Our Japan Privacy Notice is located here

California Consumer Disclosure is located here

At a Glance - Summary of the Privacy Notice

Full details of the Privacy Notice follow this summary table. To further guide your understanding of this Privacy Notice, please review the list of definitions referencing capitalized terms throughout this notice at the end of this page.

FULL PRIVACY NOTICE

To further guide your understanding of this Privacy Notice, please review the list of definitions referencing capitalized terms throughout this notice, at the end of this page.

This Privacy Notice describes how Tapad collects and uses personal information in connection with Services we provide to our Partners and Clients. We process pseudonymous identifiers and do not collect nor create any information that directly identifies an individual. Our Services include the creation and distribution of the the Graph, which maps likely connections between digital identifiers across multiple digital devices and processing digital identifiers and related data on behalf of our Clients.

Tapad is a member of the Network Advertising Initiative and adheres to the NAI Code of Conduct, which is designed to ensure compliance with responsible data collection and use practices. We also participate in the Digital Advertising Alliance self-regulatory program and adhere to the DAA Principles for Online Behavioral Advertising.

Should you have any questions or concerns regarding our use or collection of information, please review this notice in detail. For any data access or data deletion requests, please visit Tapad’s Consumer Rights Request Portal here.

Our Privacy Principles

The following principles guide us in our data collection, usage, protection, and product development throughout our product life cycle, and help guide this Privacy Notice:

1. Notice and Transparency: We explain the information we’re collecting and why.
2. Offer Meaningful Choice: Consumers can easily opt-out of the Graph and related services powered by Tapad.
3. Data Minimization: We minimize the amount of data that we collect, process and store, and do not collect information that directly identifis an individual person.
4. Data Protection: We follow reasonable practices to ensure personal information is secured and operates in accordance with the requirements of the International Organization for Standardization ISO standard ISO/IEC 27001:2013.

Each of the four principles described above are explained in more detail below.

1. Notice and Transparency

In order to establish connections between devices and provide the Services and the Graph to Clients and Partners, we collect and store information from devices as described further in this notice.

Tapad collects and uses information from its own, and Third Party websites and applications, in connection with the Services that we provide to Partners and Clients, such as advertisers, agencies, marketers, and technology firms. Tapad observes signals generated from internet activity received from devices and uses various processing logic to establish likely connections and groups together unique Identifiers that are likely associated. The associated Identifiers may include pseudonymized identifiers that are associated with mobile applications on both smartphones and tablets, web browsers across various devices, and connected TVs or applications on connected TVs.

We collect information as users browse the internet, and we use common tools such as Cookies, SDKs and web server logs (more information is available below).

The signals that we use in our Services (creating likely connections between identifiers) are as follows:

• Unique Identifiers: These can come in multiple forms of pseudonymized identifiers like browser Cookies, CTV IDs, Mobile Ad IDs which are associated with app usage such as IDFAs for iOS, and Android Ad IDs for Android; other device IDs associated with devices connected to the internet, such as televisions or mobile game systems; or hashed emails or other authentication or probabilistic-based identifiers. These unique IDs allow Tapad to distinguish one technology from another.
• Timestamps: Indicates the time the device was last sighted.
• User Agent Strings: a string of information about the context of the user requesting content, typically including type of browser, device type, operating system, model or version number, and screen size.
• IP addresses: Internet Protocol address and generalized data that can be extrapolated from an IP address (e.g., we may be able to determine a general user location but not more defined than a postal code level).
• Hashed web address (aka URLs) or app IDs: hashed web page or mobile application where a user is browsing that is obscured upon ingress into Tapad systems and incapable of being reversed to an unhashed state.

We collect information in the following ways:

• In a web browser, Tapad, our Clients and/or our Partners may include Data Collection Code such as pixels, JavaScript, or other HTML elements that sends data to our servers.
• In mobile and connected TV applications, we, our Clients and/or Partners may include Data Collection Code such as SDKs, pixels, JavaScript, or other HTML elements that sends data to our servers.
• The data sent to our servers by the Data Collection Code allows us to track the digital identifiers associated with a particular device as it accesses a website or application, and we use this data to create the Graph.
• Our Data Collection Code may also collect data at the direction of our Clients in order to provide data processing Services. This Client data is controlled by our Clients and is not used by the Graph. Client data may include digital identifiers, information about the content you view and actions you take when you visit a website, and/or information about the ads you were served, viewed or clicked on.
• We may also exchange data directly with partners using APIs, batch files, and other means.

