Privacy Policy - Sovrn, Inc. (original) (raw)
1. Introduction
1.1 Who We Are
At Sovrn, Inc., we help publishers make money through advertisements (“ads”), affiliate links, and data products. We believe in transparency and respecting your choices as a consumer, so we have crafted this Privacy Policy to help you understand what information we collect, how we use it, and the controls you have.
Our products are used on websites and other internet-connected services (such as smart TV’s and mobile devices). A more in-depth description of our Services can be found at our Sovrn Products site.
Please contact privacy@sovrn[.]com with any questions or concerns regarding this Privacy Policy.
1.2 What This Policy Covers
This “Privacy Policy” describes how Sovrn collects, uses, and shares personal information in connection with (i) Sovrn Services; and (ii) our public-facing business websites found at www.sovrn.com and other websites that we own and operate that link to this Privacy Policy (collectively, the “Site”).
All references in this Privacy Policy to “Sovrn”, “our”, “us”, or “we”, refer to Sovrn, Inc.
2. Key Terms
We define some important terms below to make this Privacy Policy easier to understand. These definitions apply throughout the document.
2.1 “Personal Information”
Any information that can be used to directly or indirectly identify an individual.
Examples include:
- Direct identifiers (name, email address, phone number, physical address)
- Online/device identifiers (IP address, cookie ID, mobile advertising ID, hashed email, unique online identifier, or combinations like browser type + IP address)
2.2 “Non-Personal Information”
Information that is not associated with or linked to an identifiable individual. This includes aggregate data, de-identified data, and general statistics that cannot reasonably be used to identify you.
2.3 “Interest-Based Advertising”
Also known as targeted, behavioral, or cross-context behavioral advertising. This involves using profiles of your browsing and/or purchasing behavior across websites, apps, and devices to show you more relevant ads.
2.4 Other Definitions
| Advertiser | an entity providing advertisements (“ads”) to be placed on Publisher websites. |
|---|---|
| Connected Television | a television device including (but not limited to) a smart television, Xbox, PlayStation, Roku, Amazon Fire TV, Apple TV, as well as other devices provided by manufacturers such as Samsung and Vizio |
| Connected Television Identifier | a unique identifier generated by a Connected Television which is used for various purposes, including Interest-Based Advertising |
| Publisher | a website or publication that uses our services, or a natural person who interacts with Sovrn on behalf of such websites or publications. Publishers are Sovrn customers |
| Publisher’s Unique Online Identifier | an identifier created by a Publisher to understand an individual’s browsing behavior on the Publisher’s own site, as well as across different third-party websites. |
| Reader | an individual who visits our Publishers’ website(s) or Sovrn’s Site |
| Sovrn Services | Our products and services (defined in more detail below, see Section 3), briefly summarized as:– Exchange: a publisher platform for Interest-based Advertising;– Commerce: affiliate network marketing platform where Publishers earn money by promoting merchant products and driving sales. Sovrn Commerce Services includes product link optimization, shopping galleries, and price comparisons; and– Signal: technology that combines behavioral data with page-level attention data, which helps publishers make their ad space more valuable and earn more money. – Data: partnership solutions that allow us to share personal information with third-parties for commercial interests. |
3. Our Services
Sovrn provides data and monetization tools that help publishers and creators (our customers) generate revenue through digital advertising, affiliate marketing, and commercial data products. We also offer tools to measure viewer engagement and improve content performance.
Our Services include the following main offerings:
3.1 Exchange for Interest-Based Advertising
We operate an advertising exchange platform that enables Publishers to sell ad inventory to Advertisers, including:
- Programmatic ad auctions and direct deals.
- Support for interest-based (targeted) advertising.
- Tools to optimize ad placement, fill rates, and revenue.
3.2 Commerce (Affiliate Network Marketing)
We provide affiliate marketing tools, including:
- Shopping galleries and product recommendation widgets.
- Price comparison features.
- Affiliate link optimization to direct users to relevant merchants.
- Tracking of clicks and purchases for revenue attribution.
3.3 Signal (Viewer Engagement Metrics)
We collect and analyze engagement data to help Publishers understand how users interact with their content, for example:
- Metrics on page views, time spent, scroll depth, and interactions.
- Insights to improve content performance and user experience.
3.4 Commercial Data Products
As a registered data broker, we aggregate and license pseudonymous data derived from our Services, and more specifically includes:
- Audience segments based on browsing behavior.
- Insights for advertisers and data partners.
- Data enrichment services to enhance targeting and measurement.
- Please refer to section 13, Regional Privacy Rights, for more information regarding specific privacy rights associated with disclosures through our data brokerage.
All Services are delivered through code (e.g., scripts, tags) placed on Publisher websites, mobile apps, or connected TV platforms. For more details on any Service, visit our Publisher Products page at sovrn.com/products.
