User Privacy

navigating modern day privacy issues in ad tech can be complicated at tresensa, we have invested time into developing a user privacy strategy that covers us under the gdpr, but is also applied across all regions, giving us a great foundation to act on any new regulations that may come into effect in other territories data minimization the only personally identifiable information (pii) that tresensa records in user session data is the advertising id (adid), also referred to as the idfa on ios or gaid on android we do not record ip address, and location data does not go deeper than metro area data retention all session analytics data is automatically deleted after a period of 24 months any buckets used for transferring pii data are automatically deleted after a period of 14 days right to erasure requests all adids contained within session data are pseudonymised so that they cannot be attributed to a specific person without the use of a separate lookup table we refer to as the proxy user id table if a user requests that their data be erased, we simply remove their adid from the proxy user id table this breaks all connections between the user id and any session data we have from them, and removes their adid entirely from our systems the pseudonymised versions of an adid are generated randomly and cannot be inverted back to the original adid by any means coppa if our bidder receives a bid request with the coppa (children's online privacy protection act) flag set (indicating that the session is originating from content directed toward users under 13 years of age, or originating from a user known to be under 13), our bidder will automatically decline to bid we will therefore never win sessions or store data in situations falling under coppa regulations