Updated: Apr 8, 2017, effective on May 8, 2017
What We Do
Through its proprietary Device Graph™ and device unifying technology, Tapad establishes connections between a user’s devices. The result is a holistic view for marketers across multiple, related devices: smartphones, computers, tablets and connected TVs.
Provide Notice. We explain what information we’re collecting and why.
Offer Meaningful Choice. Consumers have access to tools to easily opt-out of our Device Graph and behavioral advertising by Tapad.
Protect Data. We follow reasonable practices to ensure all user data is secured.
No Children. Tapad does not create or use audience segments targeted at children under the age of thirteen.
1. Provide Notice
In order to establish connections between devices, to provide insights and reporting to partners, and to provide more relevant ads to users, we collect and store select information about devices directly from the device. We may also receive additional information about the device or the individual from partners with an existing relationship with the individual or from other third parties. For example, we may receive inferred demographic data, user-declared demographic data, obfuscated phone number (in Pakistan, Thailand, and Malaysia only), or obfuscated user login data.
The technologies we use to collect information include browser cookies, pixels, application software development kits (SDKs), or server-to-server connections with our partners.
A cookie is information that is stored on your computer that can uniquely identify your browser.
A pixel is a piece of code which is used by a website or third party to assign online activities to a computer or browser. The use of a pixel allows websites and us to record, for example, that a user has visited a particular web page or clicked on a particular ad.
We may collect information (as specified in the section below “What may be collected by Tapad”) about select user behavior (e.g., when a user opens an application or interacts with that application) in an application on behalf of that partner. In this case, we may use an application SDK or a server-to-server connection with our partners to collect that information. An application SDK is a library of code that is embedded directly in partner applications. We may also use a server-to-server connection to exchange the same data when an SDK integration is not feasible or practical for the partner. While Tapad uses these technologies to track select activities within an application, including whether or not the user is accessing certain pages or features or is responding to marketing messages, Tapad does not track the emails a user sends or the individuals a user communicates with, or any sensitive financial or health related data.
- We may also collect information (as specified in the section below “What may be collected by Tapad”) when we receive ad requests from our partners. In this case, we may use an application SDK or a server-to-server connection with our partners to collect that information.
We use these technologies across platforms including websites, mobile applications, email and TV applications so that we provide the best cross-platform targeting technology possible. Examples of how we deploy these technologies include: (1) when we deliver ads and (2) when we integrate with our partners’ websites and applications to provide cross-device analytics.
We do not use “zombie cookies” or “history sniffing.” We do not use local storage and Flash cookies for any other purpose other than to maintain a persistent opt-out.
What may be collected by Tapad for Device Graph™ management, analytics, and ad targeting:
User agent string that specifies device and browser information
Unique device identifier, stored in a browser cookie
Hardware or operating system device identifier. For example, IDFA for iOS, Android ID for Android, and Google Ad Ids.
Web page or application where an ad may be placed
Web page or application that the individual is using when a Tapad pixel fires
Anonymous data that can be extrapolated from an IP address. For example, we may be able to determine a user’s general location and therefore infer demographic information.
- Obfuscated user identifier, such as email address (or phone number in Pakistan, Thailand, and Malaysia only)
What is not collected by Tapad for Device Graph™ management, analytics, and ad targeting:
Phone number (except in Pakistan, Thailand, and Malaysia)
Sensitive personal data, such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health and information about sex life.
We do not use or permit our customers to use precise location data, such as your exact location at any given time, to connect devices in our Device Graph, to infer user interests for online behavioral advertising (which we define to mean advertising to consumers based on activities across websites or apps over time), or to deliver advertisements to you at a precise location (which we define to mean an area with a radius of less than one half mile), without your express consent to Tapad.
