Privacy Policy

Introduction

PT. Yield Marketing Technology (“YMT”, “we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how information is collected, used, and shared when you use Zeststack, our Real Time Bidding Advertising platform (“DSP” or “SSP” “Platform”) that functions as both a demand-side platform (DSP) and a supply-side platform (SSP). Our platform empowers advertisers and advertising agencies to plan, execute, and manage digital advertising campaigns across diverse channels, including websites, mobile applications, connected TVs, audio platforms, digital out-of-home displays, and other digital media. Our Platform leverages real-time bidding (RTB) and data-driven technologies to deliver targeted, relevant advertisements to users while supporting the free and accessible internet by enabling advertisers to fund quality content.

This Privacy Policy outlines how we collect, use, store, share, and protect personal data (or personal information, as defined by applicable law) when you interact with our Platform or encounter advertisements powered by our technology. It applies to:

Platform Users: Our clients (advertisers/agencies) or partners who use our services.

End Users: Individuals who interact with the digital advertising we help deliver.

By engaging with our Platform or ads, you acknowledge and agree to the practices described in this Privacy Policy.

1. Overview of Our Platform

Our Platform serves as a sophisticated technology ecosystem that connects advertisers (the “demand” side) with publishers (the “supply” side) who offer ad spaces on websites, apps, and other digital properties. We facilitate:

  • Real-Time Bidding (RTB): Automated auctions to purchase ad impressions in milliseconds.
  • Audience Targeting: Data-driven strategies to deliver ads to users based on their interests, behaviors, or demographics.
  • Campaign Management: Tools for advertisers to plan, optimize, and measure the performance of their campaigns across channels like display, video, native, audio, and connected TV.
  • Cross-Device Mapping: Linking devices likely used by the same individual or household to improve ad relevance and reduce redundancy.

Our Platform does not include the systems or technologies of our clients or partners, who are subject to their own privacy policies and our contractual requirements when using our services.

2. Platform Scope

  • For advertisers and agencies: we provide DSP services, enabling campaign planning, targeting, bidding, and measurement.
  • For publishers and supply partners: we provide SSP services, facilitating inventory management, ad delivery, and yield optimization.

3. Types of Personal Data We Collect

We collect and process various types of personal data, primarily pseudonymous, to support our advertising services. Personal data refers to any information relating to an identified or identifiable individual, as defined by applicable law.

  • a. Pseudonymous Identifiers
    • Online Identifiers: Unique identifiers such as cookie IDs, mobile device advertising IDs (e.g., Apple’s IDFA, Google’s Advertising ID), IP addresses, and user agent strings (indicating browser or device details).
    • Derived Identifiers: Pseudonymous identifiers created from hashed email addresses, phone numbers, or device/connection information to enable consistent tracking without directly identifying individuals.
    • Device and Browser Information: Details about your device, including type (e.g., smartphone, tablet, CTV), operating system, browser type, version, and settings.
  • b. Usage and Interaction Data
    • Impression Data: Information about ads served, including which ads are displayed, on which website or app, at what time, and how users interact with them (e.g., views, clicks, or conversions).
    • Web Browsing Data: Insights into websites or apps visited, inferred from ad impressions or bid requests, used to understand user interests.
    • Interest and Audience Segments: Inferred interests (e.g., “sports enthusiasts,” “travel lovers”) or demographic data (e.g., age range, gender) based on browsing behavior or provided by clients/partners.
    • Click and Conversion Data: Records of actions taken after viewing an ad, such as clicking a link, downloading an app, or making a purchase.
  • c. Geolocation Data
    • Imprecise Location: City, region, or postal code-level data derived from IP addresses or provided by partners.
    • Precise Location: Latitude/longitude coordinates, where permitted by law and provided by devices or partners, used for analytics.
  • d. Client-Provided Data
    • Advertisers or agencies may upload pseudonymous data to our Platform, such as hashed email addresses, phone numbers, or audience segments, for campaign targeting or measurement. This data is processed on their behalf and subject to their privacy policies and applicable laws.
  • e. Sensitive Data
    • We do not knowingly collect or process sensitive personal data (e.g., data revealing racial or ethnic origins, political opinions, religious beliefs, health, or sexual orientation) unless explicitly permitted by law and with appropriate safeguards (e.g., user consent).
    • If we ever need to process sensitive categories of data, we will obtain explicit consent or ensure another lawful basis under applicable law.
    • Clients are contractually prohibited from uploading sensitive data or data about individuals known to be under 16 without complying with applicable data protection laws.
  • f. Aggregated or Anonymized Data
    • We collect and generate aggregated or anonymized data that does not identify individuals, used for analytics, reporting, or platform improvement.

