Advertiser Platform Privacy Policy

PubMatic Platform Privacy Policy

This page is about the privacy practices on PubMatic’s Advertising Platform and the personal information it uses to deliver advertising and perform related activities.

Last Updated: November 21, 2024

PubMatic is an advertising technology company that provides a variety of online advertising-related services (see “Who We Are“). Any reference to “you”, “your”, “user(s)”, “individual(s)”, “data subject(s)”, implies the “End User(s)” who accesses websites, apps, or other digital properties that are being monetized through our Ad Services (defined below) so that we may deliver advertising and perform related activities (see “About Us and Our Services”). We want you to be familiar with how we collect, use, and share personal information and how you can exercise the privacy rights and choices available to you. This privacy policy (“Policy” or the “Platform Privacy Policy”) covers the personal information that we may process about you. If you are interested in our corporate and website privacy policy, which governs the personal information PubMatic collects about individuals when they visit, use, or interact with: (i) www.pubmatic.com and other websites operated by us, including PubMatic’s Client interfaces (the “Websites”); (ii) our social media pages (our “Social Media Pages”) and (iii) our events, sales and marketing activities (collectively, “PubMatic Properties”), please review our Website Privacy Policy. If you are interested in our applicant privacy practices, please review our Careers Privacy Policy.

Your Privacy Choices
Please visit https://pubmatic.com/legal/opt-out/ to go directly to the interest-based advertising opt-outs we offer.

TABLE OF CONTENTS: We recognize that reading and understanding privacy practices can be difficult and time-consuming. While we recommend that you read this document in its entirety, to make this process easier for you, we have taken steps to simplify it and provide the following quick links to make it easier to navigate.

WHO WE ARE
ABOUT US AND OUR AD SERVICES
PUBMATIC’S AD SERVICES & PRIVACY
1. AT A GLANCE
2. PUBMATIC’S AD SERVICES & PRIVACY – FULL POLICY
  1. USER INFORMATION WE COLLECT
  2. HOW WE USE THE USER INFORMATION
3. HOW WE DISCLOSE USER INFORMATION
YOUR CHOICES AND DATA PROTECTION RIGHTS
1. YOUR PRIVACY CHOICES
2. YOUR DATA RIGHTS
ADDITIONAL INFORMATION FOR RESIDENTS SUBJECT TO STATE PRIVACY
LAWS
ADDITIONAL INFORMATION FOR DATA SUBJECTS IN THE EEA, UK, AND
SWITZERLAND
1. INTERNATIONAL DATA TRANSFERS
2. DATA PRIVACY FRAMEWORK
RETENTION OF USER INFORMATION
SECURITY
UPDATES TO THIS POLICY
CONTACTING US

—

WHO WE ARE
Any reference to “PubMatic” “we”, “us” or “our” means PubMatic, Inc. and its global subsidiaries including, as of the effective date of this Platform Privacy Policy, PubMatic Limited, PubMatic GmbH, PubMatic India Private Limited, パブティック株式会社 (PubMatic KK), PubMatic Pte. Ltd. and 据翼软件科技有限公司 (PubMatic Software (Shanghai)) Limited.

To get in touch with us, please see the “Contacting Us” section of this document.

ABOUT US AND OUR AD SERVICES
PubMatic provides technology via our advertising platform (the “Platform”) and related advertising tools (collectively the “Ad Services”) that allow Publishers to make space on their websites, mobile apps, internet-connected or over-the-top TV (known as ‘CTV’ and ‘OTT TV,’ respectively), or other digital properties available to show ads in order to generate revenue (what the advertising industry refers to as a ‘Supply Side Platform’ or ‘SSP’) and buyers to purchase the available space to display ads on these digital properties. In this Policy, we refer to those involved in selling ad space collectively as “Publishers”, those looking to buy ad space collectively as “Media Buyers” (including, for example advertisers, ad agencies, Demand-Side partners) and Media Buyers and Publishers together as “Clients.” Our Ad Services help Clients display relevant online advertising to the End Users who interact with Publishers’ digital properties and engage in planning and measurement to understand how these ads perform. This Policy applies only when we act as a “data controller” and not when we are a processor or service provider acting on behalf of our Clients.

