Updated: Mar 28, 2023, effective on Mar 28, 2023
Our Japan Privacy Notice is located here
California Consumer Disclosure is located here
At a Glance - Summary of the Privacy Notice
Full details of the Privacy Notice follow this summary table. To further guide your understanding of this Privacy Notice, please review the list of definitions referencing capitalized terms throughout this notice, at the end of this page.
|Who we are||Tapad, Inc. (“Tapad”) is a technology company that provides Services to connect digital identifiers and related data. Our Clients use our Services for marketing purposes including tailored advertising, marketing, measurement, analytics, and research.|
|What we do||Tapad collects and uses information as described further in this Privacy Notice in connection with the Services we provide to Clients and Partners. Tapad’s Services include creating and distributing the Tapad Graph to our Clients and processing digital identifiers and related data on behalf of our Clients. The Tapad Graph is a Service that maps likely connections between digital identifiers across multiple devices. We do not collect or create any information that directly identifies an individual.|
|Tapad’s Role||In the creation of the Tapad Graph, Tapad determines the purpose and means of the processing of data that is collected and stored by Tapad. Tapad’s Partners and Clients separately determine the purpose and means of processing of any data that Tapad processes on their behalf.|
|What we collect||
Tapad collects information as users access websites and applications on their devices. We only collect information that is necessary to provide our Services. The information we collect includes the following:
|What we do not collect||
We do not collect or store information such as the following:
We do not collect any information that directly identifies an individual.
|Where||This Privacy Notice relates to processing globally, with the exception of the United Kingdom, European Union and European Economic Area (“UK”, “EU” and “EEA”, respectively) and Japan. Please note Tapad does not create or offer products in the UK, EU, and EEA. For information about processing activities in Japan please see our Japanese privacy notice available here.|
|Why (purpose)||We use our technologies to describe likely connections between digital device identifiers on devices including smartphones, tablets, computers, and internet-connected TVs. This data is used by our Clients for marketing purposes such as more tailored advertising, marketing measurement, analytics, and research. We may also process digital identifiers and other related data on behalf of our Clients for their own purposes.|
|Your Rights & Options||
You may click the “Opt-out” or “Do Not Sell My Personal Information” button, which operate in the same way, displayed on this page.
Opting out of Tapad through any of the mechanisms described above will have the same effect with respect to the Tapad Graph.
For data access requests or data deletion requests, please visit Tapad’s Consumer Rights Request Portal here. Please note that we will need your Cookie, Mobile Ad IDs, and/or Email in order to identify your devices in our systems. All information provided for the purpose of consumer rights access or deletion will only be used for the sole purpose of identifying your device in Tapad’s systems.
FULL PRIVACY NOTICE
To further guide your understanding of this Privacy Notice, please review the list of definitions referencing capitalized terms throughout this notice, at the end of this page.
This Privacy Notice describes how Tapad collects and uses information in connection with the services (the “Services”) we provide to our Partners and Clients. We do not collect nor create any information that directly identifies an individual. Our Services include the creation and distribution of the Tapad Graph (“the Graph”), which maps likely connections between digital identifiers across multiple digital devices and processing digital identifiers and related data on behalf of our Clients.
Tapad is a member of the Network Advertising Initiative and adheres to the NAI Code of Conduct, which is designed to ensure compliance with responsible data collection and use practices. We also participate in the Digital Advertising Alliance self-regulatory program and adhere to the DAA Principles for Online Behavioral Advertising.
Should you have any questions or concerns regarding our use or collection of information, please review this notice in detail. For any data access or data deletion requests, please visit Tapad’s Consumer Rights Request Portal here.
Our Privacy Principles
The following general principles guide us in our data collection, usage, protection, and product development throughout our product life cycle, and help guide this Privacy Notice:
- Notice and Transparency: We explain the information we’re collecting and why.
- Offer Meaningful Choice: Consumers can easily opt-out of the Tapad Graph and related services powered by Tapad.
- Data Minimization: We minimize the amount of data that we collect, process and store, and do not collect information that is directly identifiable to an individual person.
- Data Protection: We follow reasonable practices to ensure all user data is secured and operates in accordance with the requirements of the International Organization for Standardization ISO standard ISO/IEC 27001:2013.
Each of the four sections described above are explained in more detail below.
