Privacy Policy

Effective Date: September 1, 2016

Smaato, Inc. (“Smaato,” “we,” “our,” or “us”) provides this privacy policy to explain how we collect, use, and share information. This privacy policy (“Policy”) covers Smaato’s handling of two types of information:

  1. Information we receive about end users (“End Users”) of third-party mobile applications (“apps”) that use our Software Development Kit (“SDK”), the Smaato Demand Platform (“SDX”), or the Smaato Publisher Platform (“SPX”) (collectively, the “Smaato Ad Services”), and
  2. Information we receive through our corporate website at www.smaato.com or any other website on which this Policy is posted, as well as information we get through other corporate services and web portals we make available to clients and business partners (“Smaato Websites”). We describe the information received through the Smaato Websites in Section 5 below, entitled “Privacy Practices for the Smaato Websites.”

We encourage consumers to learn about how information (including information we collect) can be used to market to them, and how to exercise their choices to permit or limit such marketing. We describe ways consumers can exercise that choice or opt out of marketing in Section 4 below, entitled “Consumer Control and Opt-Out Options.”

1. INTRODUCTION AND BACKGROUND

Smaato provides mobile advertising technology services that facilitate transactions among advertisers, app developers, publishers of mobile websites and/or apps, and ad exchanges (collectively, “Clients”), and service providers and other data partners (collectively “Partners”). We do this by making available the Smaato Ad Services and other tools to Clients. Clients use the Smaato Ad Services and other tools to deliver advertising to End Users, and we in turn provide our services to help Clients (and their own customers) to deliver ads that are of interest to End Users. We explain what SDKs are in Section 3 below, entitled “Cookies, Pixel Tags, and SDKs,” which also explains how cookies and similar technologies (which we also use to provide the Smaato Ad Services) work.

2. PRIVACY PRACTICES FOR THE SMAATO AD SERVICES

a. INFORMATION COLLECTED THROUGH THE SMAATO AD SERVICES

Through the Smaato Ad Services, we may (but do not necessarily, or always) collect a variety of information about End Users (whether through our SDK or through other partnerships and tools such as Client-facing APIs), including:

  • IP addresses, from which geographic location may be inferred, as well as system configuration information such as information about End Users’ operating system;
  • Precise geolocation information (generally an End User’s latitude and longitude data);
  • Mobile advertising identifiers, such as iOS IDFAs and Android Advertising IDs (collectively, “Mobile IDs”). These Mobile IDs may be associated with other information we collect through the Smaato Ad Services, from third parties, or through any other services we offer;
  • Apps that you have installed, mobile websites that you have interacted with, and how you interact with them, including whether and how you interact with ads (including time-stamp information);
  • Device type and other device information (e.g., whether you are using a smartphone or tablet, and related information);
  • Network provider;
  • Mobile browser (e.g., Firefox, Safari, and Chrome);
  • Carrier user ID (a number uniquely allocated to you by your network provider);
  • Other unique identifiers that may be associated with an End Users’ device, including identifiers provided by Clients or their service providers; and
  • Email addresses, which we generally handle in or convert to “hashed” (i.e., machine-readable, but non-human readable) form.

We may combine and merge the various types of information collected from the Smaato Ad Services, and may also enhance it (or permit our Clients to enhance it) with information collected from third parties. We refer to all of the above information as the “Service Information.”

b. How We Use the Information Collected Through the Smaato Ad Services

We use the Service Information to provide a variety of services to our Clients related to advertising and marketing, including services we may describe elsewhere on Smaato Websites. This includes use of the Service Information for purposes such as to:

