PRIVACY POLICY

PLATFORM PRIVACY POLICY

Updated as of May, 2018

PulsePoint, Inc. and our affiliates and wholly-owned subsidiaries, including but not limited to, AllVoices Inc. and PulsePoint Holdings, LLC (collectively “PulsePoint” or “we”), respect and value your privacy. We operate programmatic technology platforms (collectively, the “Platform”), including the PulsePoint ad exchange, which facilitates­ ad placement for advertisers and publishers on mobile applications (“apps”) and websites. This privacy policy (our “Privacy Policy”) explains our practices regarding the collection, use, and disclosure of information on our Platform.

This Privacy Policy does not apply to any information we may collect and use when you visit our PulsePoint owned and operated website(s) (“Websites”), as we do not use any information collected through our Websites in our Platform. To learn about the information we collect through our Websites, please visit PulsePoint’s Website privacy policy, which is available here.

PulsePoint is a member of the Network Advertising Initiative (“NAI”) and follows the NAI’s Code of Conduct, which outlines self-regulatory principles for personalized advertising. PulsePoint also complies with the Digital Advertising Alliance’s (“DAA”) Self-Regulatory Principles for Online Behavioral Advertising.

We reserve the right to modify this Privacy Policy from time to time in response to a change in legal, technical or business developments. Changes will be posted on our Websites and the effective date of the Privacy Policy will be revised accordingly.

What Types of Information Do We Collect?

Non-Personally Identifiable Information (“Non-PII”)

We and our service providers (publishers, advertising partners, or third party data providers from whom we license data from) may automatically collect information that is linked to your computer or device and may reflect how you interact with a webpage or the ads you view or click.  We or our service providers may also collect Non-PII from your mobile device or from apps on your mobile device. The Non-PII that we collect does not directly identify you personally, but it may enable us to recognize your computer or device over time. For example, when you visit a webpage or click on an ad, we or our service providers may collect information, which includes, but is not limited to:

  • which websites you have visited and information about your visit, including pages visited, what time of day you visited those websites, and more;
  • information about the ads served, viewed, or clicked on, such as the time of day of your visit, where the ad was served, whether you clicked on it, and whether you visited the advertiser’s website or purchased the product or service advertised;
  • information regarding the app visited, session start/stop time, time zone, and network connection type (e.g., WiFi, cellular);
  • information about your mobile device, such as the type and model, software version, manufacturer, operating system (e.g., iOS or Android), carrier name, mobile browser (e.g., Chrome, Safari), applications used and the version of such applications, and identifiers assigned to your device, such as its iOS Identifier for Advertising (IDFA), Android Advertising ID (AAID), or unique device identifier (a number uniquely given to your device by your device manufacturer), sometimes referred to as a mobile carrier ID;
  • your Internet protocol (IP) address (a unique number that is automatically assigned to a computer when surfing the web); 
  • your location information, such as your zip code or the approximate geographic area provided by your Internet service provider (ISP) or location positioning information provided by the location services and GPS features of your mobile device or website when location services have been enabled.  We may also infer the geo-location of your device based on data collected through, for example, a WiFi identifier that the device is connected to. 

We may also collect Non-PII from third parties that is not linked to your computer or mobile device for use in our Platform.  Any information we receive from third parties is used to maintain and improve the accuracy of the records we hold about you.     

In some countries, including countries in the European Economic Area (“EEA”), this information may be considered PII (as defined below) under applicable data protection laws. Please see our EEA Supplement for more information on the lawful grounds on which we process your information and data protection rights which you have if you are an EEA visitor.

Personally Identifiable Information (“PII”)

PII is information unique to you that may be used to directly identify you individually. We may acquire PII from our publishers or advertising partners or other third parties, but only where we have contractually required that these third parties have obtained your consent or are otherwise legally permitted or required to disclose your PII to us. Depending upon the source, the PII may include information such as email address, gender, or certain specific demographic and other information. More precise location positioning, or location information combined with other data, may make it possible to pinpoint an exact location, which in some instances could be considered PII.

Sensitive Data

Certain PII and Non-PII may also be considered “Sensitive Data.” Some examples of Sensitive Data are your social security number and financial account numbers. Sensitive Data can also include certain types of information about your race or ethnicity, or information related to your health, such as information on certain past, present, or future medical conditions and treatment of those conditions (sometimes also referred to as protected health information or “PHI”), prescriptions you have filled, laboratory results, and information about your health or wellness, including information regarding sexually transmitted diseases (“Sensitive Health Data”). Some examples of the categories of Sensitive Health Data we collect are available here. PHI collected and stored by us may not be protected under the Health Insurance Portability and Accountability Act (“HIPAA”).