We do not use or permit our Clients or Partners to send us:

• Precise Location Data
• Any information that may directly identify or re-identify an individual, such as name, address, clear text email address, clear text phone number, clear text username, login IDs, user passwords, or government-issued identifiers such as social security number or drivers license number
• Demographic information

Collected information is used by Tapad only to:

• Evaluate the probability and nature of connections between devices
• Cluster probabilistically associated devices and Pseudonymized IDs and group them at different confidence levels
• Understand high level device attributes such as the make, model, operating system, country, or city of where the device is being used
• Share this aggregate information with Third Parties

Tapad also receives data, such as matching IDs, from Partners and Clients for the purpose of matching our Partners’ and Clients’ existing customers or their otherwise known IDs to IDs in Tapad’s Graph. Matching IDs may represent device IDs, underlying Cookie IDs, customer IDs, or pseudonymous IDs outlined in this notice that are meaningful to the Partner or Client and are recognized only as another pseudonymous identifier in Tapad’s systems.

Tapad requires that Partners and Clients obscure and protect all Matching IDs before sending them to Tapad, such that the underlying data is either meaningless to Tapad or is encrypted such that Tapad has no ability to access the underlying data. Matching IDs may be used for the purpose of the Graph management and for Tapad’s Services.

Some data in the Graph, including IP Address and User Agent string, is enriched with data provided by Partners. The enriched data is used for associating metadata such as country, city or postal code, the type of internet connection being used, and the general make and model of a device. Any location information provided by these partners is not more specific than a postal code.

Tapad does not collect, and prohibits all Partners from transmitting, data of anyone under sixteen (16) years of age.

Categories of recipients and usage

As described in this Privacy Notice, we sell (as defined under applicable privacy law) and share the data that we maintain in the Graph to our Clients and our Partners.

Categories of our Clients and Partners are:

• Advertisers
• Advertising agencies
• Marketers
• Technology platforms
• Market research firms
• Telecommunications companies

The Graph may be used by our Partners and Clients to:

• Provide targeted advertising to users
• Personalize website or app content to users
• Provide measurement insights, and provide reporting back to Clients and Partners, including statistical reporting in connection with the activity on a website, optimization of location of ad placement, ad performance, reach and frequency metrics
• Perform marketing research and analytics, such as user journey mapping
• Understand device information such as type of device, OS, age of device, country or region of the device extrapolated information from IP address, general usage on WiFi or cellular network
• Marketing and advertising analytics
• Create and model audience segments

Countries of Transfer

Our Clients, Partners and service providers are located across the globe in North America, Asia Pacific, Latin America, the UK and Europe. However, please note Tapad no longer operates in, and does not engage in data transfers from the UK, EU, EEA, or Switzerland.

2. Offer Meaningful Choice

Tapad provides all consumers with certain privacy rights, including confirmation regarding whether Tapad processes your personal information, the right to access your personal information, the right to portability, the right to delete your personal information, and the right to opt-out of the sale of your personal information and use of your personal information for targeted advertising. To exercise your privacy rights, click the “Opt-out” or “Do Not Sell My Personal Information” buttons displayed on this page to access Tapad’s Consumer Rights Request Portal. All requesters will be asked to certify that any information provided to Tapad originates from a device owned by the requester. Except for requests to opt-out, Tapad will provide a certification form to complete at the time of the request. All information provided for the purpose of exercising your consumer rights will only be used for the sole purpose of responding to your consumer rights request.

In certain states, you may opt-out of personal information sales and targeted advertising by broadcasting an Opt-Out Preference Signal. Tapad recognizes the Global Privacy Control (GPC) on the browsers and/or browser extensions that support such a signal. If you choose to use the GPC signal, you will need to turn it on for each supported browser or browser extension you use. Your request to opt-out will be linked to your browser identifier only, unless it is already linked to other personal information.

If you would like to opt-out of Tapad Services by device type, you may do so as described in this section.

Web browsers, mobile apps and connected TV apps operate with different Identifiers even though they may be on the same device. Because web browsers, mobile apps and connected TV apps have different Identifiers, you may need to opt-out of each separately.

When you opt out via one Identifier that is contained in the Graph, that Identifier will be opted out in perpetuity. If we have other device Identifiers associated with that ID in the Graph, we will automatically remove all other related Identifiers which Tapad deems to be associated to that ID from our products and services for sixty (60) days unless we believe the opted out Identifier is no longer associated with the other device Identifiers, at which point if the other Identifiers have not been opted out and are seen again through Tapad systems, those Identifiers will follow our standard data ingress rules. If we have not probabilistically associated your other Identifiers in the Graph, then we cannot remove these other Identifiers as described.