  • Provide and improve the Smaato Ad Services. This includes, for example, providing customer, technical, and operational support for these features, detecting and protecting against errors, fraud, or other criminal activity, and resolving disputes and enforcing our terms and conditions and other rights we may have. This may also include analyzing, customizing, and improving the features of the Smaato Ad Services;
  • Provide information and analytics to Clients about the use of app features provided through the Smaato Ad Services, or help Clients create or enhance user profiles for marketing or analytics purposes;
  • Create inferences about End Users categorized into “Audience Segments” or to help Clients do so. For example, if the information we collect indicates that an End User likes apps (or clicks on ads) about travel, we may categorize the End User of that device as someone who is interested in travel;
  • Develop and use data models that try to predict End Users’ potential future behavior and interests on a per-device basis or across devices;
  • Analyze ad performance, for example, by attributing End Users’ app installations or mobile web visits to ad campaigns;
  • Resolve identities across multiple devices, such as to match IP addresses or hashed emails to link an End User across, for example, mobile browsers, mobile devices, tablets, set top boxes, or other devices; and
  • Combine the Service Information to perform (including by working with Clients and Partners) any of the above functions, or other advertising, marketing, or analytics services. Or, we may aggregate and create data models to do this, by creating algorithms in order to predict common interests among End Users. We may provide End Users’ email addresses (which we generally hash) to Clients that match this information to online cookies or Mobile IDs in their system, and tie the information or associated IDs to additional interest-based or demographic data about End Users. This may be done, for example, to target advertising or provide analytics to other parties.

We or our Clients may deploy online cookies to track End Users across mobile websites and/or apps, or to associate End Users and these cookies with Mobile IDs. We or our Clients may perform such functions to resolve End Users’ identities across mobile devices and to better or more accurately target relevant ads to End Users (such as to a brand’s customers). We may also append or combine certain elements of the Service Information (such as hashed email addresses) to other information provided by third party data providers, to learn more about End Users or to provide advertising and analytics services. You can learn more about cookies and similar technologies, such as web beacons and SDKs, in Section 3 below, entitled “Cookies, Pixel Tags, and SDKs.”

c. How We Share Information We Collect Through the Smaato Ad Services

Generally, we share the Service Information with Clients and Partners in order to provide the Smaato Ad Services. For example, we share the Service Information with:

  • Clients and their marketing and service providers, so they may provide targeted content and advertising to End Users on mobile websites and/or apps;
  • Other third parties that target advertising. This may include, for example, platforms that work directly with marketers (sometimes called demand-side platforms), analytics companies, data management platforms that help marketers maintain and use data, proximity solution providers, and other advertising technology providers. These companies may, for example, provide targeted content and advertising to End Users and others on third-party mobile websites and/or apps or other advertising media (such as email, direct mail, and display media);
  • Clients and their marketing and service providers, to help measure the effectiveness of marketing or analyze their End Users’ likely interests or demographics;
  • Partners to enhance consumer privacy, hash information, or send advertising offers by email or display advertising (which may be linked to a cookie as described above); and
  • Third-party platforms to help advertisers identify common users across different mobile devices and/or mobile browsers.

Even when you no longer access our SDK, we may continue to use and share your information as described in this Policy.

The processes we described above often involve cookies or similar technologies, which may be associated with other information about End Users, such as End Users’ interests, demographics, or transactions. This is generally known as “interest-based advertising.” We encourage individuals who are interested in controlling or learning about this type of advertising to go to Section 4 below, entitled “Consumer Control and Opt-Out Options,” or go to the Digital Advertising Alliance’s (DAA’s) website at www.aboutads.info.

We may also share Service Information with third parties:

  • Pursuant to a request or authorization by an End User or Client;
  • If the disclosure is provided to: (a) comply in good faith with applicable laws, rules, regulations, governmental and quasi-governmental requests, court orders, or subpoenas, including for purposes of national security and law enforcement; (b) enforce our terms and conditions or other agreements; or (c) protect our, or any other person’s or entity’s, interests, rights, property, or safety, or in connection with an investigation of suspected or actual unlawful activity;
  • Where the information is aggregated or de-identified; and
  • As part of a business purchase, sale, merger, consolidation, investment, change in control, transfer of all or substantially all of our assets, reorganization or liquidation, bankruptcy, or in connection with steps taken in anticipation of such an event (e.g. due diligence).

3. COOKIES, PIXEL TAGS, AND SDKs

a. Cookies and Pixel Tags

Cookies are small data files containing a string of characters, such as unique browser identifiers. Cookies are stored on your computer or other device and act as unique tags that identify your browser. Our servers may deploy a cookie on your browser when you visit the Smaato Websites. Our Clients and Partners may do likewise on the Smaato Websites, our Clients’ and Partners’ websites, and elsewhere. Smaato may use both session cookies and persistent cookies. Persistent cookies, unlike session cookies, remain after you close your browser, and may be used by your browser on subsequent visits to any given website. Using persistent cookies, a site operator (or a third party they work with) can “remember” what you have previously done on a website and personalize the site, or ads you see, for you. This technology may also provide a site operator or third party (or us, when you visit the Smaato Websites) with information regarding your IP address, browser type, the web pages that you visit just before or after visiting a website, the web pages viewed, and the dates and times of your visits.