1. Notice and Transparency
In order to establish connections between devices and provide the Services and Tapad Graph to Clients and Partners, we collect and store information from devices as described further in this notice.
Tapad collects and uses information from its own and Third Party websites and applications, and in connection with the Services that we provide to Partners and Clients such as advertisers, agencies, marketers, and technology firms. Tapad observes signals generated from internet activity received from devices and uses various processing logic to establish likely connections and groups together unique Identifiers that are likely associated. The associated Identifiers may include pseudonymized identifiers that are associated with mobile applications on both smartphones and tablets, web browsers across various devices, and connected TVs or applications on connected TVs.
We collect information as users browse the internet, and we use common tools such as Cookies, SDKs and web server logs (more information is available below).
The signals that we use in our Services (creating likely connections between identifiers) are as follows:
- Unique Identifiers: These can come in multiple forms of pseudonymized identifiers like browser Cookies, Mobile Ad IDs which are associated with app usage such as IDFAs for iOS, and Android Ad IDs for Android; other device IDs associated with devices connected to the internet, such as televisions or mobile game systems; or hashed emails or other authentication or probabilistic-based identifiers. These unique IDs allow Tapad to distinguish one browser or device from another.
- Timestamps: Indicate the time the device was recognized.
- User Agent Strings: a string of information about the context of the user requesting content, typically including type of browser, device type, operating system, model or version number, and screen size.
- IP addresses: Internet Protocol address and generalized data that can be extrapolated from an IP address (e.g., we may be able to determine a general user location but not more defined than a postal code level).
- Web address (aka URLs) or app IDs: web page or mobile application where a user is browsing.
We collect information in the following ways:
- The data sent to our servers by the Data Collection Code allows us to track the digital identifiers associated with a particular device as it accesses a website or application, and we use this data to create the Graph.
- Our Data Collection Code may also collect data at the direction of our Clients in order to provide data processing Services. This Client data is controlled by our Clients and is not used by the Graph. Client data may include digital identifiers, information about the content you view and actions you take when you visit a website, and/or information about the ads you were served, viewed or clicked on.
- We may also exchange data directly with partners using APIs and/or batch files.
We do not use or permit our Clients or Partners to send us:
- Precise Location Data, such as your exact location at any given time
- Any information that may directly identifying or re-identify an individual, such as name and address, clear text email address, clear text phone number, clear text username, Social Security Number or government ID information, GPS data, or cell site data
- Demographic information
Collected information is used by Tapad only to:
- Evaluate the probability and nature of connections between devices
- Cluster probabilistically associated devices and Pseudonymized IDs and group them at different confidence levels
- Understand high level device attributes such as the make, model, operating system, country, or city of where the device is being used
- Share this aggregate information with Third Parties
We also use Google and Amazon cloud-based storage and processing systems. Google and Amazon are bound by our written instructions as to how to process Tapad data, do not read or modify any Tapad data, nor Client or Partner data, except as otherwise directed by us.
Tapad also receives matching IDs from Partners and Clients for the purpose of matching existing customers or otherwise known IDs to IDs in Tapad’s Graph. Matching IDs may represent device IDs, underlying Cookie IDs, customer IDs, or pseudonymous IDs outlined in this notice that are meaningful to the Partner or Client and are recognized only as another pseudonym in Tapad’s systems.
Tapad requires that Partners and Clients obscure and protect all Matching IDs before sending them to Tapad, such that the underlying data is either meaningless to Tapad or is encrypted such that Tapad has no ability to access the underlying data. Matching IDs may be used for the purpose of Tapad Graph management and for Tapad’s Services.
Some data in the Tapad Graph, including IP Address and User Agent string, is enriched with data provided by Partners. The enriched data is used for associating metadata such as country, city or postal code, the type of internet connection being used, and the general make and model of a device. Any location information provided by these partners is not more specific than a postal code.
Categories of recipients and usage
As described in this Privacy Notice, we share the data that we maintain in The Tapad Graph with our Clients and our Partners.