PUBMATIC’S AD SERVICES & PRIVACY

AT A GLANCE
This section serves as a summary of our personal information handling practices and does not replace our full Policy found below.

Please note the following terms that are used in this summary:

Pseudonymous user data – personal data that can no longer be attributed to a specific data subject without further technical processing or the use of additional data.
ID syncing – the matching of two or more unique identifiers linked to the same individual.
Cookies and online identifiers – cookies are small text files that are stored on a user’s browser; online identifiers are often used in lieu of cookies. Similar technologies such as pixels and web beacons, device fingerprinting technologies, local storage, and eTags (collectively, ”Cookies”) also allow access to, or storage of, information on a user’s browser or device. These technologies enable various online functionalities (including recognizing and tracking browsing behavior).

What We Do:	Provide Advertising technology for managing digital advertising campaigns and for monetizing digital properties.
User Information We Collect:	Pseudonymous User Information such as: Unique online and device identifiers Mobile device advertising identifiers IP addresses Browser and device information Web browsing history from advertising impressions Information about an individual’s engagement with ads Information about an individual’s behavior on Digital Properties
Data We May Receive From Partners For Use in Connection With Our Ad Services:	User Information such as: Demographic data Geolocation Information, including precise geolocation data Obfuscated user identifiers such as hashed email addresses Pseudonymous personal information (see “User Information We Collect” above) ID Syncing data
How The Ad Services Collect Data:	Some of the ways our Ad Services collect User Information: from Publishers passing us information so that we can help them monetize ad inventory space on their digital properties from Clients uploading data onto our platform from Clients using our technology (including Cookies) to gather data through the process of serving ads (including how you interact with an ad)
Data Our Ad Services Do Not Collect:	PubMatic’s Ad Services do not collect directly identifiable personal information, including, for example: PubMatic does not collect your email address PubMatic does not collect your physical address PubMatic does not collect your phone number PubMatic does not collect your social security number PubMatic does not collect your name
How We Use the Data We Collect:	The Ad Services processes the User Information we collect for advertising purposes, including: Personalizing ads Delivering ads Limiting the number of times you see an ad (called “frequency capping”) Measuring the effectiveness of ads and ad campaigns Reporting on ad campaigns to our Clients Maintaining records or transactions, user actions and conversions Attributing purchases or other actions taken by a user to ads Associating devices or identifiers that may be related to each other Preventing malicious or fraudulent activity Improving our Ad Services Location based advertising Service support and diagnostics Administration of our business
How We Disclose the Data We Collect:	We disclose User Information that we collect to: Media Buyers, as a way of informing them about the potential audience for their ads if they purchase a Publisher’s advertising inventory Clients, to help them improve the effectiveness of their – and their client’s – ads Service providers, Vendors, and Subprocessors Where we think we’re required to by law or where we have determined that we need to in order to defend or bring a legal claim.

PUBMATIC’S AD SERVICES &
PRIVACY – FULL POLICY

USER INFORMATION WE COLLECT
When you visit or use a digital property that uses our technology, we (and our Clients) use and deploy Cookies to automatically collect certain information about you and your computer or other devices, such as your mobile device, CTV, or OTT TV device. While none of this technology provides us with directly identifiable information (meaning, it doesn’t include your name, clear text email address, phone number), it may be considered “personal data” or “personal information” in some jurisdictions. Altogether, the personal data or personal information discussed in this policy shall be “User Information.” PubMatic collects or assigns pseudonymous identifiers (“Online Identifiers”) to your browser or other devices to enable our Ad Services to determine within a reasonable level of confidence that a browser or device is the same with which our Ad Services have previously interacted. These identifiers include:
- cookie IDs (a unique ID randomly assigned by PubMatic to a browser);
- unique online IDs (“UUID”) created by identity providers and used by our Clients;
- mobile advertising IDs (a unique ID assigned by the mobile operating system (e.g., Apple ID for Advertising or Android Advertising ID)); or
- CTV or OTT TV device identifier for advertising (a unique ID assigned by the OTT or CTV publisher).
If we (or our Media Buyers) can identify a browser or device, it increases the value of that advertisement to provide more content for you to enjoy. To opt out of our use of such technologies for interest-based advertising purposes, please follow the instructions for opting out, as described in “Your Opt-Out Choices” below. See PubMatic’s Platform Cookie and Other Similar Technologies Policy for more information on how PubMatic uses cookies and other similar technologies.