Therefore, to ensure your opt-out choices for every device you would like to opt-out are honored in perpetuity, the opt-out process must be performed on each device and browser from which you choose to be opted out. For example, if you want to opt-out your computer browser as well as your mobile device browser, and we do not have the two as associated browsers, you will need to follow the guidance in this notice on both your computer browser as well as your mobile device browser and mobile device settings.

If you are interested in opting out on your computer or mobile web browser, please visit the NAI’s “Web Browser Opt-out” section below or opt out here. If you are interested in opting out on your mobile device, please visit the “Mobile Application Opt-out” section below. All of our Clients and Partners are obligated to promptly discard IDs that have been opted out of Tapad data processing upon receipt of refreshed Tapad data.

Web Browser Opt-out

If you would like Tapad to stop collecting device data for the Graph and our associated Services, please click on our Opt-out link displayed on this page.

You may also opt-out from other companies’ data collection practices via the NAI’s opt-out page here or the DAA’s opt-out page here.

We make the best effort to provide a persistent opt-out for all web-based environments.

IMPORTANT INFORMATION ABOUT WEB BROWSER OPT-OUT COOKIES:

• For web browsers, your Tapad opt-out preference is stored in a third-party cookie. If your web browser cookies are cleared, Tapad will no longer recognize your device as being opted-out and you will need to opt-out again.
• If your web browser settings are not configured to allow third-party cookies to be stored (which may be a default setting in browsers such as Safari and Firefox), your Tapad opt-out preference cannot be stored. In this case, please visit Tapad’s Consumer Rights Request Portal here.
• Tapad’s opt-out tools require JavaScript to be enabled in your web browser in order to manage your opt-out preferences. If your web browser settings do not allow JavaScript, your opt-out preference cannot be set. In this case, please visit Tapad’s Consumer Rights Request Portal here.

Mobile Application Opt-out

As mentioned previously, if your mobile ID is associated with the web browser opt-out described above, it will be included in the opt-out. However, if it is not associated, then the steps below will apply.

If you would like Tapad to stop collecting device data for the Graph and our associated Services, for your mobile application, please download the DAA’s AppChoice tool here for your mobile Operating System and opt-out through the application.

Email Opt-out

Tapad only receives and uses emails in hashed form from its Partners, without any connection to an identifiable individual. If you would like Tapad to stop collecting device data for the Graph and our associated Services, please visit the NAI’s “Audience Matched Advertising Opt Out” page here to enter your email, and choose Tapad from the list.

Alternatively, you can also opt your email address out through the DAA’s tool via your web browser here or by downloading the DAA’s AppChoice application tool to your mobile device’s Operating System and exercising your choice through the Internet Based Advertising opt-out tool by following the directions which require choosing the “Token-Based Choice” option within the application, selecting Tapad, and entering your email address).

IP Address Opt-out

Tapad’s Services may include IP addresses as part of our probabilistic identifiers to extrapolate general user location, but not more defined than a postal code level. Your computer or other mobile devices connected to the internet via Wi‑Fi or mobile networks are assigned an IP address from a network internet provider. Your computer or other mobile device’s IP address may change over time, or as you change locations. Please note, public IPv4 addresses rotate between households on an infrequent basis depending on the internet service provider, and Tapad will opt-out the IP address registered for the twelve (12) months from when your request was submitted.

If you would like Tapad to stop collecting IP address data for the Graph, please visit Tapad’s Consumer Rights Request Portal here for your opt-out request.

Connected TV Opt-out

Tapad’s Services may collect or use data from connected TV devices. You may opt-out using the IP address opt-out tool mentioned above by visiting Tapad’s Consumer Rights Request Portal here for your opt-out request. You can find more information through the NAI’s CTV Choices page here for consumer choice mechanisms on various connected devices.

