, we retain core records for up to 90 days for fraud prevention and dispute resolution, then delete or anonymize them.
  • Campaign creatives and store specials: retained while the campaign is active and for 12 months afterward for audit, billing, and dispute resolution.
  • Server logs: retained for up to 30 days, then automatically purged.
§07

How we protect information

  • Encryption in transit: all connections to blink5media.com use HTTPS. Database connections from the application to our managed database use TLS.
  • Encryption at rest: uploaded creatives and database storage are encrypted at rest by our infrastructure provider.
  • Password hashing: passwords are stored as bcrypt hashes with a per-password salt.
  • Session signing: session cookies are HMAC-signed with a server-side secret, never readable by client JavaScript (HTTP-only), and only transmitted on same-site requests (SameSite=Lax).
  • Rate limiting and CSRF: form endpoints check the request Origin to defeat cross-site forgery and apply per-IP rate limits.
  • Upload safety: uploaded SVG files are sanitized server-side before storage to remove scripts and external references.

No system is perfectly secure. If you believe your account has been compromised, please email privacy@blink5media.com immediately.

§08

Your rights and choices

You may at any time:

  • Access the information we hold about you
  • Correct inaccurate information
  • Delete your account and associated personal information
  • Export your campaigns or store data in a portable format
  • Opt out of any optional product or marketing communications
  • Withdraw any consent you previously gave, without affecting the lawfulness of processing based on consent before its withdrawal

To exercise any of these rights, email privacy@blink5media.com. We respond within 30 days.

If you are in the European Economic Area, the United Kingdom, or California, you may have additional rights under GDPR, UK GDPR, or the CCPA / CPRA respectively. Email us and we will honour them.

§09

California residents (CCPA / CPRA)

This section applies in addition to the rest of this policy if you are a California resident. It is provided to comply with the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

Categories of personal information we collect

In the last 12 months we have collected the following CCPA-defined categories of personal information about California residents:

  • Identifiers: name, email address, phone number, business name, IP address, user ID.
  • Commercial information: campaign plan selected, ZIP targets, payout estimates, approval history.
  • Internet or other electronic network activity: request paths, timestamps, user agent, referrer, and other standard server log fields.
  • Geolocation (general): ZIP codes you choose to target or host, and store addresses you provide. We do not collect precise GPS coordinates.
  • Professional or employment information: business category and role (advertiser vs store partner).
  • Audio, electronic, visual: creative images you upload as part of a campaign or store special.

We do not knowingly collect sensitive personal information as defined by CPRA (e.g. government IDs, precise geolocation, racial/ethnic origin, religious beliefs, contents of mail/email/text messages, biometric data) from this site.

Sources of this information

  • Directly from you when you sign up, submit a campaign, or upload a store special.
  • Automatically from your browser when you use the site (server logs).
  • From your authorised counterparts on the network (e.g. a store partner approving an ad you submitted).

Business and commercial purposes

  • Operating accounts, campaigns, and the tablet display network.
  • Communicating with you about your account and approvals.
  • Detecting and preventing fraud, abuse, and security incidents.
  • Complying with legal obligations.
  • Sending optional product or pilot communications, only if you opted in.

Sale and sharing of personal information

We do not sell personal information, and we do not share it for cross-context behavioural advertising, as those terms are defined in the CCPA / CPRA. We have not sold or shared personal information of California residents in the 12 months preceding the date at the top of this policy. Because we do not sell or share, there is no Do Not Sell or Share request mechanism beyond contacting us directly at privacy@blink5media.com.

Your California rights

If you are a California resident you have the right to:

  • Know the categories and specific pieces of personal information we have collected about you, the sources, the business purposes, and the categories of third parties we share with.
  • Delete personal information we hold about you, subject to permitted exceptions (e.g. legal record keeping, fraud detection, security).
  • Correct inaccurate personal information.
  • Opt out of any sale or sharing of personal information. (We do not sell or share, but the right exists.)
  • Limit use of sensitive personal information. (We do not collect sensitive PI from this site, but the right exists.)
  • Non-discrimination. We will not deny service, charge a different price, or provide a different level of service because you exercised any CCPA right.

How to exercise your rights

Email privacy@blink5media.com with the subject line “California Privacy Request” and tell us which right you want to exercise.

Verification. To protect your information, we will verify your identity before we act on any request. We typically do this by asking you to confirm details we already hold (email used to sign up, business name, recent campaign or store activity). If we cannot verify your identity to a reasonable degree of certainty we will tell you and not action the request.

Authorised agents. You may use an authorised agent to submit a request on your behalf. We will require written proof of the agent's authority and may separately verify your identity with you directly.

Response timing. We confirm receipt of verifiable requests within 10 business days and respond substantively within 45 calendar days, extendable once by an additional 45 days where reasonably necessary. We will tell you in writing if we need the extension.

§10

New York residents (SHIELD Act)

This section applies in addition to the rest of this policy if you are a New York resident or you interact with our service from New York. Blink 5 Media operates a retail-media network across the five boroughs of New York City, so most of our operational data touches New York at some point.

SHIELD Act compliance

The New York Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) requires reasonable administrative, technical, and physical safeguards for “private information” of New York residents. We implement the following safeguards, which we keep aligned with the threats we actually face:

  • Administrative: a written internal policy assigning a person responsible for the security programme, periodic risk reviews, role-based access to systems, secrets kept in environment variables and not in source control.
  • Technical: bcrypt password hashing, HMAC-signed HTTP-only session cookies, TLS for connections to blink5media.com and to our managed database, at-rest encryption by our infrastructure provider, CSRF Origin checks on form endpoints, per-IP rate limits on auth and upload routes, server-side sanitisation of uploaded SVG files.
  • Physical: infrastructure (databases and object storage) is hosted in providers' access-controlled data centres. We do not maintain any on-premises storage of customer data.
  • Vendor management: infrastructure providers we use are bound by their own data protection terms, which we have reviewed.

Breach notification

If we discover that “private information” (as the SHIELD Act defines that term) of a New York resident has been acquired or used by an unauthorised person, we will notify affected individuals in the most expedient time possible and without unreasonable delay, consistent with the SHIELD Act and any other applicable breach notification statute. We will also notify the New York Attorney General, the Department of State, and the Division of State Police where required.

New York consumer expectations

New York does not yet have a comprehensive consumer privacy law comparable to California's CCPA/CPRA. The rights listed in §08 (Your rights and choices) above are available to all our users regardless of state. We honour them as a matter of practice, not just where state law currently requires it.

§11

Children

Blink 5 Media is a business-to-business service intended for businesses and store operators. It is not directed at children under 13, and we do not knowingly collect personal information from children under 13. If you believe we have, please contact us and we will delete it.

§12

Changes to this policy

We may update this policy from time to time. When we make material changes we will update the Last updated date at the top of this page and, where the change is significant, notify you by email or by an in-product notice.

§13

Contact us

For privacy questions or requests, contact:

Blink 5 Media (operating entity in formation)
[Registered office address — pending incorporation]
New York, NY
United States
privacy@blink5media.com