Our Ad Services may also automatically collect the following information and associate it with one of the identifiers described above (also User Information:
- Browser and Device Information, such as the IP address you use to connect to an online service; device type and model; manufacturer; operating system type and version (e.g. iOS or Android); web browser type and version (e.g., Chrome or Safari); user-agent; carrier name; time zone; network connection type (e.g., Wi-Fi or cellular); and information about our Publisher’s apps and versions currently active on a device.
- Information about an End User’s behavior on our Publishers digital properties (“Behavioral Information“), such as information about how you interact with the pages of those digital properties, session start/stop time, and precise geolocation (including latitude and longitude coordinates, but only if the Publisher’s digital property has enabled location services on the device and the End User has granted the Publisher permission to collect and share this information for advertising purposes).
- Information about ads serviced, viewed, or clicked on, such as the type of ad, where the ad was served, whether the End User interacted with the ad, the number of times an End User has seen the ad, and whether the End User visited the Media Buyer’s website or relevant app store and/or purchased or installed the product or service advertised (“Ad Interaction“).
- Information about your location, which we may derive from the approximate location of your device via your IP address (“Geolocation Information”).
User Information we receive from third parties
We may also combine, merge and/or augment the User Information we collect about you with information received from Publishers and other Clients (such as our data providers) and may include:
- Demographic or interest data, obfuscated user identifiers such as UUIDs, hashed email addresses and/or hashed phone numbers, and content viewed (“Partner Provided Information“). We do not intentionally collect or process sensitive User Information (e.g., social security numbers) and attempt to prohibit our Clients and partners from passing any such information to PubMatic.
- Precise geolocation information collected through Digital Properties. We will not use precise geolocation information for interest-based advertising without your opt-in consent (“Geolocation”). We use this Geolocation to derive regions for ad performance reporting.
- We work with Clients to help create or obtain groupings of End Users by one or more attributes (e.g., ‘cycling enthusiast’) for advertising purposes (“Audience Segments”).

HOW WE USE THE USER INFORMATION
We process and/or disclose User Information for various business purposes, including to provide the Ad Services and to operate our business. This section will describe those purposes in detail and includes our data processing practices.
Numerous states within the United States have enacted consumer privacy laws that grant their residents certain rights and require additional disclosures (“State Privacy Laws”). If you are a resident of one of these states, this section applies to you.
Likewise, those located in the EEA or UK are also afforded various rights, including additional disclosures (“UK & Europe Privacy Laws”). Under UK & Europe Privacy Laws, we have established a legal basis for processing your personal information. In most instances, consent is the basis for PubMatic’s processing of User Information. If you do not consent with respect to PubMatic’s SSP, PubMatic may still solicit bids for advertising to be displayed to you but will not process your personal information. In some circumstances we may rely on our legitimate interest to collect and use your personal information, except where such interests are overridden by your data protection interests or fundamental rights and freedoms. For example, we may use any of the data described in this Policy for the secondary purpose of detecting, preventing or otherwise addressing fraud, security, or technical issues, as well as to protect against harm to our rights, property, or safety, or that of the public. This is necessary for us to pursue our, your and our partners’ legitimate interests. If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “Contacting Us” heading below. Please note that we take appropriate measures to ensure that any processing of User Information is done in accordance with applicable privacy laws and regulations, and with care for protecting your privacy and User Information. Serve and Deliver Ads (Ad Services). Generally, we process User Information to provide our products and services (including the Ad Services) as described in this Platform Privacy Policy. This is what allows Publishers to offer advertising inventory in their Digital Properties and Media Buyers to bid on and fill that inventory with relevant ads, as well as to determine inventory value and to inform bid decisions (i.e., whether to purchase an ad impression or not, for creating segments for End Users matching, targeting of lookalike audiences or retargeting users). For example, when a Publisher has potential ad inventory to offer, we will send a “bid request” to Media Buyers which includes the information detailed in this privacy policy so that Media Buyers can determine if they want to purchase the ad impression.
Ad Reporting. Provide information and reports to Media Buyers about when and how End Users have been exposed to their ads, clicked on their ads, or visited their Digital Property (including whether an advertised app has been installed). This information is used to analyze an advertising campaign’s performance.
Frequency Capping. Using information from our Ad Services to prevent seeing the same ad too many times.

