Privacy Policy
This Privacy Policy (“Policy”) describes how OpenAds, Inc. (“OpenAds,” “we,” “us,” “our”) collects, uses, discloses, and retains personal information in connection with: (i) our website at openads.ai (the “Website”); (ii) our advertising platform and related products and services (the “Product”); and (iii) the delivery and measurement of advertisements on third-party websites and applications through our supply and demand partners (the “Advertising Services”).
The short version
We do not sell personal information, and we do not “share” personal information for cross-context behavioral advertising (as those terms are defined under the California Consumer Privacy Act, as amended by the CPRA, the “CCPA”).
Delivering and measuring ads involves a limited set of technical data (such as IP address, device and browser attributes, and page URL). We use that data to deliver, render, measure, and secure ads, and we retain it only as described in the Retention section below.
Who this Policy covers
Visitors — people who browse the Website. Customers — advertisers, agencies, publishers, and developers who create accounts or use the Product, including their personnel. End users — people who see ads delivered through the Advertising Services on our partners’ websites and apps.
Where applicable law distinguishes roles: OpenAds acts as the business (or controller) for the Website and the Product. We process Advertising Services data as necessary to provide those services to our customers and partners, including, where applicable law provides, as a “service provider” or “contractor” under the CCPA or a “processor” or sub-processor under the GDPR, subject to contracts that restrict our use of that data.
Personal information we collect
The categories below use the terminology of the CCPA.
Identifiers. From Customers and Visitors who contact us or create accounts: first and last name, email address, telephone number, postal address, and company. From Visitors and End users: IP address; and, where present in partner bid requests, online identifiers such as cookie identifiers, mobile advertising identifiers, or universal/alternative identifiers (see Advertising Services data below for how these are handled).
Sensitive personal information. Account log-in credentials (email address in combination with a password) for Customers, used solely to authenticate access to the Product. We do not currently collect or process any other category of sensitive personal information, and no sensitive personal information is currently processed in the Advertising Services. If that changes we will update this Policy and process the data as a service provider or processor under applicable data processing terms. We do not collect or retain precise geolocation.
Commercial information. Billing and transaction records for Customers. Payments are processed by our payment processor (Stripe); we do not store full payment card numbers.
Internet or other electronic network activity information. Website and Product usage data, such as pages visited, session duration, browser type and language, timestamps, web requests, and the data sent in response to such requests; and the Advertising Services data described below, including page URL and content context and ad delivery and interaction events.
Geolocation data. Coarse location (country, region, city, or DMA) derived from IP address or from geolocation fields in partner bid requests. We do not collect or retain precise geolocation. If precise coordinates are present in a bid request, they are truncated or discarded on receipt.
Professional or employment-related information. Company, role or title, and similar business contact details for Customers and prospective customers.
Inferences. We do not draw inferences about identified or identifiable individuals. Our contextual classifications (for example, topic category or commercial relevance) describe content — not individuals.
We do not collect: characteristics of protected classifications; biometric information; health or medical information; financial account numbers; or audio, video, or similar sensory information about consumers.
Information you give us
We collect the personal data described above when you provide it — for example, by contacting us, creating an account, or purchasing services. Users who connect their Google accounts to OpenAds provide data as permitted by Google’s sharing permissions, which may include Google Contacts (names, email addresses, phone numbers, and other identifying information).
Information collected automatically
We collect data when you visit the Website or use the Product to monitor traffic, fix bugs, and make improvements — for example, web requests, the data sent in response to such requests, IP address, browser type and language, and a timestamp for the request.
Advertising Services data (end users)
When a supply partner (a supply-side platform, exchange, or direct publisher) sends us the opportunity to serve an ad, the request may include: IP address; user agent and device and browser attributes (device type, operating system, browser, language, screen attributes); the page URL and contextual signals about the page or app content; ad unit information; coarse geolocation; privacy preference and consent signals (such as IAB TCF and GPP strings and U.S. state opt-out signals); and, where present, online identifiers (cookie identifiers, mobile advertising identifiers, or universal identifiers).
We use this data to: generate or select contextually relevant creative for the specific impression; render and deliver the ad; count and measure ad requests, impressions, clicks, and viewability, including for billing and for auditing the positioning and quality of ad impressions and compliance with applicable specifications and standards; detect and prevent fraud and invalid traffic and help ensure the security and integrity of our services; and debug to identify and repair errors.
