Effective Date: August 20, 2020

Last Reviewed: August 20, 2020

Introduction

Sift Media, Inc. (“we,” “us,” “our” or “Sift”) is a mobile advertising company that provides a platform to deliver more targeted advertising to consumers. Our technology enables our partners to show mobile application users more relevant advertising that is based on users’ interests and behaviors. In order to provide these services, we collect and use certain information about user activity and preferences.

Sift recognizes the importance of consumer privacy and we are committed to treating your personal information in accordance with applicable data protection laws and regulations. In addition, we support and adhere to all applicable industry self-regulatory programs, principles, and guidance published by the Network Advertising Initiative (NAI), the Digital Advertising Alliance (DAA), and the Interactive Advertising Bureau (IAB). To learn more about each of these organizations, please click the links below:

• NAI: http://www.networkadvertising.org

• DAA: http://www.aboutads.info

• IAB: http://www.iab.net

To this end, we have designed the Sift Privacy Policy (this “Privacy Policy”) in a format that is easy to navigate and read so that you can clearly understand our privacy practices. Please read this Privacy Policy carefully.

What This Policy Covers

This Privacy Policy explains how we collect, use, and share information through our advertising platform (“Services”) and our corporate websites at www.sift.co and www.demandscale.com (“Site”), as well as your choices and rights associated with that information. Additionally, this Privacy Policy addresses specific provisions for California residents covered under the California Consumer Privacy Act (“CCPA”) and EU individuals covered under the General Data Protection Regulation (“GDPR”). Furthermore, this Privacy Policy addresses our adherence to the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework.

Table of Contents

• Advertising Services Privacy Policy

• Website Privacy Policy

• Specific Provisions for California Residents

• Specific Provisions for EU Individuals

• Privacy Shield Framework

Definitions

The following is a non-exhaustive list of definitions of words and phrases found in this document:

"Analytics Services" refers to usage of data visualization and analysis tools and reports made available to Customers through a secure user interface or via authorized distributed reports characterizing and containing aggregated User Data.

"Customer" refers to app owners, developers, marketers, or agencies making use of Sift Services, or having signed up for Sift Services via our Site.

"Customer Data" refers to any data collected during registration as a Sift Customer or provided by Sift Customers through the use of Sift Services. This may include personal information such as name, mailing address, email address, phone number, and payment information.

“EU” refers to the European Union or European Economic Area.

"End Users" refers to users of mobile applications developed and operated by Sift Customers.

"Sift" refers to Sift Media, Inc.

"Services" refers to either Analytics Services or Targeted Advertising Services, or both.

"Site" refers to our website, www.sift.co and www.demandscale.com.

"Targeted Advertising Services" refers to the use of collected and aggregated User Data to deliver targeted and relevant advertisements.

"User Data" refers to characteristics and behaviors of End Users.

This section describes the information we collect, use, and share through our Services.

Information Collection

Customers are responsible for providing End Users with notice and obtaining all applicable End User consents to Sift’s collection and use of User Data.

If you are an End User, Sift may collect information about your device through your interaction with certain mobile apps and advertisements, including device attributes such as: operating system, hardware version, device settings, Internet Protocol (IP) address, time zone, device carrier, applications installed on the device, and device advertising identifiers. We may also collect certain demographic information (such as age, gender, territory) and information about End User behavior when using a customer’s mobile application. If you have enabled location tracking in your application, we may receive certain location information about your device.

If you are a Customer who uses the Services in connection with your mobile applications, we collect certain usage data about the operation of your applications, the mobile devices that run your applications, and user interactions with your applications and certain other applications on the device. We do not collect information that can be used to identify an individual, except on an anonymous basis.

Information Use

We may use User Data to:

• Perform Analytics Services on behalf of Customers;

• Perform Targeted Advertising Services on behalf of Customers;

• Create, analyze, market, distribute to third parties, and make available for sale aggregated and anonymous targeting segments for digital advertising purposes; and

• Perform any other function that we believe in good faith is necessary to protect the security or proper functioning of our Service.

Information Sharing

We may share information we collect through our Services for the following purposes:

• To provide our Customers with the Services, such as to deliver relevant advertising, and to provide attribution;

• For analytics and research purposes;

• As part of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings);

• In response to a subpoena, court order, or other legal matter;

• To protect our rights and the rights of others if sharing the information may prevent physical, financial or other harm, injury, or loss; and

• To protect your safety or the safety of others, or in connection with an investigation of suspected or actual unlawful activity.

User Choice and Opt-Out

If you are an End User and want to opt-out from collection and use of identifiers for ad targeting on your device, you can do so through your device settings. For example:

• Android Devices: Go to Google Settings > Ads, and turn on “Opt out of Ads Personalization.”

• iOS Devices: Go to Settings > Privacy > Advertising, and turn on “Limit Ad Tracking.”

