GDPR Policy

As the leading performance marketing platform, is dedicated to providing its customers with complete transparency and control over their users’ personal data, assisting them in their GDPR compliance journey.

What is the GDPR and How it Affects Customers

On May 25, 2018, The European Union implemented a new data privacy law, the General Data Protection Regulation (GDPR). The main goal of the GDPR is to standardize data privacy laws across Europe, ensuring the protection and empowerment of all EU citizens' data privacy and transforming the approach of organizations in the region.

Any company that collects or processes personal data of individuals in the EU is subject to GDPR, regardless of whether the company has a physical presence in the European Union. This means that most businesses with global or online operations, including customers, are impacted.

GDPR Compliance as a Shared Responsibility Between Data Controllers and Data Processors

Data Controller: This term refers to any natural or legal person, public authority, agency, or other entity that determines the purposes and methods of processing personal data. clients act as data controllers.

Data Processor: This term refers to any natural or legal person, public authority, agency, or other entity that processes personal data on behalf of the controller. serves as a data processor.

Our Commitment to You on Behalf of Your Data Processor. How Does Prepare for the GDPR?

Data Collection and Retention Policies

With the principle of data minimization in mind, we’ve made the following changes:

– IP addresses and the Device IDs will have a 12-month rolling retention.

– All log-level reporting will have a 12-month rolling retention period.

– Note: these retention window changes will only affect the Conversion Report and Click Logs. All Stats Report queries will remain available beyond these retention windows, with Affiliate Sub 1-8 or Source stats queries available for 18 months.

Data Deletion Process

We adhere to the requirements set out in articles 17, 30, and 32(4) of the GDPR. This includes:

Physical Access Control

Our data centers are highly secure, with security officers onsite, monitoring and alarm systems, video/CCTV monitors, and more. No individual, including staff, has self-determined access to the servers.

Data Access, Usage, and Transmission Controls

We have tools to prevent unauthorized access, usage, or transmission of data. Data cannot be altered or deleted by unauthorized persons during transmission.

Separation Rule

We ensure data privacy and security by keeping data collected for different purposes separate during processing, extending this to test and production systems.


Data is hashed as early as possible. The processing of personal data is conducted in a way that prevents it from being linked to a specific data subject without additional information.

Availability Control and Rapid Recoverability

We regularly back up all stored data to protect against loss. Continuous backups are created and transferred to a remote site, allowing for data restoration if needed.

Incident Response Management

In the event of data loss, affected parties are promptly informed.

Deleting Affiliate, Advertiser, and Account Employee Personal Data

Customers have the option to permanently delete personal data stored regarding their affiliates, advertisers, or employees.

Note: When deleting end user, affiliate, advertiser, or employee data, we will only remove the column containing PII, maintaining the accuracy of your aggregate data.

Privacy by Design has integrated appropriate technical and organizational measures into our software development life cycle, ensuring that personal data is processed strictly according to our customers’ instructions and configurations.

– Personal Data is only collected with assured user consent

– We do not sell or re-broker personal data

– We provide opt-out/opt-in options

– We respect do-not-track privacy preferences

For more information on our GDPR compliance, contact our privacy team at [email protected].