A pixel tag (also commonly known as a web beacon or clear GIF) is an invisible 1 x 1 pixel that is placed on certain web pages. When you access a web page with a pixel tag, the pixel tag may generate a generic notice of the visit, and permit us, or our Clients or Partners, to set or read cookies. Pixel tags are used in combination with cookies to track the activity on a website by a particular browser on a particular device. If you disable cookies, pixel tags simply detect a given website visit.

We, alone or with our Clients and Partners, may use cookies to, for example, “remember” you, track trends, and collect information about how you use our Clients’ or Partners’ websites or interact with advertising. We, and our Clients and Partners, use cookies to provide relevant content to you and replace non-relevant ads with ads that better match your interests. If you wish to opt out of interest-based mobile advertising, please see Section 4 below, entitled “Consumer Control and Opt-Out Options.” Please note that disabling cookies may prevent you from accessing some of the Smaato Websites’ functionalities and offerings, and those of other websites you visit.

b. Mobile Device Identifiers and SDKs

We, or our Clients or Partners, may use or work with mobile SDKs (including our own SDK(s), which are described in more detail in this Policy) to collect information, such as mobile identifiers (e.g., iOS IDFAs and Android Advertising IDs), and information related to how mobile devices and their users interact with our Smaato Ad Services and those using our Smaato Ad Services. The SDK is computer code that app developers can include in their apps to enable ads to be shown, data to be collected, and related services to be implemented. We may use this technology, for example, to analyze or measure certain advertising through apps and browsers based on information associated with your mobile device. If you would like to opt out from having ads tailored to you in this way on your mobile device, please follow the instructions in Section 4 below, entitled “Consumer Control and Opt-Out Options.”

Our Clients or Partners may use the above technologies (sometimes, in combination with each other or other data such as IP addresses or hashed or de-identified data files) to coordinate identifiers across platforms, browsers, or devices, in order to more efficiently analyze or target advertising.

4. CONSUMER CONTROL AND OPT-OUT OPTIONS

In most cases, consumers have control over whether or not they would like to receive relevant ads and marketing email from our Clients.

a. Opting Out of Online Interest-Based Advertising

You can opt out of many of the platforms and service providers we work with that support online interest-based advertising by visiting the Digital Advertising Alliance’s consumer education and opt-out page at www.aboutads.info. This type of opt out is cookie-based, which means that if you replace or upgrade your browser, or delete your cookies, you will need to opt out again. Opting out in this way will not prevent you from receiving ads; rather, the ads you see will be less customized to you.

b. Opting Out of Cross-App Advertising on Mobile Devices

You can opt out of having your mobile advertising identifiers used for certain types of interest-based mobile advertising (also called “cross-app advertising”), including those performed by Smaato, by accessing the settings on your Apple or Android mobile device, as follows:

  • Apple Devices: If you have an Apple device, you can opt out of most cross-app advertising by updating to iOS 6.0 or higher and enabling “Limit Ad Tracking.”

    • iOS 7 and Higher: Go to Settings → Privacy → Advertising, and toggle “Limit Ad Tracking” to ‘ON.’
    • iOS 6: Go to Settings → General → About → Advertising, and toggle “Limit Ad Tracking” to ‘ON.’
  • Android Devices: If you have an Android device, you can opt out of most cross-app advertising by going to Google Settings → Ads, and selecting the option to opt out of interest-based ads.

Please note that these platforms control how these settings work, so the above instructions may change. Likewise, if your device uses other platforms not described above, please check the settings for those devices.

c. Additional Choices

Advertisers may also provide ways for you to opt out from, or limit their collection of, certain information from and about you. Please refer to the privacy policies for retailers, apps, and mobile websites to learn more about their privacy practices.

You may opt out from receiving promotional emails from us, such as emails to inform you about events and new services, by following the “unsubscribe” instructions in any promotional email you receive, or by contacting us at marketing@smaato.com. Please note, however, that we may still send you non-promotional emails relating to your relationship with us.