Note: We do not collect or process personal information through the Services in a way that directly identifies individuals (e.g., no names, plain-text emails, or phone numbers from Readers). See Section 5, Information We Collect, for more on the types of information collected.
4. Our Commitment to Responsible Advertising Practices
We follow industry best practices to ensure responsible advertising:
- We adhere to and comply with the industry Self-Regulatory Principles of the Digital Advertising Alliance (“DAA”).
- We adhere to and comply with the Interactive Advertising Bureau (“IAB”) Code of Conduct, and actively participate in the current version of the IAB Europe Transparency & Consent Framework Specifications and Policies as vendor identification number 13.
For more information about industry self-regulation of interest-based advertising, please visit www.aboutads.info or www.networkadvertising.org.
5. Information We Collect
We collect information to deliver our Services, improve performance, and support interest-based advertising. We focus on device and browser identifiers rather than information that directly identifies you as an individual (such as name or email address).
We collect two main types of data:
- Personal Information: identifiers that can link to a specific browser or device (as defined in Section 2.1).
- Non-Personal Information: aggregate or de-identified data.
We do not collect direct personal identifiers about Readers (e.g., names, plain-text emails, physical addresses, or phone numbers) unless you voluntarily provide them through our Site (e.g., signing up for a newsletter).
5.1 Identifiers We Collect
The table below lists the main types of identifiers we collect or access (and in some instances purchased or procured from data partners), with descriptions and where they are used:
| Identifier | Description | Used For / Collected By | Notes |
|---|---|---|---|
| Cookie ID | A unique, random identifier stored in your browser. | All Services and Site | Includes third-party cookies we set or access. |
| IP Address | Your device’s numerical internet address (helps infer general location). | All Services and Site | Dynamic (changes often). |
| Mobile Advertising ID | Device-provided ID (e.g., IDFA on iOS, AAID/GAID on Android). | Exchange and Data | Can be reset by users. |
| Hashed Email | A non-readable, consistent hash of an email address. | Signal and Data | Used for matching across devices. |
| Connected TV ID | Unique ID from devices like Roku, Fire TV, smart TVs. | Exchange | Generated by the device. |
| Device Information | Browser type/version, OS, device type, ad-blocker usage, etc. | All Services and Site | Helps infer device relationships. |
| Unique Online Identifer | Publisher-created ID for tracking behavior on their site and across sites. | All Services and Site | Shared with us by Publishers. |
| Personally Identifiable Information (“PII”) | Information that directly identifies an individual such as name, home address, email address, etc. | Site | Only collected when voluntarily provided. |
| Voice Recordings | Recorded virtual meetings or telephone conversations that assist with note taking and internal training purposes. | Sales and Support Teams | Only collected when voluntraily provided. |
5.2 From Where Information is Specifically Collected
From Readers (visitors to Publisher sites): We collect the identifiers above through cookies, pixels, and similar technologies when you visit sites using our Services. We set cookies (where allowed) at the first visit to any of the Publisher sites that deploy Sovrn Services.
If our cookie is already set on a browser, we recognize a returning Reader and log data using the existing cookie. Readers have the option to use tools provided by browsers to decline to receive cookies or to clear cookies, which will result in us treating the Reader as a new visitor when encountering Sovrn Services.
From Publishers (our customers): We collect account-related details (e.g., upon registration to use Sovrn Services) such as name, email, company info, payment details, and website URLs during registration and account management.
From Our Site: We collect information you voluntarily provide, including Personally Identifiable Information (e.g., name, email when signing up for webinars or contacting us).
From Third-Parties: We may receive or purchase additional identifiers (e.g., hashed emails or mobile IDs) from data partners for our commercial data products. We may then combine these identifiers with the information that we collect through Sovrn Services or the Site.
5.3 What We Do Not Collect
We do not collect or use sensitive personal information (e.g., precise geolocation, health data, or financial details) for profiling or advertising purposes.
6. How We Collect Information
We collect information using common online technologies and from direct interactions. Specifically, we use these tools when you visit Publisher sites with our Services, interact with our Site, or when Publishers share data with us.
6.1 Technologies We Use
We primarily collect data through the following technologies (collectively called “cookies” for simplicity):
- Cookies (session and persistent): small files stored in your browser to track behavior and preferences. Please see About Our Cookies for more information about how cookies are used or what information we collect.
- Web beacons / tracking pixels: tiny invisible images that load when you visit a page or open an email, logging views and actions.
- Scripts: code that runs in your browser or app to collect data.
These technologies help us recognize returning visitors, measure engagement, and deliver relevant ads.
6.2 Collection from Readers (Visitors to Publisher Sites)
When you visit a website or app associated with a Publisher that uses our Services:
- We set or access cookies on your browser or device.