Manage Your Device Settings

In addition, you may also manage your privacy preferences on your mobile device by adjusting your advertising preferences within your device settings. For example:

• To adjust your advertising preferences in iOS (version 12.4 and earlier), visit Settings > Privacy > Advertising > Limit Ad Tracking or Settings > Privacy > Advertising > Reset advertising ID. For version 14.5 and later, please visit Apple Support here.
• To adjust your advertising preferences in Android, visit Settings > Google > Ads > Opt out of interest-based ads or Settings > Google Services & Preferences > Ads > Opt out of Ads Personalization

Tapad as a Processor/Service Provider

To provide our services, we may process personal information we receive from or on behalf of our Clients. When we do so, we act as a processor or service provider on behalf of our Client who determines the purpose and means of the processing. Tapad processes this information only as necessary to provide our Services and at our Client’s direction. The privacy policy of our Client and our contractual agreement with them governs the processing of this personal information. To exercise any privacy rights in relation to personal information we may process as processor or service provider, please contact the relevant business who collected the personal information or on whose behalf this information was collected.

3. Data Minimization

We only collect data needed to provide our Services as described under the “Notice and Transparency” section of this Privacy Notice. Furthermore, we discard data that we may otherwise receive that is not used for providing our Services as described.

Tapad does not retain device-level data in the form that it is received from devices for any longer than necessary, at a maximum of ninety (90) days from the date Tapad receives the data. However, Tapad may receive device-level data from its Clients or Partners with longer look-back windows with respect to the date the data was collected, with a maximum lookback window of thirty-six (36) months. For example, a device Identifier may have been received by Tapad on June3, 2024 from a Tapad Partner, however, that device Identifier may have been collected by the Tapad Partner on September 1, 2021. Given our aforementioned look-back window of thirty-six (36) months from the date the device-level data was collected, Tapad will not retain the device Identifier beyond September 1, 2024, which also aligns with our ninety (90) day retention from receipt of data.

We contractually require all of our Clients and Partners to only use the latest Graph build, which incorporates recent opt-outs. Aggregate reports by Clients or Partners generated from this information may also be kept longer.

We actively reevaluate our data retention policies on a regular basis to ensure that we only store data as needed to continue to deliver our product to our Clients.

4. Protect Data

Tapad takes significant steps to protect the security of the information that we collect. To that end, we have designed and deployed hardware, software and networking solutions in an effort to reasonably secure and protect access to our systems and data. Tapad’s Information Security Management System (“ISMS”) operates in accordance with and is certified to the requirements of ISO standard ISO/IEC 27001:2013. Tapad has also completed the AICPA Service Organization Control (SOC) 2 Type 2 audit for their Graph solution. The audit affirms that Tapad’s information security practices, policies, procedures, and operations meet the SOC 2 standards for security, availability, and confidentiality.

However, no data security measures can be guaranteed to be completely effective. Consequently, we cannot ensure or warrant the security of any Graph data or other information. In particular, we cannot guarantee that the Graph data or other information will not be disclosed, altered, or accessed in accidental circumstances or by unauthorized or unlawful acts of others.

Legal and Other Disclosures

We may share Personal Information when we believe such action is appropriate to comply with the law (e.g., legal process or a statutory authorization); to enforce or apply our customer agreements; to initiate, render, bill, and collect for Services; to protect our rights or property, or to protect users of those Services from fraudulent, abusive, or unlawful use of, or subscription to, such Services; or if we reasonably believe that an emergency involving immediate danger of death or serious physical injury to any person requires disclosure of communications or justifies disclosure of information without delay.

Tapad Website Data

In addition to the data we collect for the Services we provide, we also collect information you explicitly provide to the Tapad sites (www.tapad.com) with your consent. In this instance, in addition to collecting data for the purposes listed above, we may also collect user registration information from Tapad sites (www.tapad.com), such as when you sign up for our email newsletter. Data would also be collected when a consultation or meeting is requested or when available marketing material is downloaded from our site.

This might include our business Clients’ or prospects’ names, email addresses, company information, title, countries, and phone numbers, and information on which Services they are interested in. We do not sell or rent data collected from our websites, but we may provide it to Third-Party service providers such as Customer Relationship Management (“CRM”) platforms as necessary to conduct our business operations. In addition to the data collected for our marketing purposes, we also receive and store Personal Information that would be covered under our Services from these website visits so that we can improve our Tapad Services and to analyze our own Client base.

THE ENTITY MAINTAINING THIS WEBSITE IS A DATA BROKER UNDER TEXAS LAW. TO CONDUCT BUSINESS IN TEXAS, A DATA BROKER MUST REGISTER WITH THE TEXAS SECRETARY OF STATE (TEXAS SOS). INFORMATION ABOUT DATA BROKER REGISTRANTS IS AVAILABLE ON THE TEXAS SOS WEBSITE.