You can also reset the mobile advertising identifiers on your mobile device to limit advertisers in tracking your past activity. For example:

• Android Devices: Go to Google Settings > Ads, and tap on “Reset advertising ID.”

• iOS Devices: Go to Settings > Privacy > Advertising, and tap on “Reset Advertising Identifier,” then tap on “Reset Identifier.”

End Users who do not want the Sift Services to collect any information about them may opt-out of such collection by visiting the Sift Opt-out (https://www.sift.co/optout) and following the opt-out instructions.

Protecting Children’s Privacy

Our Service is not intended for use by Children under the age of 13. We do not knowingly collect personal information from children under the age of 13 through the Service except as permitted by US law.

Accessing Your Personal Information

You can update, correct, or delete the personal information you provide to us by contacting us at [email protected]. Please be aware that Sift may need to ask you to provide certain credentials to verify your identity.

Please note that we may retain and use your personal information as necessary to comply with its legal obligations, resolve disputes, and enforce our agreements.

Data Retention

Sift will not retain data longer than is necessary to fulfill purposes for which it was collected or as required by applicable laws or regulations.

Data Security

Sift cares about the security of your information and we take certain measures to protect your personal data. However, no method of electronic transmission or storage is 100% secure. Therefore, we cannot guarantee absolute security of your information.

Data Transfers

Please be aware that the information we collect may be transferred to and maintained on servers or databases located outside your state, province, country, or other jurisdiction, where the privacy laws may not be as protective as those in your location. If you are located outside of the United States, please be advised that we process and store information in the United States and your consent to this Privacy Policy represents your agreement to this processing.

This section describes the information we collect, use, and share through our Site.

Information Collection

Whenever you visit our Site, Sift may collect personal information that you voluntarily provide to us. Such information may include personal information such as your name, company name, email address, or any other information when you complete the online forms available on the Site.

If you are a Customer with an account, we collect certain personal information from you when you sign up for our Services that can be used to identify you, such as your name, e-mail address, mailing address, phone number, and payment information.

Information Use

We may use the information we collect through the Site for the following purposes:

• Respond to your questions, concerns, or inquiries;

• Send information about our products and services, including marketing communications;

• Understand usage trends and preferences;

• Operate and improve the Site and our Services;

• Process transactions between customers and Sift; and

• Perform any other function that we believe in good faith is necessary to protect the security or proper functioning of our Site.

Information Sharing

We may share the information we collect through the Site for the following purposes:

• With your consent, including through this Privacy Policy;

• With third party individuals and organizations to assist us in providing Services, including contractors, web hosts, advertising platform and services providers, and others;

• As part of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings);

• In response to a subpoena, court order, or other legal matter;

• To protect our rights and the rights of others if sharing the information may prevent physical, financial or other harm, injury, or loss; and

• To protect your safety or the safety of others, or in connection with an investigation of suspected or actual unlawful activity.

www.sift.co

We do not use analytics and performance cookies on our www.sift.co website. Specifically, our website hosting platform (Squarespace) allows us to disable analytics and performance cookies. Therefore, we do not collect information on your behalf about your interaction with our site.

However, our website hosting platform (Squarespace) uses functional and required cookies (i.e., non-tracking cookies) to allow visitors to navigate and use features on our site. For example, you may see that our Site uses a session cookie called “Crumb” to prevent cross-site request forgery (CSRF). CSRF is an attack vector that tricks a browser into taking unwanted action in an application when someone’s logged in.

www.demandscale.com

Our www.demandscale.com website, like most websites, employs “cookies” and similar technologies. Cookies are small files that are stored on your computer or mobile device when you visit our Site and allow us to recognize your browser and obtain information about your use of our Site. This helps us provide you with a better experience by improving the content and making our Site easier to use.

We use the following categories of cookies:

Strictly Necessary Cookies: These are cookies that are required for the operation of our Site. They include, for example, cookies that enable basic functions like page navigation. The Site cannot function properly without these cookies.

Performance and Functionality Cookies: These are used to recognize you when you return to our Site. This enables us to personalize our content for you and remember your preferences (for example, your choice of language or other online settings), but are non-essential to the performance of the Site.

Analytical or Customization Cookies: These cookies collect information about how users access and move through the Site. We use this information in either aggregate form to help us to improve the way our Site works, or to personalize our Site to your interests.

We also use a tool called “Google Analytics” to collect information about the use of this Site. Google Analytics collects information such as how often users visit this Site, what pages they visit when they do so, and what other sites they used prior to coming to this Site. We use the information we get from Google Analytics only to improve this Site. Google Analytics collects only the IP address assigned to you on the date you visit this Site, rather than your name or other identifying information. For more information on how Google uses Cookies, please visit policies.google.com/technologies/cookies.