Targeted Advertising. The method by which we predict likely commercial interests (e.g., sports or travel) based on activities across websites, mobile apps, and other Digital Properties over time. We will also supplement User Information with additional information we receive from third parties, such as third-party advertising segments or audiences, to allow us to customize and more effectively tailor the ads we display to End Users and to optimize the display of ads (including limiting exposure to less relevant ads).

Location Based Advertising. Location-based advertising, services, and content delivered in real-time using your device’s physical location (where permitted by law).

ID Syncs. We may disclose cookie values to other advertising technology platforms so that they may match their identifier to our identifier.

Fraud Detection & Prevention (Security). Identify invalid ad impressions, clicks, installs, or ad queries, protect us and our Publishers from fraudulent behavior, and protect the security of the Ad Services.

Business Operations & Improving the Ad Services. These purposes include several processing activities supporting our ability to run the business for our Clients, such as to:

Facilitate navigation, display information more effectively, and to personalize your experience while using the Ad Services, as well as auditing, researching, and analyzing information to provide, protect, manage, and improve our Ad Services, develop new services, and ensure that our technologies function properly.
Calculate Ad Services usage levels, help diagnose server problems and administer the Ad Services.
Operate our business, such as billing, support, accounting, improving our internal operations, securing our systems, detecting fraudulent or illegal activity, and meeting our legal obligations.
We may disclose User Information to our service providers that store or process the User Information in furtherance of the services we offer via our Ad Services and on our behalf.

The following table illustrates the categories of User Information processed for each business purpose, the lawful basis under which we process User Information, and the categories of recipients of User Information where we engage third parties to augment our ability to provide the Ad Services.

	Purpose of Use
	Serve & Deliver Ads (Ad Services)	Ad Reporting	Frequency Capping	Targeted Advertising	Location Based Advertising	ID Syncs	Fraud Detection & Prevention (Security)	Business Operations & Improving the Ad Services
Categories of Personal Data
Online Identifiers	x			x		x		x
Demographic Information	x			x				x
Browser and Device Information	x	x	x	x	x	x	x	x
Behavioral Information	x	x		x			x	x
Ad Interaction	x	x		x			x	x
Partner Provided Information	x			x				x
Geolocation Information & Geolocation	x			x	x			x
Audience Segments	x			x				x
Lawful Basis (UK / EEA)	Consent	Consent	Legitimate Interest	Consent	Consent	Consent	Legitimate Interest	Legitimate Interest
Categories of Recipients
Affiliates	x	x	x	x	x	x	x	x
Clients	x	x		x	x	x
Attribution & Analytics Partners	x	x		x	x
Service Providers/ Sub processors & Consultants	x	x	x	x	x	x	x	x

We may disclose User Information in accordance with applicable laws, both within and outside of an individual’s country of residence for specific situations which include:

Where we need to comply with legal obligations or respond to requests from public and government authorities, even if they are outside your country of residence.
To enforce our terms and conditions, protect our operations or the operations of our affiliates, safeguard our rights, privacy, safety, or property, as well as the rights, privacy, safety, or property of our affiliates, you, or others;
When necessary to establish or exercise our legal rights or defend against legal claims; and
In connection with a corporate merger, consolidation, sale of assets, bankruptcy, or other corporate change.

Cross-device and Cross-app targeting
Cross-device and cross-app targeting are strategies employed in digital advertising to effectively connect and interact with individuals across multiple devices and different mobile applications. These strategies aim to enhance the advertising experience by delivering more relevant and personalized ads to you, regardless of the devices or mobile apps you use.

Our Publishers, Media Buyers, and Clients may use information that we share with them to establish connections among related devices (such as smartphones, tablets, and computers) for targeted advertising, analytics, and reporting purposes. They may create a match between your devices if you log into the same online service on multiple devices or web browsers, or if your devices share similar attributes that support an inference that they are used by you or someone in your household. For example, Media Buyers may deliver ads on a tablet based on activities you engaged in on your smartphone. To opt out of cross-device targeting practices, please follow the instructions located at “Opting Out of Cross-Device Targeting.”