How Do We Use Your Information?

We use the information we acquire to better target and provide insights about an ad campaign. For example, we may use both PII and Non-PII gathered from ads we have placed to provide our clients with ad-related services, such as statistical reporting about website activity and the number of ads served, and to provide more ads to end-users based on the specific website URL, or webpage, visited. We also use the information we acquire to serve ads to more targeted audiences as explained below. We consider your PII, Sensitive Data (including Sensitive Health Data), and precise location information to be confidential information. Accordingly, we will obtain your consent, or, when we acquire that information from third parties, we will request that they obtain it in compliance with applicable law, and where required by applicable law or our self-regulatory obligations, secure your consent to provide the information to us and for us to use and share your information with others as explained in this Privacy Policy, including for interest based advertising (“IBA”) purposes.

Segments

We use the information we acquire to deliver ads to the most relevant recipients. For example, we may use PII and Non-PII to develop audience segments, or groupings of individuals with common interests or characteristics, and deliver ads to the individuals within a segment, or to the websites frequented by users of a particular segment, that we determine are relevant to that segment. So, for example, if you are a student, we may deliver ads for school course offerings or financial aid.

Segments may be based on demographic characteristics such as age and gender, geographic area, and other categories derived from various information, including purchasing tendencies. Segments may also be based on certain medical conditions, such as flu or diabetes, or other medical conditions that are considered sensitive, such as cancer. Examples of some health segments we use are available here.

Our Platform serves both contextual and targeted/IBA.

Contextual Ads

Placing an ad relevant to the content on the webpage is commonly referred to as contextual advertising. These ads are targeted to content categories only, meaning that a visitor of a webpage sees an ad relevant to the content found on the webpage visited. Displaying an ad for sneakers on a website that promotes running is an example of contextual advertising. Many of our ads focus on contextual advertising.

Targeted Ads

We may engage in IBA (or online behavioral advertising (“OBA”)). This may utilize the segments referred to above, and PII and Non-PII derived from browsing habits on the Internet, to target specific ads to individuals. For example, if an advertiser wants us to display ads to individuals who have expressed interest in acne, sun-care products, or advances in treating certain medical conditions, we may serve ads for those products or services to those individuals based on segment data and Internet browsing habits. We may also serve ads to you based on inferences we have made regarding health conditions that may be of interest to you. We may make these inferences using models based on a sample set of other users’ health records, which we then compare with information in our databases to create datasets we can use to make certain predictions or inferences regarding characteristics that may apply to you, including the existence of certain medical conditions. The purpose of such advertising is to serve ads better related to products and services that may be relevant to the interests of the individuals seeing them. We may also engage in IBA utilizing PII or Sensitive Health Data.

Retargeting

We may serve ads to you based on your previous visits to a website or clicks on an ad. For example, an advertiser might ask us to display a particular ad to people who have recently visited the advertiser’s website. In some instances, a cookie is placed on your computer while at the advertiser’s site, and when that cookie is seen by us on the website of another company in our Platform, we will deliver the advertiser’s ad there. We may also use information collected from mobile apps and browsers to serve ads across devices for the purpose of linking devices to relevant individuals.

Geo-Fencing

We or our service providers may deliver ads to your mobile device when you are in certain geographic locations. This type of targeted advertising is referred to as “geo-fencing” or “geo-targeting.” Geo-fencing works by placing a “fence” around a certain geographic (“geo”) location.  For example, we or one of our service providers could create a 2 square mile “fence” around a grocery store. When you go inside that fence or target area, we or our service providers may serve you specific ads based on you being in that target area. In the case of the grocery store example, you may, for example, be served ads about the grocery store or a product sold in that grocery store. 

With geo-fencing we do not continuously, periodically, or intermittently track your precise location.  The geo location of your device will, however, be provided to us or one of our service partners when you enter the target area, and we may also be provided other Non-PII. Geo-fencing monitors an area and sends notifications either to an app you have on your mobile device or directly to us or our service providers when the boundary is crossed, either in or out. Those apps use this location information to process status updates only if you have geo-location enabled on your mobile device. We will not target you with ads based on your geo-location unless we believe you have provided consent to do so. 

