Platform Privacy Policy

Updated: December 2022

OVERVIEW

PulsePoint, Inc. (“PulsePoint” or “we”) operates programmatic technology platforms which facilitate ad placement for advertisers on mobile applications (“Apps”) and websites. This Privacy Policy explains our practices regarding the collection, use, and disclosure of information on our platforms, and explains your rights with regard to that information. This policy applies to PulsePoint’s platforms and services, including PulsePoint’s ad exchange platform (collectively, the “Platform”), and it explains our practices regarding the collection, use, and disclosure of information on our platforms as well as your rights with regard to that information. Your privacy and your choices around use of your data are important to us. Please read this policy carefully and if you have questions, please email privacy@pulsepoint.com.

If you are a consumer or end-user and wish to opt-out of our advertising, click here.

If you are a resident of California or Virginia, click here for additional information regarding your privacy rights and controls.

If you are a European resident, please see our EEA supplement for more information on the lawful grounds on which we process your information and data protection rights as an EEA visitor.

‍

‍INFORMATION THAT WE COLLECT

Where we collect information:

PulsePoint operates advertising technology, and as such, has many partners in the ad tech ecosystem that it works with in order to provide advertisements to end users of websites, Apps, and other various advertising platforms and media. When a consumer or other end user browses the internet, that browser or device may request advertisements from PulsePoint’s Platform. Through the serving of those advertisements or through other Platform analytics, we and our partners, including website or application publishers, advertising partners, or third-party data providers from whom we license data, may automatically collect information that is linked to your computer or device that may reflect how you interact with a webpage, the advertisements you view or click, or other information from your mobile device.

In addition, PulsePoint is part of the Internet Brands family of brands, and is a subsidiary of WebMD Health Corp. Other companies within the Internet Brands group may have access to information collected by PulsePoint.  

Types of information we may collect:

Most of the information PulsePoint may collect is non-personally identifiable information (“Non-PII”), which is information that does not identify you personally but may enable us to recognize your computer or device in the future. For example, when you visit a website or click an ad, we or our service providers may collect information such as:

• Websites you have visited and related information, such as pages visited or the time of day you visited the website;
• Ads served, viewed, or clicked on, such as the time of day of your visit, where the ad was served, whether you clicked on it, and whether you visited the advertiser’s website or purchased the product or service advertised;
• Apps visited, the start and stop time of a use session, your time zone and your network connection type;
• Mobile device information, such as the type and model, software version, manufacturer, operating system (e.g., iOS or Android), carrier name, mobile browser (e.g., Chrome or Safari), applications used and the version of such applications, and identifiers assigned to your device, such as its iOS Identifier for Advertising (IDFA), Android Advertising ID (AAID), or unique device identifier (a number uniquely given to your device by your device manufacturer), sometimes referred to as a mobile carrier ID;
• Your Internet protocol (IP) address;
• CTV/OTT information about video content viewed on a device or app;
• Location information, such as your zip code or approximate geographic area provided by your ISP or by location services and GPS features of a website or mobile device. GPS location may be shared with us if you have opted to provide that information to us or our partners. We may also infer geolocation of your device based on data collected through, for example, a WiFi identifier;
• Demographic information such as age range, gender, and income range.

We may also collect Non-PII from third parties that is not linked to your computer or mobile device for use in our Platform. Any information we receive from third parties is used to maintain and improve the accuracy of the records we hold about you.

Personally Identifiable Information

Personally identifiable information (“PII”) is information unique to you that may be used to directly identify you individually. We may acquire PII from our publishers, advertising partners, or other third parties, but only where we have contractually required that these third parties have obtained your consent or are otherwise legally permitted or required to disclose your PII to us. Depending on the source, the PII may include information such as your email address or certain specific demographic information. More precise location positioning, or location information combined with other data, may make it possible to pinpoint an exact location, which in some instances could be considered PII.

From time to time, advertisers or their agencies may serve advertisements through our Platform that enable you to enter personal information into the advertisement or other form fields, which may allow you to receive more information from an advertiser. In the event that you elect to enter into your personal information into such an advertisement or form field, we may collect such information solely for the purpose of providing services to the applicable advertiser or its agency.

Health Information

PulsePoint specializes in health advertising and may collect and use general health-related information when delivering ads, based on interest in topics found on sites or ads that such a user has interacted with in the past. For example, if you have previously interacted with a site that contains information on skin care, PulsePoint may collect that information about your browsing behavior and you may subsequently be shown an ad on another page for skin care-related products and services.