Our Publishers and Clients also may use information about your activity across multiple, unaffiliated third-party mobile applications for targeted advertising, analytics, and reporting purposes. For example, if you use a travel app, these third parties may display travel-related ads to you on other, unrelated apps.

To opt out of cross-app targeting practices, please follow the instructions located at “Opting Out of Interest-Based Advertising for Mobile Advertising Identifiers” in the “Your Privacy Choices” section of the Opt Out webpage.

HOW WE DISCLOSE USER INFORMATION
Because of the role that PubMatic plays in the advertising ecosystem, many of the use cases described above involve a transfer of data to third parties – often to a Publisher or a Media Buyer. For example, when a Publisher works with us to fill an ad on one of their digital properties, we share information with Media Buyers so that they can determine whether they want to show an ad on that property, how much they want to spend on that ad impression, and what ad to show. More detail on these disclosures is provided below. For the purposes described in this Policy, we share your User Information with the following categories of recipients:

Our affiliates: We may disclose your information to our affiliates (see “Who We Are“) who provide data processing and business administration support for the purposes described in this Policy. PubMatic, Inc., is the party responsible for the management of your User Information jointly used by it and its affiliates.
Third party service providers and partners: We may disclose your information to our third party service providers and partners who provide data processing services to support the delivery of our Ad Services, or who have a key function in the online advertising ecosystem and with whom it is necessary for PubMatic to exchange information in order to deliver the Ad Services, in each case for purposes described in this Policy.

The following table lists the main categories third party service providers we engage to process your User Information and partners with whom information is exchanged, the nature of the services or role they provide, and the types of User Information they receive in order to provide these services / fulfill their role.

Category of Service Provider or Partner	Nature of Services / Information Sharing	User Information
Publishers	We may disclose data collected through our Ad Services to our Publishers to allow them to analyse the effectiveness and performance of our Ad Services and to offer targeted ad inventory to our Media Buyer Clients.	Browser and Device Information; Behavioral Information; Ad Interaction; Geolocation; Audience Segments; ID Sync Data
Media Buyers	We may share data we collect in connection with our Ad Services with our Media Buyer Clients for purposes relevant to our business relationships with them, such as for billing purposes, dispute resolution, or fraud prevention. This data is also allows them to make decisions regarding buying advertising inventory on Publishers’ Digital Properties and other websites and applications; to analyze the effectiveness and performance of their advertising campaigns via our services; and to enable our Media Buyer Clients to provide you with more personalized content.	Browser and Device Information; Behavioral Information; Ad Interaction; Partner Provided Information; Geolocation; Audience Segments; ID Sync Data; Business Administration Information.
Other Clients	We may share certain data we collect in connection with our Ad Services with brands, agencies and other interested third parties to help them better identify and validate commercial opportunities, promote transparency, and protect against fraud.	Browser and Device Information; Behavioral Information; Ad Interaction; Publisher Provided Information; Geolocation; Audience Segments; ID Sync Data
Attribution and Analytics Partners	We may share data (such as cookie ID, mobile device ID, or other unique identifier) with our (or our Publisher or Media Buyer’s) attribution and analytics partners to validate and measure the success and effectiveness of ads delivered via the Platform.	Browser and Device Information; Behavioral Information; Ad Interaction; Partner Provided Information; Geolocation; Audience Segments; ID Sync Data
IT service providers	IT service providers work on behalf of or with us to allow us to operate the Ad Services, and typically provide services such as data storage, data processing services, hosting services, and technical support.	Browser and Device Information; Behavioral Information; Ad Interaction; Publisher Provided Information; Geolocation; Audience Segments; ID Sync Data
Professional service providers	Professional service providers may be persons, companies or professional firms providing us with advice and consulting in areas such as lead management, campaign management, legal services, accountancy services, and fraud prevention.	Potentially all data types.

Other third parties:
- Buyers of some or part of our business: We may share your information with a third party in the event of a contemplated or actual reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).
- For legal purposes: We may share your information as we believe to be necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with subpoenas, warrants, or other legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (g) to allow us to establish or exercise our legal rights or defend against legal claims.
- With consent: We may disclose an individual’s information to others with the individual’s consent to such disclosure.