Categories of our Clients and Partners are:
- Advertising agencies
- Technology platforms
- Market research firms
- Telecommunications companies
The Tapad Graph may be used by our Partners and Clients to:
- Provide targeted advertising to users
- Personalize website or app content to users
- Provide measurement insights, and provide reporting back to Clients and Partners, including statistical reporting in connection with the activity on a website, optimization of location of ad placement, ad performance, reach and frequency metrics
- Perform marketing research and analytics, such as user journey mapping
- Understand device information such as type of device, OS, age of device, country or region of the device extrapolated information from IP address, general usage on WiFi or cellular network
- Marketing and advertising analytics
- Create and model audience segments
Countries of Transfer
Our Clients, Partners and service providers are located across the globe in North America, Asia Pacific, Latin America, the UK, European Union and the European Economic Area. Please note Tapad does not engage in the data transfers from the UK, EU, or EEA.
2. Offer Meaningful Choice
If you would like to opt-out of Tapad Services, you may do so as described in this section.
Web browsers, mobile apps and connected TV apps operate with different Identifiers even though they may be on the same device. Because web browsers, mobile apps and connected TV apps have different Identifiers, you may need to opt-out of each separately.
When you opt out via one Identifier that is contained in the Tapad Graph, that Identifier will be opted out in perpetuity. If we have other device Identifiers associated with that ID in the Tapad Graph, we will automatically remove all other related Identifiers which Tapad deems to be associated to that ID from our products and services for sixty (60) days, at which point if the other Identifiers have not been opted out and seen again through Tapad systems, those Identifiers will follow our standard data ingress rules. If we have not probabilistically associated your other Identifiers in the Tapad Graph, then we cannot remove these other Identifiers as described here.
Therefore, to ensure thorough opt-out choices are honored, the opt-out process must be performed on each device and browser from which you choose to be opted out. For example, if you want to opt-out your computer browser as well as your mobile device browser, and we do not have the two as associated browsers, you will need to follow the guidance in this notice on both your computer browser as well as your mobile device browser and mobile device settings.
If you are interested in opting out on your computer or mobile web browser, please visit the “Web Browser Opt-out” section below or opt out here. If you are interested in opting out on your mobile device, please visit the “Mobile Application Opt-out” section below. All of our Clients and Partners are obligated to promptly discard IDs that have been opted out of Tapad data processing upon receipt of refreshed Tapad data.
Web Browser Opt-out
If you would like Tapad to stop collecting device data for the Tapad Graph and our associated Services, please click on our Opt-out link displayed on this page.
You may also opt-out from other companies’ data collection practices via the NAI’s opt-out page here or the DAA’s opt-out page here.
We make the best effort to provide a persistent opt-out for all web-based environments.
PLEASE NOTE: In the web browser environment, do not just delete Cookies from your browser. The Tapad web browser opt-out works by replacing your unique Cookie ID with a generic opted-out value. Thus, if you attempt to opt-out by clearing Cookies, or deleting your devices’ content cache, Tapad will not be able to recognize your device as opted out, and if you subsequently visit one of Tapad’s website Partners, you may then create a new Tapad Cookie, which may then be included in the Tapad Graph.
IMPORTANT INFORMATION ABOUT WEB BROWSER OPT-OUT COOKIES:
- For web browsers, your Tapad opt-out preference is stored in a third-party cookie. If your web browser cookies are cleared, Tapad will no longer recognize your device as being opted-out and you will need to opt-out again.
- If your web browser settings are not configured to allow third-party cookies to be stored (which may be a default setting in browsers such as Safari and Firefox), your Tapad opt-out preference cannot be stored. In this case, please visit Tapad’s Consumer Rights Request Portal here.
Mobile Application Opt-out
As mentioned previously, if your mobile ID is associated with the web browser opt-out described above, it will automatically be included in the opt-out. However, if it is not included, then the steps below will apply.
If you would like Tapad to stop collecting device data for the Tapad Graph and our associated Services, for your mobile application, please download the DAA’s AppChoice tool here for your mobile Operating System and opt-out through the application.
Tapad only receives and uses emails in hashed form from its Partners, without any connection to an identifiable individual. If you would like Tapad to stop collecting device data for the Tapad Graph and our associated Services, please visit the “Audience Matched Advertising Opt Out” page here to enter your email, and choose Tapad from the list.
Alternatively, you can also opt your email address out through the DAA’s tool via your web browser here or by downloading the DAA’s AppChoice application tool to your mobile device’s Operating System and exercising your choice through the Internet Based Advertising opt-out tool by following the directions which require choosing the “Token-Based Choice” option within the application, selecting Tapad, and entering your email address).