4. How We Collect Personal Data

We collect personal data through various methods to support our Platform’s functionality:

  • Bid Requests: Supply-side partners (e.g., publishers, apps, or connected TV platforms) send us bid requests describing available ad spaces. These requests include pseudonymous data about the device, user, or location (e.g., IP address, device ID, or geolocation).
  • Cookies and Pixel Tags:
    • Cookies: Small text files stored on your browser (e.g., under our domain [Insert Cookie Domain, e.g., ads.yourdspname.com]) to recognize browsers over time. Our primary cookie, [Your DSP Cookie Name, e.g., DSPID], has a lifespan of [Insert Lifespan, e.g., 1 year], refreshed with each ad interaction.
    • Pixel Tags: Tiny code snippets embedded in websites or ads that collect data like IP addresses, cookie IDs, user agent details, and referral URLs.
  • Mobile SDKs: Software development kits integrated into mobile apps by our partners collect data tied to mobile device IDs for ad targeting and measurement.
  • Client-Uploaded Data: Advertisers or agencies upload pseudonymous data (e.g., hashed identifiers or audience segments) to our Platform for campaign purposes.
  • Third-Party Data Providers: We receive pseudonymous data from data vendors or partners to enhance targeting or analytics, subject to their privacy policies and our contractual terms.
  • Ad Delivery and Measurement: When ads are served, our servers receive data to confirm delivery and track performance (e.g., impressions, clicks).
  • Cookie Syncing: We match our cookie IDs with those of partners to enable consistent targeting across platforms.

5. How We Use Personal Data

We process personal data to deliver, optimize, and measure advertising campaigns, as well as to improve our Platform. Specific purposes include:

  • Ad Delivery and Personalization: Using pseudonymous data to select and deliver ads relevant to users’ interests or behaviors.
  • Frequency Capping: Limiting how often a user sees the same ad to enhance user experience and campaign efficiency.
  • Measurement and Analytics: Tracking ad performance (e.g., impressions, clicks, conversions) to provide insights to clients.
  • Attribution: Linking ad views to subsequent actions (e.g., purchases, app downloads) to measure campaign effectiveness.
  • Cross-Device Mapping: Associating devices likely used by the same individual or household to improve targeting and reduce redundant ads.
  • Audience Segmentation: Creating pseudonymous profiles or group-based interest segments (e.g., “outdoor enthusiasts”) to tailor ads.
  • Fraud Detection and Prevention: Analyzing data to identify and block malicious activity, such as bot-driven ad traffic.
  • Platform Improvement: Using aggregated data to enhance our technology, algorithms, and services.
  • Legal Compliance: Processing data to comply with legal obligations, respond to lawful requests, or protect our rights.

Use of Artificial Intelligence (AI)

We may use AI and machine learning to optimize ad targeting by aligning ads with user interests or content context. For example, AI algorithms analyze browsing patterns to predict which ads are most relevant. You may request details about data used in AI-driven processes or request corrections if you believe the data is inaccurate (see Section 9).

6. How We Share Personal Data

We share personal data only as necessary to provide our services, comply with legal obligations, or support our clients’ advertising objectives. Sharing occurs in the following contexts:

  • Clients and Partners: Advertisers and agencies receive pseudonymous data (e.g., impression data, audience segments, hashed identifiers) to optimize and measure their campaigns.
    We share cookie IDs, hashed identifiers, or device mappings with partners for cookie syncing, cross-device targeting, or measurement.
  • Service Providers:
    We engage vendors (e.g., cloud hosting, analytics, or fraud detection services) to process data on our behalf under strict confidentiality agreements.
  • Supply-Side Partners:
    Publishers or platforms receive bid request data to facilitate ad delivery.
  • Third-Party Platforms: We share pseudonymous identifiers (such as cookie IDs, mobile advertising IDs, or hashed identifiers) with other ad tech platforms to enable consistent targeting or measurement.
  • Legal and Regulatory Authorities: We may disclose data to comply with court orders, subpoenas, or law enforcement requests, or to protect our rights or safety.
  • Business Transfers: In the event of a merger, acquisition, bankruptcy, or asset sale, data may be transferred to a successor entity.
  • Aggregated or De-Identified Data: We may also share non-identifiable, aggregated insights for analytics or reporting.