The entity maintaining this website is a data broker under Texas law. To conduct business in Texas, a data broker must register with the Texas Secretary of State (Texas SOS). Information about data broker registrants is available on the Texas SOS website.

Contact Details

Tapad, Inc.

261 Madison Avenue, 4th Floor, New York, NY 10016

You can also contact our Privacy Team by using Tapad’s Consumer Rights Request Portal here. For inquiries not related to request of data access, data deletion, or opt-outs, you may email privacy@tapad.com.

Change of Control

If we undergo a sale, merger, transfer, exchange or other disposition (whether of assets, stock or otherwise) of all or a portion of our business, information we have collected or otherwise acquired may be one of the assets transferred.

Definitions

• "Affiliates” are entities controlling, controlled by, or under common control with Tapad
• “Clients” refer to companies that purchase our product, the Graph. Our Clients include companies that buy advertising, advertising technology companies, companies that engage in marketing, advertising and marketing agencies, market research firms, and market analytics firms
• “Cookie” is a small piece of data that is stored on your computer by a web browser during internet usage that can then, for example, be used to uniquely identify your browser
• “Consumer” means a natural person who may be identifiable by data that identifies, relates to, describes, is capable of being associated with, or may reasonably be linked, directly or indirectly, with a particular consumer or household, as described in the definition of “Personal Information” below
• “Customer Relationship Management” (CRM) are platforms that help manage a company’s interaction with users of their services and/or websites
• “Data Collection Code” means any code, pixels, cookies, links or scripts used by Tapad to collect data across digital properties, including websites and mobile applications.
• “Hashed” or “hashing” means a one-way mathematical function that turns data into a string of nondescript text that cannot be reversed or decoded.
• “HTML elements” are code snippets interpreted by web browsers to render web pages, interface with the browser itself, and communicate with remote servers
• “Identifier” or “ID” is a sequence of characters used or assigned to identify or refer to a device
• “IP address” or “Internet Protocol address” is a unique series of numbers that identifies a computer, mobile device, or online service on a network. Your computer or other mobile device’s IP address may change over time, or as you change locations.
• “Mobile Ad ID” is a set of digits that is assigned to a mobile device by the manufacturers of mobile devices. These are specifically for advertising and marketing purposes (different from a hardware ID) that may be reset. For iOS systems made by Apple, this is an IDFA, and for Android systems this is AAID
• “Obfuscation” is the action of making something obscure, unclear, or unintelligible
• “Operating System” or “OS” is software that controls the operation of a computer or device and directs the processing of programs (as by assigning storage space in memory and controlling input and output functions)
• “Partner” is an entity that which Tapad has a contractual business relationship, and includes Tapad Affiliates
• “Personal Information” is data that identifies, relates to, describes, is capable of being associated with, or may reasonably be linked, directly or indirectly, with a particular Consumer or household
• “Personalization” is the act of designing or tailoring a user’s online experiences to meet individual preferences
• “Pixel” in this context is an HTML image element used by a website or Third Party to send data to their servers
• “Precise Location Data”, as defined by the NAI, is information that describes the precise geographic location of a device derived through any technology that is capable of determining with reasonable specificity the actual physical location of a person or device, such as GPS level latitude-longitude coordinates or location-based Wi-Fi triangulation. Generally, the use of two or fewer decimal places in latitude-longitude data is equivalent to knowing the location to the area of a circle with a radius greater than 500 meters
• “Pseudonymization” is a data management and de-identification procedure by which information fields within a data record are replaced by one or more artificial Identifiers, or Pseudonyms
• “Services” means the products, services, and features that Tapad provides to its customers, including but not limited to the Graph (as defined below)
• “SDKs” is an acronym for Software Development Kits. An SDK is a set of code that is embedded directly in Partner mobile applications
• “The Graph” is Tapad’s proprietary technology used to establish probabilistic connections between your Pseudonymized Identifiers
• “Third Party” or “Third-party” is an entity other than Tapad or the Consumer
• “User Agent String” is a string of information about the context of the user requesting content, typically including type of browser, device, Operating System, and other information

Privacy Notice Changes

Tapad may modify this Privacy Notice at any time at its sole discretion. Use of information collected by Tapad now is subject to the Privacy Notice in effect at the time such information is used. Changes to the Privacy Notice shall be announced by posting the updated Privacy Notice on the Tapad Site. Changes to this Notice will be reflected in the “Last Updated” date above.