IP Address Opt-out
Tapad’s Services may include IP addresses as part of our probabilistic identifiers to extrapolate general user location, but not more defined than a postal code level. Your computer or other mobile devices connected to the internet via Wi‑Fi or mobile networks are assigned an IP address from a network internet provider. Your computer or other mobile device’s IP address may change over time, or as you change locations. Please note, public IPv4 addresses rotate between households on an infrequent basis depending on the internet service provider, and Tapad will opt-out the IP address registered for the twelve (12) months from when your request was submitted.
If you would like Tapad to stop collecting IP address data for the Tapad Graph, please visit Tapad’s Consumer Rights Request Portal here for your opt-out request.
Connected TV Opt-out
Tapad’s Services may collect or use data from CTV devices. You may opt-out using the IP address opt-out tool mentioned above by visiting Tapad’s Consumer Rights Request Portal here for your opt-out request. You can find more information through the NAI’s CTV Choices page here for consumer choice mechanisms on various connected devices.
Manage Your Device Settings
In addition, you may also manage your privacy preferences on your mobile device by adjusting your advertising preferences within your device settings. For example:
- To adjust your advertising preferences in iOS (version 12.4 and earlier), visit Settings > Privacy > Advertising > Limit Ad Tracking or Settings > Privacy > Advertising > Reset advertising ID. For version 14.5 and later, please visit Apple Support here.
- To adjust your advertising preferences in Android, visit Settings > Google > Ads > Opt out of interest-based ads or Settings > Google Services & Preferences > Ads > Opt out of Ads Personalization
If you are writing for other requests than opt-outs, please visit our Consumer Rights Request Portal here.
3. Data Minimization
We only collect data needed to provide our Services as described under the “Notice and Transparency” section of this Privacy Notice. Furthermore, we discard data that we may otherwise receive that is not used for providing our Services as described.
Tapad does not retain device-level data in the form that it is received from devices for any longer than necessary, at a maximum of ninety (90) days from the date Tapad receives the data. However, Tapad may receive device-level data from its Clients or Partners with longer look-back windows with respect to the date the data was collected, with a maximum lookback window of fourteen (14) months. For example, a device Identifier may have been received by Tapad on August 1, 2022 from a Tapad Partner, however, that device Identifier may have been collected by the Tapad Partner on September 1, 2021. Given our aforementioned look-back window of fourteen (14) months from the date the device-level data was collected, Tapad will not retain the device Identifier beyond November 1, 2022, which also aligns with our ninety (90) day retention from receipt of data. We retain device-level data we summarize and/or otherwise transform and aggregate from its original form for as long as necessary for our product-building, business, and archival purposes, but in no event longer than eighteen (18) months from the date the device-level data was collected. We also keep opt-out information for longer than this period so that we can continue to honor opt-out requests.
We contractually require all of our Partners to do the same, and further, we require all Clients and Partners to only use the latest Tapad Graph build, which includes recent opt-outs. Aggregate reports by Clients or Partners generated from this information may also be kept longer.
We actively reevaluate our data retention policies on a regular basis to ensure that we only store data as needed to continue to deliver our product to our Clients.
4. Protect Data
Tapad takes significant steps to protect the security of the information that we collect. To that end, we have designed and deployed hardware, software and networking solutions in an effort to reasonably secure and protect access to our systems and data. Tapad’s Information Security Management System (“ISMS”) operates in accordance with and is certified to the requirements of ISO standard ISO/IEC 27001:2013. Tapad has also completed the AICPA Service Organization Control (SOC) 2 Type 2 audit for their Tapad Graph solution. The audit affirms that Tapad’s information security practices, policies, procedures, and operations meet the SOC 2 standards for security, availability, and confidentiality.
However, no data security measures can be guaranteed to be completely effective. Consequently, we cannot ensure or warrant the security of any Tapad Graph data or other information. In particular, we cannot guarantee that the Tapad Graph data or other information will not be disclosed, altered, or accessed in accidental circumstances or by unauthorized or unlawful acts of others.