We do not: use Advertising Services data to build profiles of end users; engage in cross-context behavioral advertising; or combine the personal information of opted-out consumers received from or on behalf of one partner with personal information received from other persons or collected from our own interactions with consumers. Where online identifiers are present in a request, we do not currently use them for ad selection or profiling; they may be retained as part of our operational logs as described in the Retention section. Where a customer or partner directs us to process end-user identifiers or other personal information on its behalf, we act as a service provider or processor under that party’s instructions and applicable data processing terms, and we will update this Policy as our practices change. We honor the privacy preference and consent signals transmitted with each request and restrict our processing accordingly.
Ad performance data
We record data relating to the performance of ads served through OpenAds for the purposes of billing, operating our services, and improving them.
How we use personal information
We use personal information to: provide, operate, and maintain the Website, the Product, and the Advertising Services; create and administer accounts and authenticate users; process transactions and billing; communicate with you, including customer support, service notices, and (subject to your right to opt out) information about additional products and services; deliver contextual, non-personalized advertising as part of a consumer’s current interaction with a page or service (short-term, transient use); perform measurement and auditing, including counting ad impressions, verifying the positioning and quality of ad impressions, and auditing compliance with applicable specifications and standards; help ensure security and integrity, including detecting and preventing fraud, invalid traffic, and malicious or unlawful activity; debug to identify and repair errors that impair existing intended functionality; conduct internal research for technological development and demonstration and to improve, upgrade, or enhance our services, using aggregated or de-identified data where feasible; verify and maintain the quality and safety of our services; comply with law, enforce our Terms, and protect rights, property, and safety; and evaluate or complete corporate transactions.
How we disclose personal information
Except as described in this Policy, we do not disclose personal information to third parties without your consent.
Service providers and contractors
We disclose personal information to vendors that process it on our behalf under contracts restricting their use of it, including infrastructure and hosting providers, payment processing, communications and support tooling, and professional advisors.
Advertising partners
Supply partners and exchanges receive the ad markup and the delivery and measurement events necessary to run auctions, render ads, bill, and audit. Customers receive campaign reporting in aggregated form; we do not provide Customers with end-user profiles or end-user identifiers.
Legal
We may disclose personal information to attorneys or law enforcement authorities to address potential illegal behavior, and we disclose information demanded in a court order or otherwise required by law or to prevent imminent harm to persons or property.
Corporate transactions
We may share personal information in connection with a corporate transaction, such as a merger, a sale of our company or of all or substantially all of our assets or of the product or service line you received from us, or a bankruptcy.
Aggregated and de-identified data
We may share aggregated and/or anonymized data with others, including for academic or other public-interest uses. We maintain and use de-identified data without attempting to re-identify it.
In the preceding 12 months, we disclosed the following categories of personal information for business purposes to the categories of recipients above: identifiers; internet or other electronic network activity information; coarse geolocation data; and commercial information. We have not sold or shared personal information in the preceding 12 months, and we have no actual knowledge that we sell or share the personal information of consumers under 16 years of age.
Cookies
The Website and Product use essential and preference cookies so that our Product can remember you and provide you with the information you’re most likely to need, and to compile statistical information about use of our Product, such as the time users spend at the site and the pages they visit most often. We do not use third-party advertising cookies on the Website.
Retention
We retain personal information for no longer than is reasonably necessary for the purposes described in this Policy, including to operate our services, resolve disputes, enforce our agreements, and comply with our legal obligations. We determine retention for each category using the following criteria:
| Data | Retention criteria |
|---|---|
| Bid request and ad-serving logs | Rolling, short-term retention scoped to what is needed for ad delivery, billing verification, discrepancy resolution, fraud and invalid-traffic analysis, and debugging; request-level data is deleted or aggregated once no longer needed for those purposes |
| Measurement and billing event data | The period needed to invoice, resolve billing discrepancies, and satisfy reporting and audit obligations under our agreements with customers and partners |
| Aggregated, de-identified reporting | Retained indefinitely (not personal information) |
| Customer account data | The life of the account plus the wind-down period needed to close out the relationship |
| Billing and financial records | As required by applicable tax, accounting, and corporate law |
| Support and business communications | As needed to provide support, resolve disputes, and maintain business records |
Where a legal obligation, dispute, or audit requires longer retention, we retain the relevant data for the duration of that requirement.