We also may contract with third parties to collect information that is de-identified for our purposes but is data related to past, present or future medical conditions and treatment of those conditions, including filled prescription data. PulsePoint will never attempt to re-identify this data back to a specific individual.  

HOW WE USE COLLECTED INFORMATION

We use the information we acquire to provide optimized, tailored advertising and provide insights about an ad campaign. For example, we may use both PII and Non-PII gathered from ads we have placed to provide our clients with ad-related services, such as statistical reporting about website activity and the number of ads served, and to provide more ads to end-users based on the specific website URL, or webpage, visited.

We also use the information we acquire to serve ads to more targeted audiences as explained below. We consider your PII and precise location information to be confidential information. Accordingly, we will obtain your consent, or, when we acquire that information from third parties, we will request that they obtain it in compliance with applicable law, and where required by applicable law or our self-regulatory obligations, secure your consent to provide the information to us and for us to use and share your information with others as explained in this Privacy Policy, including for interest-based advertising (“IBA”) purposes.

Segments

We use the information we acquire to deliver ads to the most relevant recipients. For example, we may develop audience segments (groupings of individuals with common interests or characteristics) and deliver ads to those segments as appropriate, or to websites that we believe are relevant to and frequented by users of a particular segment. For example, if you are a student, we may deliver ads for school course offerings or financial aid. Segments may be based on demographic characteristics such as age and gender, geographic area, and other categories derived from various information. We also collect and maintain health-related data segments to allow our clients to provide these kinds of tailored advertising services to end users. Any health-related data segments used for targeting will not include sensitive health information, such as your actual diagnosis for a particular condition or any of your past online behavior with respect to conditions like cancer or mental health disorders. A representative sample of health segments we use are here:

• Allergies
• Alternative Medicine
• Arthritis
• Asthma
• Beauty
• Blood Sugar Management
• Bone & Muscle
• Cholesterol
• Chronic Fatigue Syndrome
• Chronic Pain
• Circulatory
• Cold & Flu
• Cosmetic
• Dandruff
• Deafness
• Dental Care
• Dermatology
• Diabetes
• Diet & Nutrition
• Digestive Health
• Ear, Nose & Throat
• Epilepsy
• Equipment
• Exercise
• Eye care
• Female Health Lifestages
• Feminine Care
• First Aid
• Food
• Food Allergies
• Food Issues
• Foot Care
• GERD/Acid Reflux
• Hair Care
• Headaches/Migraines
• Health & Fitness
• Health/LowFat Cooking
• Healthy Living
• Heart Disease and Wellness
• Herbs for Health
• Holistic Healing
• Home Test Kit
• Homeopathic
• Incontinence
• Infant Care
• Massage Therapy
• Men’s Health
• Nail Care
• Nutrition
• Oral Care
• Orthopedics
• OTC
• Overactive Bladder
• Pain Relievers
• Pediatrics
• Pharmacy
• Physical Therapy
• Pregnancy
• Health Care Professionals
• Respiratory
• Self Help
• Senior Health
• Sexuality
• Sinus
• Skin Care
• Skin Health
• Sleep
• Sleep Disorders
• Smoking Cessation
• Stress Relief
• Training
• Vision Care
• Weight Loss
• Weight Management
• Women's Health

Contextual Ads

PulsePoint’s Platform supports contextual advertising services. “Contextual advertising” is a common practice involving the placement of an ad that is relevant to the content on a webpage. These ads are targeted to content categories only, meaning that a visitor of a webpage sees an ad relevant to the content found on the webpage visited. Displaying an ad for sneakers on a website that promotes running is an example of contextual advertising.  

Targeted Ads

We may engage in IBA (or online behavioral advertising, “OBA”). This may utilize the segments referred to above, and end user data derived from browsing habits on the Internet, to target specific ads to individuals. For example, if an advertiser wants us to display ads to individuals who have expressed interest in acne, sun-care products, or advances in treating certain medical conditions, we may serve ads for those products or services to those individuals based on segment data and Internet browsing habits. We may also serve ads to you based on inferences we have made regarding health-related information that may be of interest to you. We may make these inferences using models based on a sample set of other users’ health records, which we then compare with information in our databases to create datasets we can use to make certain predictions or inferences regarding characteristics that may apply to you, including the likelihood of the existence of certain medical conditions. The purpose of such advertising is to serve ads better related to products and services that may be relevant to the interests of the individuals seeing them.