Legal and Other Disclosures
We may share Personal Information when we believe such action is appropriate to comply with the law (e.g., legal process or a statutory authorization); to enforce or apply our customer agreements; to initiate, render, bill, and collect for Services; to protect our rights or property, or to protect users of those Services from fraudulent, abusive, or unlawful use of, or subscription to, such Services; or if we reasonably believe that an emergency involving immediate danger of death or serious physical injury to any person requires disclosure of communications or justifies disclosure of information without delay.
Tapad Website Data
In addition to the data we collect for the Services we provide, we also collect information you explicitly provide to the Tapad sites (www.tapad.com) with your consent. In this instance, in addition to collecting data for the purposes listed above, we may also collect user registration information from Tapad sites (www.tapad.com), such as when you sign up for our email newsletter. Data would also be collected when a consultation or meeting is requested or when available marketing material is downloaded from our site.
This might include our business Clients’ or prospects’ names, email addresses, company information, title, countries, and phone numbers, and information on which Services they are interested in. We do not sell or rent data collected from our websites, but we may provide it to Third-Party service providers such as Customer Relationship Management (“CRM”) platforms as necessary to conduct our business operations. In addition to the data collected for our marketing purposes, we also receive and store Personal Information that would be covered under our Services from these website visits so that we can improve our Tapad Services and to analyze our own Client base.
Tapad offers the rights to access and deletion, or any other applicable rights required by law, to the information of the users whose data we collect and process.
If you want to initiate your right to deletion or access regarding specific information we may hold, you may request deletion or access by visiting Tapad’s Consumer Rights Request Portal here. You may also object to your data being processed by opting out on the right-hand panel of this page, as described earlier in this notice. Please note that because we cannot identify requesters based on names, physical addresses or telephone numbers, requesters will need to present any relevant online Identifiers such as a Cookie ID, Mobile Ad ID, IP address, and/or email address to Tapad. Whenever you opt-out of the processing conducted by Tapad, all Personal Information relating to you and maintained by Tapad will be deleted safely by Tapad within thirty (30) days, except as otherwise noted in this Privacy Notice.
Additionally, requesters will be asked to certify that any ID provided to Tapad originates from a device owned by the requester. Tapad will provide a certification form to complete at the time of the request.
Consumers residing in California may also visit our California Consumer Disclosure page here for additional information.
261 Madison Avenue, 4th Floor, New York, NY 10016
You can also contact our Privacy Team by using Tapad’s Consumer Rights Request Portal here. For inquiries not related to request of data access, data deletion, or opt-outs, you may email firstname.lastname@example.org.
Change of Control
If we undergo a sale, merger, transfer, exchange or other disposition (whether of assets, stock or otherwise) of all or a portion of our business, information we have collected or otherwise acquired may be one of the assets transferred.
- “Clients” refer to companies that purchase our product, the Tapad Graph. Our Clients include companies that buy advertising, advertising technology companies, companies that engage in marketing, advertising and marketing agencies, market research firms, and market analytics firms
- “Cookie” is a small piece of data that is stored on your computer by a web browser during internet usage that can then, for example, be used to uniquely identify your browser
- “Consumer” means a natural person who may be identifiable by data that identifies, relates to, describes, is capable of being associated with, or may reasonably be linked, directly or indirectly, with a particular consumer or household, as described in the definition of “Personal Information” below
- “Customer Relationship Management” (CRM) are platforms that help manage a company’s interaction with users of their services and/or websites
- “Data Collection Code” means any code, pixels, cookies, links or scripts used by Tapad to collect data across digital properties, including websites and mobile applications.
- “HTML elements” are code snippets interpreted by web browsers to render web pages, interface with the browser itself, and communicate with remote servers
- “Identifier” or “ID” is a sequence of characters used or assigned to identify or refer to a device
- “IP address” or “Internet Protocol address” is a unique series of numbers that identifies a computer, mobile device, or online service on a network. Your computer or other mobile device’s IP address may change over time, or as you change locations.