YOUR PRIVACY CHOICES AND DATA RIGHTS
1. Your Privacy Choices
  Cookies
  To opt out of receiving advertising targeted to your interests (including retargeting) from our Ad Services through the use of cookies in your current browser, and for more information on what it means to opt out, please go to https://pubmatic.com/legal/opt-out/. Your opt-out choice will be linked to your browser only; therefore, you will need to renew your opt-out choice if you use a new device or browser, or if you clear your browser’s cookies. See PubMatic’s Ad Services or “Platform Cookie Policy”for more information on how PubMatic uses cookies and other similar technologies.
  
  Mobile Apps
  Your device may also include a feature that allows you to opt in to or out of having certain information collected through mobile apps used for targeted advertising purposes.
  
  Connected TVs
  Our Clients and partners may display interest-based advertising on CTVs (also known as smart TVs or connected devices), based on your use of CTVs over time and across non-affiliated CTV apps. To learn more about these practices and how to opt out, please review your connect TV’s settings menu and visit https://thenai.org/opt-out/connected-tv-choices/.
  
  Industry Opt Outs
  We are a member of the Network Advertising Initiative (NAI). We also adhere to the Digital Advertising Alliance’s (DAA) Self-Regulatory Principles for Online Behavioral Advertising and Multi-Site Data, the Application of Self-Regulatory Principles to the Mobile Environment, and the Application of the DAA Principles of Transparency and Control to Data Used Across Devices. PubMatic also adheres to the Interactive Advertising Bureau (“IAB”) Code of Conduct, and actively participates in the IAB Europe Transparency & Consent Framework (TCF 2). We comply with IAB’s Specifications and Policies under vendor identification number 76. Please visit optout. networkadvertising.org, or optout.aboutads.info to learn how to exercise choice regarding the collection of information about your online activities over time and across multiple third-party websites, online services, devices, or applications for interest-based advertising purposes.
  
  Some of our Publishers have their own opt-out mechanisms that are linked from their sites, which you should review if you no longer wish to receive targeted advertising from a particular company.
2. Your Data Rights Individuals may be entitled to exercise certain data subject rights available under applicable laws. These rights may include the right to request access to User Information we hold. Individuals may also have the right to object to, or request that we restrict, processing of User Information, such as profiling we perform for the purpose of interest-based advertising. Individuals may also have the right to ask that User Information be corrected, erased, or transferred to another party. Where we have asked for consent to process data, consent may be withdrawn.
  To make a request to exercise your data rights with respect to your User Information, please visit our DSR Notice Page. We will take steps to verify your request, such as by asking you to provide confirmation that you control the device to which the request relates. We reserve the right to confirm your residence to accurately process your request and will need to confirm your identity to process your requests to exercise your right to know/access, delete, and correct. This is a security measure to, for example, help ensure we do not disclose information to a person who is not entitled to receive it. The identity verification process may vary depending on how you submit your request. We will only ask for information that we process to verify your identity, such as a cookie ID or mobile advertising ID.
  
  Appeals
  
  If we deny your request, you may have the right to appeal our decision by contacting us at pubmaticprivacy[at]pubmatic[.]com. If you have concerns about the result of an appeal, you may contact the attorney general in the state where you reside.
  
  Authorized Agents
  
  If you are submitting a rights request as an authorized agent, you are required to submit proof of your identity, and proof of authorization to make the request, such as a valid power of attorney or signed permission from the individual who is the subject of the request. In some cases, we may ask the individual to confirm they have given you permission to make the request. Please be advised that we cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it. If you are an authorized agent seeking to make a request for an individual, please visit our DSR Notice Page.
  
  Nondiscrimination
  
  We will not discriminate against you for exercising your privacy rights.

ADDITIONAL INFORMATION FOR RESIDENTS SUBJECT TO STATE PRIVACY LAWS
Depending on your state of residence, you may have the right to request access to, or deletion or correction of, your User Information. To make such a request with respect to your User Information, please visit our DSR Notice Page. We will take steps to verify your request, such as by asking you to provide confirmation that you control the device to which the request relates.