If you want to limit or prevent location data from being collected from your device you can adjust this capability through your mobile device settings. Please refer to your applicable device settings for instructions on how to manage your location settings. Additional options for opting out of receiving targeted ads can be found in the “Consumer Choice” section below.

What Information Do We Share?

Except as stated in this Privacy Policy, we will not share your PII or Sensitive Data with third parties. We share your PII and Sensitive Data with third parties (i) when we have received assurance from the party who gave us that information that you consented to do so; and (ii) so that third parties may bid, purchase, and target ads to you directly or otherwise use or share that information with others for advertising or marketing purposes. As with targeted ads, we may share your PII with third parties so that they may retarget you as well. We may also remove identifying information from PII (de-identify it) therefore rendering it Non-PII, and share that de-identified information with third parties, such as in segments we create.
We may share Non-PII with third parties. For example, we may provide information to others as to the specific ads to which a segment of end-users was exposed, or we may make certain information, such as certain demographic information, about end-users viewing an ad available to buyers and potential buyers of such ads. We may also disclose how frequently the average end-user requests pages about a certain category (such as health or finance), or which ads a segment of end-user interacts with on domains across our Platform.

Although the Non-PII information that we share, including the Non-PII that is not linked to your computer or mobile device, does not directly identify you personally, there is a risk that third parties who receive such information from us may be able to re-identify you through other information they gather. We request written assurances from third parties that they will not attempt to re-identify non-PII to any particular individual.

In addition to the uses noted in this Privacy Policy, we also may disclose PII and Non-PII (including Sensitive Data) under the following circumstances: (1) if required by law, such as by a court order, statute, regulation, rule or through legal process; (2) in response to requests from federal, state, local, or foreign law and civil enforcement agencies, such as a search warrant, subpoena, or court order, or for law enforcement purposes; (3) in the event of a corporate transaction such as the sale of assets or all or most of PulsePoint’s assets or equity to another company; (4) in the event of a bankruptcy, insolvency, reorganization, receivership, or assignment for the benefit of our creditors; or (5) if we determine it necessary in connection with an investigation or in order to protect our legal rights.

We may also disclose your PII and Non-PII to our affiliates, subcontractors, vendors, and other businesses who provide data processing services to us, or who otherwise process PII for purposes that are either described in this Privacy Policy or notified to you when we collect your PII. For example, we may engage third parties to analyze data or provide marketing assistance. We request written assurances that your information will only be used for the purposes of performing the functions for which we have engaged them.

Legal basis for processing PII (EEA visitors only)
If you are a visitor from the EEA, our legal basis for collecting and using the PII described above will depend on the PII concerned and the specific context in which we collect it.  For further information relevant to EEA visitors, please click here.

How We Use Cookies on our Websites

We and our service providers also collect Non-PII through technologies such as “cookies” and “pixel tags” (which are also called clear GIFs, web beacons, or pixels). “Cookies” are small data files that are stored by your web browser on your computer. When you visit a webpage, the cookie sends back Non-PII. “Pixel tags” are small graphic images (usually invisible) that can be embedded in content and ads on a webpage that track usage of our Platform and effectiveness of communication. These pixel tags can then be used to recognize our cookies and to monitor certain user interactions with a website.

Cookies and these other technologies are useful because they allow us to recognize your device and remember information about you, such as your preferred language and other general settings. Most of the cookies are stored in your browser which usually gives you the ability to manage them (though browsers for mobile devices may not offer this possibility). Cookies play an important role.

You have several choices when it comes to opting-out of the collection of information through cookies. As a member of the NAI, PulsePoint is committed to providing you with information on these opt-out choices. See the “Consumer Choice” section below for ways to opt-out. You can also find information on opting-out on the NAI website. For additional information, please review our Cookie Policy

Consumer Choice

We are committed to following the NAI’s Code of Conduct and complying with the DAA’s Self-Regulatory Principles for Online Behavioral Advertising, which encourage consumer choice.

You may opt-out of our Platform for IBA/OBA. Opting out does not prevent you from seeing ads; it simply means that we will no longer collect data for the purpose of IBA/OBA, and you will no longer receive ads based on your historical viewing interests, personal characteristics, consumer segments, or other information. You may still receive contextual ads, as described above.