5. PRIVACY PRACTICES FOR THE SMAATO WEBSITES

a. Information We Collect Through the Smaato Websites

The Smaato Websites provide information regarding Smaato and our products and services. Through the Smaato Websites, we collect information you voluntarily disclose to us, and we may also obtain automatically-collected information.

i. Information You Disclose to Us

When registering for an account, expressing an interest in obtaining additional information about Smaato or our products and services, or otherwise contacting us through the Smaato Websites, we collect information you voluntarily disclose to us, such as your name, mailing address, email address, telephone number, credit card number, and other billing information. You may also provide us with certain information about your business or other individuals.

ii. Automatically-Collected Information

When you visit the Smaato Websites, we may use cookies and pixel tags that we associate with unique identifiers to keep track of visitor interactions and personalize your experience on the Smaato Websites. For more information, please see Section 3 above, entitled “Cookies, Pixel Tags, and SDKs.”

We may also use third party-services, such as Google Analytics, that gather information such as your IP address, browser type, the web page from which you came to the Smaato Websites, and the times of your visit. In addition, as you browse the Smaato Websites, advertising cookies may be placed on your computer so that we can “remember” your interests. Our display advertising partners may then help us retarget ads to you on other sites based on your interactions with the Smaato Websites. To opt out of such interest-based mobile advertising, please see Section 4 above, entitled “Consumer Control and Opt-Out Options.” Opting out in this way will not prevent you from receiving ads; rather, the ads you see will be less customized to you.

b. How We Use Information We Collect Through the Smaato Websites

In addition to the uses described elsewhere in this Policy, we use the information we collect through the Smaato Websites (alone or in combination) to provide, market, improve, and operate the Smaato Websites, Smaato Ad Services, and any other products or services we have or may develop. This includes use of the information to:

  • Fulfill your requests;
  • Send information about our products and services, including marketing communications;
  • Respond to your questions, concerns, or customer service inquiries;
  • Create aggregated or de-identified information;
  • Comply with applicable laws, prevent fraud, mitigate risk, and perform similar purposes;
  • Understand usage trends and preferences;
  • Analyze, improve, and provide products and services;
  • Customize the content and advertising you see on the Smaato Websites, across the Internet, and elsewhere; and/or
  • Perform other purposes at your request.

c. How We Share Information We Collect Through the Smaato Websites

We may share the information we collect through the Smaato Websites in the following situations:

  • With your consent, including through this Policy;
  • With our affiliates;
  • With third parties that help us to operate our business and provide our services, such as entities that provide us with technical, customer, billing, administrative, event planning, marketing, or operational services;
  • As part of a business purchase, sale, merger, consolidation, investment, change in control, transfer of all or substantially all of our assets, reorganization or liquidation, bankruptcy, or in connection with steps taken in anticipation of such an event (e.g. due diligence);
  • When required by law or in response to lawful process, such as a subpoena, or to cooperate in good faith with a request from a government or law enforcement agency or official, including for purposes of national security and law enforcement;
  • If we believe sharing the information may prevent physical, financial or other harm, injury, or loss; or
  • If we believe sharing the information is necessary to protect our, or any other person’s or entity’s, interests, rights, property, or safety, or in connection with an investigation of suspected or actual unlawful activity.

With respect to aggregated or de-identified information, we may share such information without restriction.

6. DATA ACCESS AND RETENTION

Generally speaking, we retain the information collected from the Smaato Websites and Smaato Ad Services for as long as necessary to achieve our objectives as detailed in this Policy, and to comply with our legal obligations, resolve disputes, and enforce our agreements.

If you are a resident of the European Union, you may obtain a copy of the information we have about you by contacting us at privacy@smaato.com. Please be advised that, due to the manner in which we collect information, we will only be able to provide you with such information if we can determine that the information is identifiable to you. Under extenuating circumstances, we reserve the right to charge a fee for providing you with such information, and that fee will be based on costs and fees we incur to fulfill your request.

7. DATA SECURITY

We have administrative, technical, and physical safeguards in place in our physical facilities and in our computer systems, databases, and communications networks that are designed to protect the information from loss, misuse, or alteration. No method of electronic transmission or storage is 100% secure. Therefore, we cannot guarantee absolute security of your information.