Personal Information that May Be “Shared,” “Sold,” or processed for “Targeted Advertising” & Your Opt-Out Rights under State Privacy Laws

As described in this Platform Privacy Policy, we process information to personalize and deliver ads, and for other ads-related purposes, including to build interest segments. Some of these activities may be considered “sales” or “sharing” of your personal information or using your information for purposes of “targeted advertising” under certain State Privacy Laws. We do not knowingly sell or share personal information about consumers under the age of 18.

If you reside in California, you may also opt out of web-based sales and sharing via our browser cookie by visiting the digital properties of our Clients with a legally-recognized opt-out preference signal enabled, such as the Global Privacy Control.

Categories of Personal Information

Categories of Recipients

Identifiers (such as cookie IDs and device and advertising IDs)
Demographic information (such as age and gender)
Commercial information (such as apps you download, purchases you make, and other conversion activities)
Internet or other electronic network activity information (such as Publishers’ digital properties that you visit and ads you click on)
Geolocation information, (such as inferred location based on IP address or other types of information that may include precise geolocation information)
Inferences (such as interests associated with a cookie ID based on Publisher digital properties you visit)

Our Clients
Third party data partners
Other Publishers and advertising intermediaries

Please visit CCPA Privacy Policy
to review our CPRA and Data Broker Metrics

ADDITIONAL INFORMATION FOR DATA SUBJECTS IN THE EEA, UK, AND SWITZERLAND Depending on your location, you may have data subject rights (“DSR”s) described in the “Your Data Rights” section above; these rights are applicable, for example, to individuals located in the European Economic Area (“EEA”), United Kingdom (“UK”) and Switzerland. In order to exercise your rights under applicable laws, please visit our DSR Notice Page, which includes instructions for how to submit a request and details regarding our process for responding to requests.
If we have collected and processed your User Information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your User Information conducted in reliance on lawful processing grounds other than consent.

If you are located in the EEA or the UK, you may also have the right to complain to a Data Protection Authority about our collection and use of your User Information. For more information, please contact your local Data Protection Authority.
- EEA Data Protection Authority member list
- UK Information Commissioner’s Office
Please note that because most of the personal information we store can only identify a particular browser or device, and cannot directly identify you personally, you may need to provide us with additional information to enable us to identify the User Information we hold about you and ensure that we accurately fulfill your request and do not infringe on the privacy rights of other individuals.
1. INTERNATIONAL DATA TRANSERS
  In connection with the PubMatic Properties and Ad Services, your User Information may be transferred to, and processed by PubMatic, its service providers, and partners in countries other than the country in which you are resident, including in the United States, India, and other locations where we have offices or employees (please see our Locations page for a full list) or engage service providers or our partners. These countries may have data protection laws that are different from the laws of your country of residence and may not provide the same level of protection as your jurisdiction. Regardless of where your data is located, PubMatic shall process your User Information in accordance with this Platform Privacy Policy.
  
  If you are located in the EEA, UK or Switzerland, we will protect your User Information when it is transferred outside of your jurisdiction by (i) processing it in compliance with the Data-Privacy Framework (as applicable, defined below); (ii) processing it in a territory that provides an adequate level of protection for User Informationbased on the receiving country’s data protection laws; or (iii) to the extent that the Data Privacy Framework is unavailable and the recipient country has not been deemed to provide adequate protection, implementing appropriate safeguards to protect your User Information, such as requiring the recipient to comply with the EU Standard Contractual Clauses, or another lawful and approved transfer mechanism. Where we transfer User Information originating in the EEA, UK or Switzerland pursuant to a contract incorporating the EU Standard Contractual Clauses or another lawful and approved transfer mechanism, you may request a copy of such transfer mechanism (subject to the removal of confidential or commercially sensitive information).
2. DATA-PRIVACY FRAMEWORK PubMatic, Inc. complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce (together, referred to herein as the “Data Privacy Framework”). PubMatic, Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regards to the processing of User Information received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. PubMatic, Inc. has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regards to the processing of User Information received from Switzerland in reliance on the Swiss-U.S. DPF. Further, PubMatic is responsible for the processing of personal data it receives, under the EU-U.S. DPF, and subsequently transfers to a third party acting as an agent on its behalf. PubMatic complies with EU-U.S. DPF Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions. If there is any conflict between the terms in this Platform Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the applicable Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/
  The Federal Trade Commission has jurisdiction over PubMatic, Inc’s compliance with the Data Privacy Framework. In certain situations, we may be required to disclose User Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. In compliance with the Data Privacy Framework, PubMatic, Inc. commits to refer unresolved complaints concerning our handling of User Information received in reliance on EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF with our Data Protection Officer at dpo[at]pubmatic[.]com. Additionally, PubMatic commits to refer unresolved complaints concerning our handling of personal data received in reliance on EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF to our U.S.-based third-party dispute resolution provider (free of charge), TRUSTe. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit at https://feedback-form.truste.com/watchdog/request for more information or to file a complaint. The services of TRUSTe are provided at no cost to you.
  