Collected information is used to:
Evaluate the probability and nature of connections between devices (a key attribute of our Device Graph)
Infer eligibility of device for interest and demographic-based segments
Provide targeted advertising to users based on the information collected by Tapad unless the user has opted out
Provide insights, facilitate ad delivery, and provide reporting back to customers (such as advertisers and publishers) and partners, including statistical reporting in connection with the activity on a website, optimization of location of ad placement, ad performance, reach and frequency metrics, billing, and logging ads served on a particular day to a particular website
Provide Device Graph information and inferences about user interests to customers and partners that allow them to target advertising, personalize content, analyze behaviors and engage in other similar services
Share aggregate information with third parties
In addition, such information may be used by Tapad for internal analysis in order to perform and improve the Services and associated technologies, and to operate and improve the Tapad site (www.tapad.com)
Tapad also receives “Matching IDs” from partners and clients for the purpose of helping our partners and clients understand which of their existing customers or otherwise known IDs match specific IDs in Tapad’s Device Graph. Matching IDs may represent underlying cookie IDs, customer IDs, email addresses, phone numbers (in Pakistan, Thailand, and Malaysia only), or other types of data to the partner or client, but Tapad never receives this information in a form that is identifiable to Tapad. Tapad requires that partners and clients obscure and protect all Matching IDs before sending them to Tapad, such that the underlying data is either meaningless to Tapad, as is the case with a 3rd party cookie ID where Tapad has no matching table, or is encrypted such that Tapad has no ability to access the underlying data. Matching IDs may be used for the purpose of analytics and ad targeting, Device Graph management, or to enrich Tapad’s data or services.
We supplement our user segment data and device graph with information from other data partners. The information these data partners provide typically consists of demographic and inferred interest data. Tapad does not collect or use any data, including inferred interest data, that we consider sensitive, such as precise information reflecting a user’s past, present or potential future health or medical condition or treatment, including genetic, genomic and family medical history; certain aspects of a user’s personal life or financial situation; or use of, or interest in, gambling, alcoholic beverages, or “adult” products or services. Tapad partners with Blue Kai, eXelate and other companies to receive information about non-sensitive health and wellness categories. You can view representative lists of such categories available from Blue Kai by clicking here and from eXelate by clicking here.
2. Offer Meaningful Choice
Mobile applications and web browsers operate with different identifiers even though they may be on the same device. This is similar to how different web browsers on your computer have independent identifiers. Because mobile apps and web browser have different identifiers, you will need to opt-out of each environment separately. At this time we do not respond to browser ‘do not track’ signals, as we await the work of interested stakeholders and others to develop standards for how such signals should be interpreted and to evaluate how they work in practice.
If you are interested in opting out on your computer or mobile web browser, please visit the “Web Browser Opt-out” section below. If you are interested in opting out on your mobile app, please visit the “Mobile Application Opt-out” section below. When you opt out, there may be a limited delay in some of our customers’ ability to update their information and honor your choice.
Web Browser Opt-out
If you would like for Tapad to stop collecting device data for our Device Graph and for targeted advertising in your web browser, please see the opt-out button to the right.
You may also opt out from the Network Advertising Alliance’s opt-out page here or the Digital Advertising Alliance’s Opt-out page here. If you reside in Europe, you may also opt out from the European Digital Advertising Alliance’s opt-out page here, which is available in 27 languages. If you reside in Canada, you can opt out from the Digital Advertising Alliance of Canada’s opt-out page here.
We make best effort to provide a persistent opt-out for online display and, independently, for mobile web. This opt-out must be performed on each device and browser that you want to be opted out on. For example, if you want to opt-out on your computer browser as well as your mobile device browser, you will need to click on the link above in both your computer browser as well as your mobile device browser.
PLEASE NOTE: In the web browser environment, do not just delete cookies from your browser. The Tapad web browser opt-out works by replacing your unique cookie ID with a generic opted-out value. This happens both on the cookie in your browser as well as on our server side. Thus, if you attempt to opt-out by clearing cookies, or deleting your device’s content cache Tapad will not be able to recognize your device as having opted-out, and if you subsequently visit one of Tapad’s website partners, you may then get a new Tapad cookie.
Mobile Application Opt-out
If you would like Tapad to stop collecting device data for our Device Graph and for targeted advertising in your mobile applications, please download the DAA’s AppChoices tool for your mobile operating system and opt-out through the application.
You may also opt out in mobile apps by adjusting your advertising preferences on your mobile device. For example, to adjust your advertising preferences in iOS, visit Settings > Privacy > Advertising > Limit Ad Tracking. To adjust your advertising preferences in Android, visit Settings > Google > Ads > Opt out of interest-based ads.