User Choice and Opt-Out

At any time, you may unsubscribe from Sift’s newsletters list. To do so, please send us an opt-out request to [email protected] or follow the unsubscribe instructions in such communications. 

You can set your browser to not accept cookies, but this may limit your ability to use the Site. You may also be able to change your browser settings to refuse third-party cookies or to indicate when a third-party cookie is being sent. Check your browser's "Help" files to learn more about handling cookies on your browser. You can also opt-out of receiving interest-based ads from certain ad networks, please visit http://www.networkadvertising.org (or if located in the European Union, please visit http://www.youronlinechoices.eu).

Protecting Children’s Privacy

Our Site is not intended for use by Children under the age of 13. We do not knowingly collect personal information from children under the age of 13 through the Site except as permitted by US law.

Accessing Your Personal Information

You can update, correct, or delete the personal information you provide to us by contacting us at [email protected]. Please be aware that Sift may need to ask you to provide certain credentials to verify your identity.

Please note that we may retain and use your personal information as necessary to comply with its legal obligations, resolve disputes, and enforce our agreements.

Third Party Websites

Sift may post links to third party websites on its Site. These third party websites are not screened for privacy or security issues by Sift, and you release us from any liability for the conduct of these third party websites.

Please be aware that this Privacy Policy, and any other policies in place, in addition to any amendments, does not create rights enforceable by third parties or require disclosure of any personal information relating to members of the Site. Sift bears no responsibility for the information collected or used by any advertiser or third party website. Please review the privacy policy and terms of service for each site you visit through third party links.

Data Retention

Sift will not retain data longer than is necessary to fulfill purposes for which it was collected or as required by applicable laws or regulations.

Data Security

Sift cares about the security of your information and we take certain measures to enhance the security of our Site, including SSL certificates. However, no method of electronic transmission or storage is 100% secure. Therefore, we cannot guarantee absolute security of your information. If you contact us by email or through our “contact us” form on our Site, please be aware that your transmission might not be secure as these methods generally lack encryption and a third party could potentially view information you send by these methods.

Data Transfers

Please be aware that the information we collect may be transferred to and maintained on servers or databases located outside your state, province, country, or other jurisdiction, where the privacy laws may not be as protective as those in your location. If you are located outside of the United States, please be advised that we process and store information in the United States and your consent to this Privacy Policy represents your agreement to this processing.

These Specific Provisions for California Residents supplement the information contained in our Advertising Services and Website privacy policies above and apply solely to End Users of mobile applications and all site visitors, users, and others who reside in the State of California (”consumers” or “you”). We adopt these provisions to comply with the California Consumer Privacy Act of 2018 (CCPA) and any terms defined in the CCPA have the same meaning when used in these specific provisions.

Information Collection

Advertising Services

If you are an End User, Sift may collect information about your device through your interaction with certain mobile apps and advertisements, including device attributes such as: IP address and device advertising identifiers. In the preceding twelve (12) months, we have collected the following categories of personal information from consumers:

Category: Identifiers.

Examples: IP address and device advertising identifiers.

Collected: YES

Website

Whenever you visit our Site, Sift may collect personal information that you voluntarily provide to us. Such information may include personal information such as your name, company name, email address, or any other information when you complete the online forms available on the Site.

If you are a Customer with an account, we collect certain personal information from you when you sign up for our Services that can be used to identify you, such as your name, e-mail address, mailing address, phone number, and payment information.

www.sift.co: In the preceding twelve (12) months, we have collected the following categories of personal information from consumers:

Category: Identifiers.

Examples: IP address.

Collected: YES

www.demandscale.com: In the preceding twelve (12) months, we have collected the following categories of personal information from consumers:

Category: Identifiers.

Examples: IP address or other similar identifiers.

Collected: YES

Information Use

Advertising Services

We will not create, store or use any End User profiles on California residents. Any existing End User profiles of California residents have been deleted from our systems. We will continue displaying targeted advertisements to End Users without profiles.

We will also restrict the number of times a specific End User is shown a particular advertisement. In the advertising industry, this is referred to as frequency capping.

Information Sharing

Advertising Services

We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract. In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:

Category: Identifiers.

Examples: IP address and device advertising identifiers.

We disclose your personal information for a business purpose to the following categories of third parties:

• Our affiliates.

• Service providers.

• Third parties to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide to you.

Website

We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.

www.sift.co: In the preceding twelve (12) months, we have not disclosed personal information for a business purpose.

www.demandscale.com: In the preceding twelve (12) months, we have disclosed personal information for a business purpose.

Category: Identifiers.

Examples: IP address or other similar identifiers.

We disclose your personal information for a business purpose to the following categories of third parties:

• Service providers.

• Third parties to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide to you.

Sales of Personal Information

In the preceding twelve (12) months, we have not sold any personal information.