To assist with data security, you understand that YOU ARE RESPONSIBLE FOR MAINTAINING THE SECRECY OF ANY ACCOUNT CREDENTIALS THAT CAN BE USED TO ACCESS ANY ACCOUNT WITH SMAATO. ANY ACTIONS TAKEN USING YOUR ACCOUNT CREDENTIALS ARE YOUR SOLE RESPONSIBILITY.

8. THIRD-PARTY WEBSITES AND APPS

This Policy only applies to the Smaato Websites and the Smaato Ad Services. We are not responsible for the privacy practices or disclosures of websites, developers, or apps that access or use the Smaato Websites or Smaato Ad Services. Likewise, when you access the Smaato Websites, you may be directed to other websites that are also beyond our control. We encourage you to read the applicable privacy policies and terms and conditions of such third parties and websites, and the industry tools that we have referenced in this Policy.

9. USERS FROM OUTSIDE THE UNITED STATES

The Smaato Websites and Smaato Ad Services are provided, supported, and hosted in the United States, and their operation is governed by United States law. If you are using the Smaato Websites or Smaato Ad Services from outside the United States, be aware that your Information may be transferred to, stored, and processed in the United States and other countries where our facilities are located. The data protection and other laws of the United States might not be as comprehensive as those in your country. By using the Smaato Websites or Smaato Ad Services, you consent to your information being transferred to our facilities and to the facilities of those third parties with whom we share your information as described in this Policy.

10. CALIFORNIA DO-NOT-TRACK STATEMENT

We do not currently recognize or respond to browser-initiated Do-Not-Track signals, as there is currently no industry-wide consensus as to uniform Do-Not-Track standards, implementations, or solutions. Please review Section 4 above, entitled “Consumer Control and Opt-Out Options,” for information about your marketing choices.

11. PRIVACY SHIELD

As a business under the jurisdiction of the Federal Trade Commission, Smaato has certified with the Privacy Shield as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from the European Union member countries. Smaato certifies that it adheres to the Privacy Shield principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. Consistent with these principles, where Smaato uses service providers to process personal data of European Union residents, Smaato shall remain liable where the agent processes such personal data of European Union residents in a manner inconsistent with the Privacy Shield principles, except where Smaato establishes that Smaato is not responsible for the damages caused by the agent. To learn more about the Privacy Shield program, and to view the list of entities who have current certifications under the Privacy Shield, please visit this page.

If you have any questions or complaints about Smaato’s privacy practices, you may contact Smaato at the contact information in Section 13 below, entitled “Contacting Us,” and we will work with you to resolve your issue. If you are a resident of the European Union, you may also contact your appropriate European Data Protection Authority with questions or complaints about our privacy practices.

If you are a resident of the European Union and are dissatisfied with the manner in which we have addressed your concerns about our privacy practices, you may seek further assistance from our designated Privacy Shield independent recourse mechanism, the JAMS EU-U.S. Privacy Shield Program:

https://www.jamsadr.com/eu-us-privacy-shield

Residents of the European Union who have unresolved complaints after: (1) contacting Smaato to resolve the issue; (2) seeking assistance from our independent recourse mechanism; and (3) contacting the U.S. Department of Commerce (either directly or through a European Data Protection Authority) and affording the Department of Commerce time to attempt to resolve the issue, may elect to arbitrate certain claims. Claims shall be arbitrated free of charge by our arbitration provider, JAMS, though each party shall be responsible for its own attorneys’ fees. Please be advised that, pursuant to Privacy Shield, the arbitrator(s) may only impose individual-specific, non-monetary, equitable relief necessary to remedy any violation of the Privacy Shield principles only with respect to the individual.

12. CHANGES TO THIS PRIVACY POLICY

We may occasionally update this Policy to reflect changes to our privacy practices. The amended Policy will be displayed on the Smaato Websites. Please check our Policy regularly to ensure you have read the latest version and to stay informed of our privacy practices. Your continued access to and use of the Smaato Websites and Smaato Ad Services constitute your acknowledgement of this Policy and any updates.

13. CONTACTING US

If you have any questions regarding this Policy, please contact us at privacy@smaato.com or:

Smaato, Inc.
240 Stockton Street, 10th Floor
San Francisco, CA 94108

+1 (650) 286-1198 (AMERICAS)
+49 (0)40 3480 9490 (EMEA)
+65 3157 1444 (APAC)