- We collect identifiers (e.g., cookie ID, IP address, device info) at your first visit.
- If a cookie already exists, we log additional activity.
- We may collect data across sites and devices for interest-based advertising (cross-device tracking). In some instances, our business partners link the information we gather through cookies to device identifiers associated with the same Reader (also known as cross-device mapping). They will then share the cross-device mapping or other user data with us, for the purpose of Interest-based Advertising.
6.3 Collection from Publishers (Our Customers)
Publishers provide information directly when they:
- Register for our Services (name, email, website URLs, etc.).
- Log in and manage their account.
- Submit payment details (handled securely by third-party processors).
We also collect analytics about how Publishers use our platform to categorize information about the content on Publisher pages integrated with Sovrn Services and link this information to Personal Information collected through the delivery of Sovrn Services.
We may use session replay technology to collect such analytics, which is third-party software used to record a replay of users’ interactions on the Sovrn Platform (such as to troubleshoot how a Publisher interacts with our dashboard). The replay may include users’ clicks, mouse movements, scrolls, mobile app touches, typing, and other activity taken during the session. We use these replays for research and development purposes, such as to help us troubleshoot problems with the Sovrn Services, understand how Publishers interact with and use the Sovrn Services, and identify areas for improvement.
Note that Publishers may also register for Sovrn Services using an existing Google account, in which case Sovrn will receive Personal Information from Google as defined by Google’s privacy policy.
6.4 Collection through Our Site
We collect information you voluntarily provide, such as:
- Name, email, and contact details when you sign up for newsletters, webinars, or contact us.
- Email content when you send us messages.
We also use cookies on our Site to remember preferences and analyze usage.
6.5 Collection from Third-Party Sources
We may receive or purchase additional information from:
- Data partners (e.g., hashed emails, mobile IDs).
- Other sources (e.g., call recordings for sales/support, with consent).
When Publishers contact Sovrn by telephone or virtual meeting, we use a third-party service to record the call (with your consent) to assist in documentation and for training purposes. For clarity, we will only record those actively in the call; if there are others in the vicinity, it is our expectation that they are not recorded unintentionally, unless this Privacy Policy has been provided and their approval to the recording has been obtained.
6.6 Your Control Over Collection of Information
Please see Section 9: Your Choices & Opt-Out Options, below, for more detailed information regarding how you can use various tools and resources to control how your information may be collected.
It should be noted, however, that some collection is necessary for Services to function (e.g., login cookies for Publishers).
7. How We Use Information
We use the information we collect to deliver and improve our Services, support our business, and provide value to our Publishers. We only use Personal Information for the purposes described herein. We organize our use into three main categories:
7.1 For Commercial Purposes
We use your information to generate revenue and provide services to Publishers and advertisers.
- Deliver interest-based (targeted) advertising on Publisher sites.
- Optimize affiliate links, shopping galleries, and price comparisons in our Commerce services.
- Match and enrich Publisher data with our insights to improve their advertising performance.
- Invite Publishers to participate in market research or feedback opportunities.
- Create audience segments based on browsing interests and behaviors (we do not use personally identifiable information for this). Audience segments are used to provide additional insights, enrichment of our Publisher’s first party data, and to attribute reader interests to browsers and devices to better inform advertising campaigns.
7.2 For Internal Business Operations
We use information to run our business safely, legally, and effectively.
- Audit ad impressions, detect fraud, and ensure compliance with industry standards.
- Debug errors and improve the performance of our Services and Site.
- Provide customer support, process payments, and manage Publisher accounts.
- Monitor for security incidents, prevent misuse, and protect our rights and property.
- Send essential service-related communications (not promotional).
- Comply with legal obligations, respond to subpoenas, defend against claims, for investigative purposes (including disclosure of such information in connection with law enforcement requests, legal process or litigation), and protect our and others’ rights, privacy, safety, or property, and enforcing our agreements.
7.3 For Business Intelligence & Analytics
We analyze usage to understand trends and improve our offerings.
- Generate reports and performance insights for Publishers.
- Conduct internal research to develop new features and products.
- Measure how our Services are used to enhance user experience.
- Work with analytics providers (e.g., Google Analytics) to study Site and Service usage. For more information about how Google Analytics collects and uses data, visit https://policies.google.com/technologies/partner-sites. Please see Section 9 for opt-out options regarding Google Analytics, or you can directly visit https://tools.google.com/dlpage/gaoptout/.
7.4 Non-Personal Information
We may use or share Non-Personal Information for any purpose, including:
- Analyzing trends and market research.
- Improving Site and Service functionality.
- Providing aggregated reports to Publishers.
- Developing new products.