We encourage advertisers that place ads through our Platform that are delivered for IBA/OBA to display the DAA’s YourAdChoices Icon, which contains a link consumers may click to understand how their data is being used and see the choices they have to control the collection of data online and the display of ads for IBA/OBA. The DAA offers an opt-out tool to opt-out of the collection of data online and the display of ads for IBA/OBA. More information about the DAA’s YourAdChoices program and its opt-out tool are available here. Opting out from an advertiser will not, however, automatically opt you out of receiving IBA/OBA targeted ads from our Platform, nor from receiving ads. To opt out of targeted ads from our Platform, you may go here. We do, however, require advertisers and publishers with whom we partner to inform us if you opt-out of receiving their ads so that you are not sent those ads from our Platform.

Since we are a member of the NAI, you may also use the NAI’s opt-out tool to opt-out of our collection of data online for IBA and the placement of interest based ads. You may access the NAI’s opt-out tool here.

The DAA and NAI opt-out tools are cookie-based. They signal us so that we do not collect data online or deliver ads for the purpose of IBA/OBA, and only affect the Internet/web browser on the computer where the cookies are installed. These opt-out tools will only function if your browser is set to accept third-party cookies. If you delete an opt-out cookie or all cookies from a browser’s cookie files, change web browsers or change computers, you will no longer be opted out of our data collection and ad targeting, and we may place a new cookie unless an opt-out cookie is again reset on that browser. Opting out using one browser on one computer will not opt you out using any other browser on the same or another computer.

If you are using a mobile device, your mobile device may offer settings to limit or disable mobile apps from gathering certain information. You should check the settings for the app and your device. PulsePoint honors the mobile device settings for Android and Apple iOS devices. To exercise this opt-out, please visit the privacy settings of your device and select “limit ad tracking” (if Apple iOS) or “opt-out of interest based ads” (if Android).  

Collection, Use, and Disclosure of Information by Others

This Privacy Policy applies only to information gathered by us in connection with our Platform. There are other companies involved in collecting information and serving ads. The use of third-party pixels, cookies, and other technologies on websites that end-users visit, in apps that end-users use, and in ads served to end-users should be described by the privacy policies associated with those websites, apps, and ads. We have no responsibility for the collection, use, or disclosure of information by those third parties via such websites, apps, or ads.

Security

We use reasonable security measures to protect the data in our possession. However, no method of transmission or storage of data is 100% secure and we will not be responsible for any damage that results from a security breach of data or the unauthorized access to or use of information, whether PII or Non-PII. To the extent we provide your PII to any third parties, we will request that they use reasonable security measures to protect your information.

Data Retention

Information we acquire through our Platform is generally deleted within 45-60 days, but may be retained in PulsePoint’s internal network for up to 18 months from the date of collection before deletion.

We retain information we collect from you where we have an ongoing legitimate business need to do so (for example, to comply with applicable legal, tax or accounting requirements). 

When we have no ongoing legitimate business need to process your data, we will either delete or anonymize it or, if this is not possible (for example, because your PII has been stored in backup archives), then we will securely store your PII and isolate it from any further processing until deletion is possible. 

Access Requests

If you would like to access, correct, update, or request deletion of your PII we have on file, you may submit such requests here. Alternatively, you may email us at privacy@pulsepoint.com or write to PulsePoint Privacy Department, 360 Madison Avenue, 14th Floor, New York, New York, 10017. We may take reasonable steps to confirm your identity in an effort to prevent identity theft.

Children’s Privacy

In the interest of the privacy of children, we do not knowingly collect information from or target end-users under the age of 18. Our Platform is neither developed for nor directed at children. If we learn we have collected or received information from a child under 18 without verification of parental consent, we will endeavor to delete that information.

Cross-Border Data Transfers

Our Platform is based in the United States, and operates under United States law. If you are located outside of the United States, the information we collect may be transferred to and processed in the United States and in other countries where the privacy laws may not be the same as the laws where you reside and, in some cases, may not be as protective. Additional considerations apply to the collection, use, and disclosure of information from individuals who live in the EEA.

Do Not Track (“DNT”)

DNT is a privacy preference that you may set in certain web browsers. DNT is intended to allow you another method of informing websites and services that you do not want certain information about your website visits collected. We do not currently respond to DNT signals.

Questions and Comments

If you have questions about our Platform and your privacy, please e-mail privacy@pulsepoint.com.