- “Mobile Ad ID” is a set of digits that is assigned to a mobile device by the manufacturers of mobile devices. These are specifically for advertising and marketing purposes (different from a hardware ID) that may be reset. For iOS systems made by Apple, this is an IDFA, and for Android systems this is AAID
- “Obfuscation” is the action of making something obscure, unclear, or unintelligible
- “Operating System” or “OS” is software that controls the operation of a computer or device and directs the processing of programs (as by assigning storage space in memory and controlling input and output functions)
- “Partner” is an entity that which Tapad has a contractual business relationship
- “Personal Information” is data that identifies, relates to, describes, is capable of being associated with, or may reasonably be linked, directly or indirectly, with a particular Consumer or household
- “Personalization” is the act of designing or tailoring a user’s online experiences to meet individual preferences
- “Pixel” in this context is an HTML image element used by a website or Third Party to send data to their servers
- “Precise Location Data”, as defined by the NAI, is information that describes the precise geographic location of a device derived through any technology that is capable of determining with reasonable specificity the actual physical location of a person or device, such as GPS level latitude-longitude coordinates or location-based Wi-Fi triangulation. Generally, the use of two or fewer decimal places in latitude-longitude data is equivalent to knowing the location to the area of a circle with a radius greater than 500 meters
- “Pseudonymization” is a data management and de-identification procedure by which information fields within a data record are replaced by one or more artificial Identifiers, or Pseudonyms
- “Services” means the products, services, and features that Tapad provides to its customers, including but not limited to The Tapad Graph (as defined below)
- “SDKs” is an acronym for Software Development Kits. An SDK is a set of code that is embedded directly in Partner mobile applications
- “The Tapad Graph” or “the Graph” is Tapad’s proprietary technology used to establish probabilistic connections between your Pseudonymized Identifiers
- “Third Party” or “Third-party” is an entity other than Tapad or the Consumer
- “User Agent String” is a string of information about the context of the user requesting content, typically including type of browser, device, Operating System, and other information
Privacy Notice Changes
Tapad may modify this Privacy Notice at any time at its sole discretion. Use of information collected by Tapad now is subject to the Privacy Notice in effect at the time such information is used. Changes to the Privacy Notice shall be announced by posting the updated Privacy Notice on the Tapad Site. Changes to this Notice will be reflected in the “Last Updated” date above.
- Amended March 28, 2023 to update language and further detail our data collection, usage, and technology practices.
- Amended October 17, 2022 to update language, clarify definitions, and to further detail our data collection, usage and technology practices.
- Amended August 2, 2022 to update language, clarify definitions, and to further detail our data collection, usage and technology practices.
- Amender February 7, 2022 to remove reference to UK, EU & EEA Privacy Notice.
- Amended November 22, 2021 to update reference to the new Consumer Rights Request Portal.
- Amended October 5, 2021 to update language, clarify definitions, and to further detail our data collection, usage and technology practices.
- Amended January 19, 2021 to update language, clarify definitions, and to further detail our technology practices including usage of pixels and other HTML elements.
- Amended December 19, 2019 to include disclosures required by the CCPA.
- Amended November 4, 2019 to update to current practices which include product offerings, privacy principles, data collection practices, region-specific information, marketing practices and inclusion of At a Glance table and definitions.
- Amended June 20, 2018 to clarify language throughout.
- Amended April 16, 2018 to update industry membership information.
- Amended March 7, 2018 to comply with the requirements set by GDPR for privacy policies and reflect that Tapad may receive statistical IDs from Partners and delivered to Clients as part of the Tapad Graph reporting.
- Amended April 8, 2017 to reflect that Tapad may collect and use Obfuscated phone number in Pakistan for The Tapad Graph management, analytics, and ad targeting.
- Amended November 22, 2016 to reflect that Tapad may collect and use Obfuscated phone number in Malaysia for The Tapad Graph management, analytics, and ad targeting.
- Amended October 26, 2016, to better explain how users may opt out in mobile applications.
- Amended June 6, 2016, to reflect that in Tapad may collect and use Obfuscated user identifiers such as email address (or phone number in Thailand only) for The Tapad Graph management, analytics, and ad targeting.
- Amended April 7, 2016 to inform consumers that Tapad adheres to the Digital Advertising Alliance of Canada’s Self-Regulatory Principles for Online Behavioural Advertising.
- Amended October 13, 2015 to add information and links for European consumers.
- Amended November 17, 2014 to describe how we use Precise Location Data and non-sensitive health information and how we share information regarding users’ inferred interests.
- Amended May 14, 2014 to reflect re-branding of Evidon to Ghostery.
- Amended April 10, 2014 to clarify that some customers who receive data from us may be unable to honor opt-out requests immediately.
- Amended March 31, 2014 to remove reference to the TRUSTe Ad Preferences Manager.