Retargeting

We may serve ads to you based on your previous visits to a website or clicks on an ad. For example, an advertiser might ask us to display a particular ad to people who have recently visited the advertiser’s website. In some instances, a cookie is placed on your computer while at the advertiser’s site, and when that cookie is seen by us on the website of another company in our Platform, we will deliver the advertiser’s ad there. We may also use information collected from mobile apps and browsers to serve ads across devices for the purpose of linking devices to relevant individuals.

Geo-fencing

We or our service providers may deliver ads to your mobile device when you are in certain geographic locations. This type of targeted advertising is referred to as “geo-fencing” or “geo-targeting.” Geo-fencing works by placing a “fence” around a certain geographic (“geo”) location.  For example, we or one of our service providers could create a 2 square mile “fence” around a grocery store. When you go inside that fence or target area, we or our service providers may serve you specific ads based on your being in that target area. In such instance, you may, for example, be served ads about the grocery store or a product sold in that grocery store.  

With geo-fencing we do not continuously, periodically, or intermittently track your precise location.  The geo location of your device will, however, be provided to us or one of our service partners when you enter the target area, and we may also be provided other Non-PII. Geo-fencing monitors an area and sends notifications either to an app you have on your mobile device or directly to us or our service providers when the boundary is crossed, either in or out. Those apps use this location information to process status updates only if you have geo-location enabled on your mobile device. We will not target you with ads based on your geo-location unless we believe you have provided consent to do so.  

If you want to limit or prevent location data from being collected from your device you can adjust this capability through your mobile device settings. Please refer to your applicable device settings for instructions on how to manage your location settings. Additional options for opting out of receiving targeted ads can be found in the “Consumer Choice” section below.

INFORMATION THAT WE SHARE

Except as stated in this Privacy Policy, we will not share or sell your PII or any other Confidential Information to third parties. We only share your PII with third parties (i) when we have received assurance from the party who gave us that information that you consented to do so; and (ii) so that third parties may bid, purchase, and target ads to you directly or otherwise use or share that information with others for advertising or marketing purposes. As with targeted ads, we may share your PII with third parties so that they may retarget you as well. We may also remove identifying information from PII (de-identify it) therefore rendering it Non-PII, and share that de-identified information with third parties, such as in segments we create.

We may share Non-PII with third parties. For example, we may provide information to others as to the specific ads to which a segment of end-users was exposed, or we may make certain information, such as certain demographic information, about end-users viewing an ad available to buyers and potential buyers of such ads. We may also disclose how frequently the average end user requests pages about a certain category (such as health or finance), or which ads a segment of end-user interacts with on domains across our Platform.

The Non-PII information that we share, including the Non-PII that is not linked to your computer, mobile device, or connected TV or app, does not directly identify you, but there is a risk that third parties who receive such information from us may be able to re-identify you through other information they gather. However, we require written assurances from third parties that they will not attempt to re-identify non-PII to any particular individual.

In addition to the uses noted in this Privacy Policy, we also may disclose PII and Non-PII under the following circumstances: (1) if required by law, such as by a court order, statute, regulation, rule or through legal process; (2) in response to requests from federal, state, local, or foreign law and civil enforcement agencies, such as a search warrant, subpoena, or court order, or for law enforcement purposes; (3) in the event of a corporate transaction such as the sale of assets or all or most of PulsePoint’s assets or equity to another company; (4) in the event of a bankruptcy, insolvency, reorganization, receivership, or assignment for the benefit of our creditors; or (5) if we determine it necessary in connection with an investigation or in order to protect our legal rights.

We may also disclose your PII and Non-PII to our parent companies, affiliates, subcontractors, vendors, and other businesses who provide data processing services to us, or who otherwise process PII for purposes that are either described in this Privacy Policy or notified to you when we collect your PII. For example, we may engage third parties to analyze data or provide marketing assistance. We request written assurances that your information will only be used for the purposes of performing the functions for which we have engaged them.

USE OF COOKIES

We collect Non-PII through technologies such as “cookies” and “pixel tags” (which are also called clear GIFs, web beacons, or pixels). “Cookies” are small data files that are stored by your web browser on your computer. When you visit a webpage, the cookie sends back Non-PII. “Pixel tags” are small graphic images (usually invisible) that can be embedded in content and ads on a webpage that track usage of our websites and effectiveness of communication. These pixel tags can then be used to recognize our cookies and to monitor certain user interactions with a website.