  If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, if we have not addressed your DPF Principles-related complaint to your satisfaction, or we are not able to resolve the issue, individuals have the right to lodge a complaint with their local data privacy authority. For contact details of local Data Protection Authorities, please visit the European Data Protection Board member list (https://www.edpb.europa.eu/about-edpb/about-edpb/members_en) or the UK data protection regulator (https://ico.org.uk/global/contact-us/).
  
  PubMatic GmbH acts as our EU Representative. If you wish to exercise your rights under the EU General Data Protection Regulation (EU GDPR) or have any queries in relation to your rights or general privacy matters, please write to: Attn: EEA Representative, PubMatic GmbH, Barbara Strozzilaan 101, 1083 HN Amsterdam Netherlands.
  
  Under certain conditions, more fully described on the DPF website, https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2 you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

RETENTION OF USER INFORMATION
We will retain User Information for as long as necessary to fulfill the purpose of collection, including for the purposes of satisfying any business, legal, regulatory, accounting, or reporting requirements; to establish and defend legal claims; for fraud prevention purposes; or as long as required to meet our legal obligations. To determine the appropriate retention period for User Information, we consider the volume, nature, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure of that data, the purposes for which we process the data and whether we can achieve those purposes through other means, along with any applicable legal requirements.

The following represents the retention periods of User Information, by data type. For clarity, we will revise these periods as required or permitted by law.

USER INFORMATION	RETENTION PERIOD
Pseudonymous and/or obfuscated identifiers (e.g., Cookies, unique online IDs, mobile device advertising IDs, CTV/OTT ID, IP address, browser and/or device information, hashed emails, ID Syncing data); and Geolocation data)	20 days
Information linked to pseudonymous identifiers (e.g., web browsing history from advertising impressions; ad engagement statistics; digital property engagement analytics; and demographic data)	120 days
Personal data created through our processing (e.g., audience segmentation)	90 days

SECURITY
We use reasonable organizational, technical, administrative, and physical safeguards to protect the User Information we collect and process. The measures we use are designed to provide a level of security appropriate to the risk of processing User Information If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us in accordance with the “Contacting Us” section below.
UPDATES TO THIS POLICY
We will review and update this Policy periodically and will note the date of its most recent revision at the top of this Policy. If we make material changes to this Policy, we will post the revised Policy on our website and may take additional measures to inform you about such changes prior to such changes taking effect. We encourage you to review this Policy frequently.
CONTACTING US
If you have any questions about this Platform Privacy Policy or PubMatic’s privacy practices, please contact us by email at pubmaticprivacy[at]pubmatic[.]com, or by mail using the details provided below.

Please note that email communications are not always secure, so please do not include sensitive information in your emails to us.

Residents outside the European Economic Area (EEA):

PubMatic, Inc. c/o Privacy
601 Marshall Street
Redwood City, California 94063, USA

European Economic Area (EEA), and Swiss Residents:
Attn: EEA Representative
PubMatic GmbH
Barbara Strozzilaan 101
1083 HN Amsterdam, Netherlands

UK Residents:
Attn: UK Representative
PubMatic Limited
18 – 22 Stoney Lane
Yardley, Birmingham B25 8YP, England

To comply with our obligations under EU/ UK data protection legislation, we have appointed a Data Protection Officer (DPO). Our DPO is contactable at dpo[at]pubmatic[.]com or by mail using the details provided above. Who is the controller of my data? For the purposes of EU/UK data protection legislation, PubMatic, Inc is the controller of your User Information.