Your privacy rights
United States
Depending on your state of residence, you may have the right to: know and access the personal information we have collected about you; delete it; correct inaccuracies; receive a portable copy; opt out of the sale or sharing of personal information or its use for targeted advertising (we do not sell or share personal information or engage in targeted advertising as defined by these laws); limit the use of sensitive personal information (our only sensitive personal information — account log-in credentials — is used solely for authentication); and not receive discriminatory treatment for exercising your rights.
To exercise these rights, email privacy@openads.ai. We will verify your request using information associated with your account or prior interactions with us, and we will respond within the time required by applicable law (generally 45 days, extendable where permitted). You may use an authorized agent, in which case we may require proof of authorization and verification of your identity. If we decline a request, you may appeal by replying to our response or emailing privacy@openads.ai with the subject line “Appeal.”
A note for end users: we generally cannot identify an individual end user from Advertising Services data alone, and we will not collect additional information in order to do so. Where we cannot verifiably associate you with data we hold, we will explain that in our response; you may also direct requests to the publisher or service where you saw the ad, and we assist our partners and customers in handling consumer requests as required by our contracts and by law.
Opt-out preference signals. We honor the Global Privacy Control (GPC). Because we do not sell or share personal information, a GPC signal does not change our processing, but we treat it as a valid opt-out where required by law. Within the Advertising Services, we honor the opt-out and consent signals (such as TCF, GPP, and U.S. state opt-out strings) transmitted with each ad request.
European Economic Area and United Kingdom
If you are in the EEA or UK, we process your personal data on the following legal bases: your consent (for example, consent collected by publishers through consent management platforms and passed to us with an ad request, or your consent to optional communications); performance of a contract (for Customers); our legitimate interests (delivering and measuring contextual advertising, securing our services, and improving the Product), where not overridden by your rights; and compliance with legal obligations.
You have the right to: access, update, or delete your personal data; rectification of inaccurate or incomplete data; object to our processing; restriction of processing; data portability — a copy of your data in a structured, machine-readable, commonly used format; withdraw consent at any time; and complain to a supervisory authority in the EEA or UK about our handling of your personal data.
We process personal data in the United States. Where personal data is transferred from the EEA or UK, we use appropriate safeguards, including Standard Contractual Clauses where required. To exercise your rights, contact privacy@openads.ai.
Do Not Track and tracking
We do not track users over time and across third-party websites, and we have not authorized any third party to track consumers or visitors while they are on our Website. Because we do not engage in cross-site tracking, our practices do not change in response to Do Not Track browser signals; we honor the Global Privacy Control as described above.
Protection of personal data
We employ reasonable methods and data security tools consistent with industry practices to protect your personal data. Information you submit to or receive from our Product is sent using an encrypted TLS (SSL) connection. Unfortunately, even with these measures, we cannot guarantee the security of personal data. By using our Website, you acknowledge and agree that we make no such guarantee, and that you use our Product at your own risk.
About children
The Product is not intended for children under the age of 18. We do not knowingly collect personally identifiable information via our Website or Product from visitors in this age group, and we do not knowingly sell or share the personal information of consumers under 16 years of age.
Data portability
You may request a copy of the data you have given OpenAds by emailing us at support@openads.ai or privacy@openads.ai.
Waiver and severability
No waiver by OpenAds of any term or condition set forth in this Policy shall be deemed a further or continuing waiver of such term or condition or a waiver of any other term or condition, and any failure of OpenAds to assert a right or provision under this Policy shall not constitute a waiver of such right or provision. The invalidity or unenforceability of any provision of this Policy will in no way affect the validity or enforceability of any other provision.
Amendment of this Privacy Policy
We may change this Policy at any time by posting a new version on this page. The new version will become effective seven days after it is posted, which will be listed at the top of the page as the new Last Updated date.
Contacting us
For questions about this Privacy Policy, or to exercise any of the rights described above, contact us at privacy@openads.ai, or by mail at OpenAds Inc., 49 Park Ave New York, NY 10016.