Your Rights and Choices

The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

Access to Specific Information and Data Portability Rights

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

• The categories of personal information we collected about you.

• The categories of sources for the personal information we collected about you.

• Our business or commercial purpose for collecting or selling that personal information.

• The categories of third parties with whom we share that personal information.

• The specific pieces of personal information we collected about you (also called a data portability request).

• If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:

  • sales, identifying the personal information categories that each category of recipient purchased; and

  • disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

Deletion Rights Requests

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service providers to:

• Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.

• Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.

• Debug products to identify and repair errors that impair existing intended functionality.

• Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.

• Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).

• Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.

• Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.

• Comply with a legal obligation.

• Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by sending us a message on our website. Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.

• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.

Response Timing and Format

We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

• Deny you goods or services.

• Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.

• Provide you a different level or quality of goods or services.

• Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Legal Basis for Processing

Advertising Services

As the data processor, Sift relies on the explicit consent of the EU individual (End User) that is given through our Customer’s mobile application in order for our Services to process personal data. Please note that Sift will not be storing user profiles of EU individuals and will only retain pseudonymous data such as device identifier and IP address for no longer than 1 year.

On other occasions, we may process personal data when it is necessary for the performance of a contract or where required by law. Sift may also process personal data when it is in Sift’s or its Customer’s legitimate interests to do so and when these interests are not overridden by the individual’s data protection rights. Those legitimate interests include improving Sift’s Services.

Website

As the data controller, Sift relies on the explicit consent of the EU individual when entering personal data through the Site (such as when completing the online forms available on the Site). In response, Sift may process the personal data to respond to your inquiry. On other occasions, we may process personal data when it is necessary for the performance of a contract or where required by law.

Sift may also process personal data when it is in Sift’s legitimate interests to do so and when these interests are not overridden by the individual’s data protection rights. Those legitimate interests include improving Sift’s Site or Services.

For questions regarding data processing, please contact our Data Protection Officer at [email protected].

Your EU Data Subject Rights

If you are an EU individual and have provided consent through our Customer’s mobile application for our Services to process your personal data or have entered your personal data through the Site, you may be entitled to:

• Request access to the personal data that we keep about you;

• Request that we rectify or erase your personal data;

• Request that we restrict or object to the processing of your personal data;

• Request the transfer of your personal data in accordance with your right to data portability;

• Withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;

• Not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affecting you; and

• Lodge a complaint with a data protection supervisory authority.

All requests submitted to Sift will be processed in a timely manner. To submit a request, please contact our Data Protection Officer at [email protected].

Children

We do not knowingly collect personal information from children under the age of 16 through the Services or Site.

Sift complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Sift has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/list.

Sift is responsible for the processing of personal data it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Sift complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions. In addition, Sift Media ensures that the recipient of personal data offers an adequate level of protection, for instance by entering into the appropriate data processing agreements and, if required, standard contractual clauses for the transfer of data as approved by the European Commission (Art. 46 GDPR).

With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Sift is subject to the regulatory enforcement powers of the US Federal Trade Commission. In certain situations, Sift may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the Privacy Shield Principles, Sift commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Sift at [email protected].

Sift has further committed to refer unresolved Privacy Shield complaints to ANA Privacy Shield Program, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact ANA at the following address:

ANA
Attn: Privacy Shield
225 Reinekers Lane, Suite 325
Alexandria, VA 22314

You can also visit the ANA Privacy Shield Program for more information or to file a complaint at https://thedma.org/resources/consumer-resources/privacyshield-consumers. The services of ANA Privacy Shield Program are provided at no cost to you.

If your complaint is not resolved by either Sift or the ANA Privacy Shield Program then you may have the opportunity to invoke binding arbitration as described on the Privacy Shield website at https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint.

Policy Changes

From time to time, Sift may update this Privacy Policy to reflect changes to our privacy practices. If we do so, the “Effective Date” posted at the top of the Privacy Policy will be updated as well. For any material changes to the Privacy Policy, we will notify you by email (sent to the email address on record) or by providing a notice on the Site prior to the updated Privacy Policy becoming effective. Please review the Privacy Policy periodically to ensure that you understand how we collect, use, and share information.

Any changes to the Privacy Policy will become effective once the updated Privacy Policy is posted on the Site. By continuing to use the Site or Services following such changes, you are agreeing to accept the terms of the revised Privacy Policy.

Contact Us

If you have any questions or comments about this Privacy Policy, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights under the California law or GDPR, or would like to report a potential privacy violation in relation to Sift's Site or Services, please do not hesitate to contact our Data Protection Officer at [email protected].

You can also write to us at our corporate address:

Sift Media, Inc.
Attn: Data Protection Officer
201 West Main Street
Suite 300, PMB 302
Durham, NC 27701