‍Cookies and these other technologies are important and useful because they allow us to recognize your device and remember information about you, such as your preferred language and other general settings. Most of the cookies are stored in your browser, which usually gives you the ability to manage them (though browsers for mobile devices may not offer this possibility).

You have several choices when it comes to opting out of the collection of information about your web browsing activities through cookies.  See the “Consumer Choice” section below for ways to opt-out. You can also find information about opting out on the DAA website. For additional information, please review our Cookie Policy.

‍

Right to Know and Data Portability Rights

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months or beyond the 12-month period on or after January 1, 2022. Once we receive and confirm your verifiable consumer request, we will disclose to you:

• The categories of personal information we collected about you.
• The categories of sources for the personal information we collected about you.
• Our business or commercial purpose for collecting, or selling or sharing that personal information.
• The categories of third parties with whom we disclose that personal information.
• The specific pieces of personal information we collected about you (also called a right to access or data portability request).

You may only make a verifiable consumer request for access or data portability twice within a 12-month period.

Right to Delete

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and verify your consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service providers to:

• Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
• Prevent, detect and investigate security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
• Debug products to identify and repair errors that impair existing intended functionality.
• Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
• Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
• Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
• Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
• Comply with a legal obligation.
• Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Right to Correct Your Inaccurate Personal Information

You have the right to request that we correct any inaccurate personal information about you, taking into account the nature of the personal information and the purposes of processing your personal information. Once we receive and verify your consumer request, we will use commercially reasonable efforts to correct your inaccurate personal information from our records, unless it is impossible or involves a disproportionate effort.

Right to Opt Out of the Sale or Sharing of Your Personal Information

The CCPA defines “sale” broadly, and it may include our sharing information that we have about you, such as a cookie ID or IP address, with third party advertising partners who may use this information, on our behalf, to help us deliver advertising on the WebMD Sites as well as on third party websites.  You have the right to opt- out of the sale or share of your personal information subject to certain exclusions as described below. Once we receive your request, we will not sell or share your personal information, unless an exclusion applies. We may request that you authorize the sale or sharing of your personal information after 12 months following your opt-out. 

The Applicable Data Privacy Laws exclude certain transfers of your personal information from what constitutes a sale or sharing thereof:

• As directed by you: When you direct us to intentionally disclose your personal information or use the Services to intentionally interact with us or a third party (provided that third party does not sell or share your personal information, unless that disclosure would be consistent with the Applicable Data Privacy Laws).
• Service provider: We may share your personal information with a service provider that is necessary to perform a business purpose as described above if both of the following conditions are met: We provide notice of the sharing and your opt-out right as described herein. The service provider does not further collect, sell, share or use the personal information of the consumer except as necessary to perform the business purpose.
• Change of control: We may transfer to a third party your personal information as an asset that is part of a merger, acquisition, bankruptcy, or other transaction subject to certain requirements described in the Applicable Data Privacy Laws.

Right to Non-Discrimination for Exercising Your Privacy Rights

We will not discriminate against you for exercising any of your Applicable Data Privacy Laws rights. Unless permitted by the Applicable Data Privacy Laws, we will not:

• Deny you goods or services.
• Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
• Provide you a different level or quality of goods or services.
• Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability, and deletion rights described above, please submit a request in accordance with our Privacy Policy.

The verifiable consumer request must:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

You may be asked to provide further verifying documentation, such as proof of residency and identity.

Only you or a person you authorize to act on your behalf may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. If you are making a request through an authorized agent acting on your behalf, such authorized agent must provide proof of written authorization to do so, and you must verify your identity directly with us, unless such authorized agent provides proof of a power of attorney pursuant to Probate Code sections 4000 to 4465.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.  Making a verifiable consumer request does not require you to create an account with us.  We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.

Response Timing and Format

We will confirm receipt of your request(s) within 10 business days and provide you information on how we will process your request. We will endeavor to respond to a verifiable consumer request within 45 days of its receipt.  If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.  Any disclosures we provide will cover a period of no less than 12 months preceding the receipt of a verifiable consumer request.  The response we provide will also explain the reasons we cannot comply with a request, if applicable.  For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded.  If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Changes to this Privacy Notice

We reserve the right to change or modify this privacy notice and any of our Services at any time and any changes will be effective upon being posted unless we advise otherwise. By continuing to use the Services after changes are made to this privacy notice, you agree to such changes.  We encourage you to periodically review this privacy notice for the latest information on our privacy practices.