We do not knowingly sell or share personal data of individuals under 16 years of age.

7. International Data Transfers

  • As a global platform, we may transfer personal data to countries outside of your country of residence (for example, the United States, Singapore, or other regions where our servers or partners operate). When we do so, we ensure that appropriate safeguards are in place to protect your personal data in line with applicable data protection laws. These safeguards may include binding corporate rules, certifications, or other legally recognized mechanisms that ensure equivalent protection.

8. Data Security and Retention

Security Measures

We implement robust technical, organizational, and contractual safeguards to protect personal data, including:

  • Encryption: Data encryption in transit and at rest where feasible.
  • Access Controls: Restricting access to authorized personnel only.
  • Monitoring: Continuous monitoring for unauthorized access or suspicious activity.
  • Vendor Oversight: Contractual obligations for service providers to maintain equivalent security standards.

Despite these measures, no system is entirely secure. We do not guarantee absolute security but strive to protect your data to the fullest extent possible.

Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy or as required by law:

  • Pseudonymous Data: Retained for up to 18 months, after which it is aggregated or de-identified.
  • Interest Segments: Group-based interest data (e.g., “travel enthusiasts”) retained for up to 30 days.
  • Client Data: Retained per client instructions or contractual obligations, typically not exceeding 12 months.
  • Legal Requirements: Data retained as required by law (e.g., for audit or tax purposes) is stored securely and deleted when no longer needed.

9. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal data:

General Rights:

  • Deletion: Request deletion of your data, subject to legal exceptions (e.g., data needed for fraud prevention or legal compliance).
  • Opt-Out: Opt out of targeted advertising, data sales, or sharing (see below for methods).
  • Object/Restrict Processing: Object to or restrict processing for direct marketing or profiling.
  • Withdraw Consent: Revoke consent for data processing where applicable.

Opt-Out Mechanisms:

  • Global Privacy Control (GPC): We honor GPC signals as an opt-out from sales, sharing, or targeted advertising.
  • Mobile Devices: Reset advertising IDs or enable “Limit Ad Tracking” (iOS) or “Opt Out of Ads Personalization” (Android) in device settings.

Exercising Your Rights:

  • Submit requests via privacy@yieldmartech.com
  • We may require identity verification (e.g., browser or device details) to process requests.
  • Responses are provided within 30 days, with extensions communicated if needed.
  • Right to Know: Request details about:
    • Categories of personal data collected (e.g., identifiers, geolocation, inferences).
    • Sources (e.g., bid requests, cookies, client data).
    • Business purposes (e.g., ad delivery, measurement).
    • Third parties with whom data is shared (e.g., clients, service providers).
    • Specific data points (where verifiable).
  • Right to Opt-Out: Opt out of sales or sharing of personal data, including targeted advertising.
  • Right to Limit Sensitive Data: Limit use of precise geolocation or other sensitive data for advertising.
  • Non-Discrimination: We will not discriminate against you for exercising your rights.
  • Authorized Agents: You may designate an agent to submit requests, provided they submit proof of authorization.

Consent Management: We process data based on consent via IAB TCF strings or direct permissions. You may withdraw consent at any time.

10. Children’s Privacy

Our Platform is not intended for individuals under 16 years of age. We do not knowingly collect or process personal data from children. If we discover such data, we will delete it promptly. Contact us at privacy@yieldmartech.com if you believe we have collected data from a child under 16.

11. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. Updates will be posted on our website with a revised “Last Updated” date.

We encourage you to review this policy periodically.

12. Contact Us

For questions, concerns, or to exercise your rights, contact our Privacy Office:

yieldmartech

Email privacy@yieldmartech.com

MENU