Who We Are
DriveAds Kiosk is a managed kiosk application for displaying advertising playlists on authorised tablet devices, operated by Northstar Selected.
Information We Collect
DriveAds Kiosk may collect and process the following categories of information:
2.1 Device and Account Identifiers
- Device ID used to provision and authenticate the kiosk.
- Firebase authentication identifier associated with the kiosk device.
2.2 Location Information
- Current latitude/longitude (when location permission is granted and enabled on device).
- Derived operational area, used for selecting the correct playlist and geofence behaviour.
2.3 Operational Telemetry
- Last seen / heartbeat timestamp.
- Network type (e.g. Wi-Fi, mobile, ethernet, none).
- Battery level and charging status.
- App version and build information.
- Playback source and state metadata used for diagnostics.
2.4 Messaging / Push Identifiers
- Firebase Cloud Messaging (FCM) token for remote operational commands and notifications.
2.5 Logs and Events
- Kiosk operational events — for example: boot, area changes, update events, heartbeat failures, activation and deactivation events.
How We Use Information
We use the collected information to:
- Provision and authenticate kiosk devices.
- Deliver the correct media playlist to each kiosk.
- Determine area-based playback behaviour.
- Monitor device health and uptime.
- Perform remote management actions — for example reboot or update flows.
- Troubleshoot failures and improve platform reliability.
- Maintain security and prevent unauthorised access.
Legal Basis
Depending on your jurisdiction, processing is based on one or more of the following:
- Performance of a contract — operating the managed kiosk service.
- Legitimate interests — service reliability, security, and diagnostics.
- Consent — where required, including location permission prompts at device level.
- Compliance with legal obligations.
Data Sharing
We do not sell personal information.
Information may be processed by trusted service providers acting on our behalf, including:
-
Google Firebase services — Authentication, Firestore, Cloud Functions,
and Cloud Messaging.
policies.google.com/privacy
We may also disclose information if required by law or to protect the rights, security, and integrity of the service.
Data Retention
We retain kiosk operational data only as long as reasonably necessary for service operation, diagnostics, contractual obligations, and legal compliance.
Retention periods may vary by data type and customer agreement. To request deletion of data associated with a decommissioned device, contact us using the details in Section 12.
Security
We use reasonable technical and organisational measures to protect information against unauthorised access, loss, misuse, or alteration.
No method of transmission or storage is completely secure, and absolute security cannot be guaranteed. If you become aware of a security concern, please notify us immediately at info@northstars.co.za.
International Transfers
Data may be processed in countries outside your own through our infrastructure providers. Where required, we use appropriate safeguards for cross-border transfers, including Google's standard contractual clauses for Firebase-hosted data.
Your Rights
Depending on your location, you may have rights to:
- Access — request a copy of certain data we hold.
- Correction or deletion — ask us to correct inaccurate data or delete data we no longer need.
- Objection or restriction — object to or request restriction of certain processing activities.
- Portability — receive your data in a machine-readable format where applicable.
- Withdraw consent — where consent is the legal basis, you may withdraw at any time via device settings (e.g. location permission). This does not affect the lawfulness of prior processing.
To exercise any of these rights, contact us at info@northstars.co.za.
South African users have rights under the Protection of Personal Information Act (POPIA). You may lodge a complaint with the Information Regulator of South Africa at inforegulator.org.za.
Children
DriveAds Kiosk is a business and enterprise operational product. It is not directed at children and we do not knowingly collect personal information from anyone under the age of 18. If you believe a child's information has been collected, please contact us and we will promptly delete it.
Changes to this Policy
We may update this Privacy Policy from time to time. Material changes will be reflected by updating the "Last updated" date at the top of this document.
Your continued use of DriveAds Kiosk after changes take effect constitutes your acceptance of the updated policy.
Contact
If you have questions about this policy or our privacy practices, please contact us. We will respond to your request within 30 days.