Please keep in mind that if you opt-out, you will still receive ads though they will not be tailored to your interests. To opt-out from other companies that provide online behavioral advertising services, you can opt-out at the following online advertising industry website: The Digital Advertising Alliance Website, www.aboutads.info or the European Digital Advertising Alliance Website, www.youronlinechoices.eu.
3. Protect Data
Tapad takes significant steps to protect the security of the information that we collect. To that end, we have designed and deployed hardware, software and networking solutions in an effort to reasonably secure and protect access to our systems and data.
Please be aware, however, that no data security measures can be guaranteed to be completely effective. Consequently, we cannot ensure or warrant the security of any Device Graph data or other information. In particular, we cannot guarantee that Device Graph data or other information will not be disclosed, altered, or accessed in accidental circumstances or by unauthorized or unlawful acts of others.
We do not deliver ads based on individual level data that is more than fourteen (14) months old. We retain the information that is reasonably linkable to a device and collected for ad targeting and/or ad delivery and reporting only as long as is legitimately necessary for running advertising campaigns and in no event longer than fourteen (14) months. We keep opt-out information for longer than this period so that we can continue to honor opt-out requests. Aggregate reports generated from this information may also be kept longer.
4. No Children
Tapad does not create or use audience segments targeted at children under the age of thirteen (13).
Personal information you explicitly provide to the Tapad Sites (www.tapad.com):
In addition to collecting data for the purposes listed above, we may also collect user registration information from Tapad Sites (www.tapad.com). Some of Tapad’s services request voluntary user registration or sign-up that, when given, could be classified as Personally Identifiable Information (PII), such as our email newsletter. This might include our business customers’ or prospects’ names, postal addresses, email addresses, and phone numbers. We do not sell or rent data collected from our websites, but we may provide it to third-party service providers as necessary to conduct our business operations and for the performance of our Services with our customers. We also receive and store non-personally identifiable information from these website visits so that we can better target our own ads for Tapad Services and to analyze our own customer base.
Personal information we collect on behalf of advertisers:
In addition to collecting data for the purposes listed above, we may also collect user registration information on behalf of our advertisers. Users may choose to manually and voluntarily enter information that could be classified as PII as part of their interaction with an advertisement or landing page, and we may collect this PII on behalf of those advertisers. Because we are collecting this information on behalf of an advertiser, we may transfer this information to them. We do not sell or rent this information to any third parties for their own use.
Legal and Other Disclosures
We may share personal information when we believe such action is appropriate to comply with the law (e.g., legal process or a statutory authorization); to enforce or apply our customer agreements; to initiate, render, bill, and collect for Services; to protect our rights or property, or to protect users of those services from fraudulent, abusive, or unlawful use of, or subscription to, such services; or if we reasonably believe that an emergency involving immediate danger of death or serious physical injury to any person requires disclosure of communications or justifies disclosure of information without delay.
Change of Control
If we undergo a sale, merger, transfer, exchange or other disposition (whether of assets, stock or otherwise) of all or a portion of our business, information we have collected or otherwise acquired may be one of the assets transferred.
- Amended April 8th, 2017 to reflect that Tapad may collect and use obfuscated phone
number in Pakistan for Device Graph™ management, analytics, and ad targeting.
Amended November 22, 2016 to reflect that Tapad may collect and use obfuscated phone number in Malaysia for Device Graph™ management, analytics, and ad targeting.
Amended October 26, 2016, to better explain how users may opt out in mobile applications
Amended June 6, 2016, to reflect that in Tapad may collect and use obfuscated user identifiers such as email address (or phone number in Thailand only) for Device Graph™ management, analytics, and ad targeting
Amended April, 7 2016 to inform consumers that Tapad adheres to the Digital Advertising Alliance of Canada’s Self-Regulatory Principles for Online Behavioural Advertising
Amended October, 13 2015 to add information and links for European consumers
Amended November 17, 2014 to describe how we use precise location data and non-sensitive health information and how we share information regarding users’ inferred interests
Amended May 14, 2014 to reflect re-branding of Evidon to Ghostery
Amended April 10, 2014 to clarify that some customers who receive data from us may be unable to honor opt-out requests immediately
- Amended March 31, 2014 to remove reference to the TRUSTe Ad Preferences Manager