We may also use Personal Information and treat it as Non-Personal Information when legally permitted.Note: We do not use Personal Information to derive audience segments that could be defined as ‘sensitive’ or ‘special categories’ under various data privacy laws and regulations (e.g., health, religion, or political views). For more on opting out of certain uses, see Section 9: Your Choices & Opt-Out Options, and Sovrn’s Audience Segments page.
8. Our Information Sharing Practices
We share information only as necessary to provide our Services, operate our business, and comply with legal obligations. We do not share direct personal identifiers (e.g., names or plain-text emails) about Readers.
We share device and browser identifiers (e.g., cookie IDs, IP addresses, hashed emails) from Readers primarily for advertising and analytics purposes. Publisher account information (e.g., name, email, payment details) is shared only with trusted service providers and is not sold or shared for third-party advertising.
8.1 Categories of Recipients
| Recipient Category | What We Share | Purpose | Notes |
|---|---|---|---|
| Affiliates | Device/browser identifiers and Publisher account details | To support our global operations and provide Services | Affiliates are companies under common control with Sovrn. Please reference the Sovrn Careers page to view our affiliate locations. |
| Service Providers | Device identifiers, Publisher account details, payment info | To help us deliver Services (e.g., hosting, analytics, payment processing, customer support) | We require them to protect data and use it only for our purposes. See full list at sovrn.com/legal/subprocessors |
| Advertising Partners | Device/browser identifiers (e.g., cookie IDs, mobile IDs) | To enable interest-based advertising and ad measurement | See full list at sovrn.com/privacy-policy/third-parties |
| Publishers | Device/browser identifiers and usage data | To measure ad effectiveness, attribute conversions, and prevent fraud | Publishers may use this to optimize their own sites. |
| Other Third-Party Customers | Device/browser identifiers and audience segments | For data enrichment, advertising services, and commercial data products | These include data resellers and ad tech partners. |
| Professional Advisors | Limited account and usage data | For accounting, legal, tax, or financial advice | Subject to confidentiality obligations. |
| Business Transitions | All relevant information | In case of merger, acquisition, or sale of assets | We require the successor to honor this policy. |
| Law Enforcement / Government | Information as required by law | To comply with subpoenas, court orders, or protect rights/safety | See our Law Enforcement Request Policy. |
8.2 Additional Notes on Sharing
We do not sell or share Publisher account information such as names, email addresses, or payment details for third-party advertising.
You can limit sharing for interest-based advertising and data sales via opt-out tools (see Section 9).
For California residents: Certain sharing of device identifiers qualifies as a “sale” or “sharing” under CCPA/CPRA. See Section 13.2 for your opt-out rights.
9. Your Choices & Opt-Out Options
We provide several ways for you to control how we use your information, particularly for interest-based advertising, affiliate tracking, and marketing communications.
Some Important Notes Regarding This Section
- Opting out prevents Sovrn from delivering interest-based (targeted) advertising or tracking for affiliate purposes, but it does not stop all advertising or data collection entirely.
- Choices are specific to the browser or device where you make them. You may need to repeat the process on other devices or browsers.
- If you clear cookies or reset your device ID, you may need to opt out again.
9.1 Opting Out of Interest-Based Advertising
To stop Sovrn from using your data for cross-device targeted advertising:
- Use industry opt-out tools:
- Web browsers: Visit youradchoices.com and use the opt-out tool to select Sovrn (or participating companies).
- Mobile devices/apps: Download the DAA AppChoices app (iOS/Android) to manage preferences.
- Connected TVs: See guidance on the Network Advertising Initiative (NAI) website.
- Block third-party cookies or use privacy extensions/ad blockers in your browser settings.
- Enable Global Privacy Control (GPC**)** in your browser (e.g., Brave, DuckDuckGo, or certain extensions). We honor GPC signals to opt you out of the sale or sharing of your personal information under applicable laws (e.g., CCPA).
- Some of our business partners (for example, Google Analytics) may set or use their own cookies on our Publisher websites or through Sovrn Services where Sovrn has no access to or control over these cookies. Specific to Google Analytics, opt-out by visiting https://tools.google.com/dlpage/gaoptout/.
9.2 Opting Out of Sovrn Commerce (Affiliate Marketing & Tracking)
To prevent tracking for affiliate links, shopping galleries, and price comparisons:
- Visit our Privacy Center (or the dedicated opt-out link) and select “Disable Tracking”.
- This places an opt-out cookie on your device that we honor across Sovrn Commerce-enabled sites.
9.3 Opting Out of Marketing Emails
To stop receiving promotional emails from Sovrn:
- Click the unsubscribe link at the bottom of any promotional email we send.
- Or email marketing@sovrn[.]com to update your preferences.
Note: This does not affect essential service or transactional emails related to your Publisher account.
9.4 Additional Choices for Specific Regions
For California residents (and others with similar rights): Use our Privacy Center form to request access, deletion, correction, or opt-out of sale/sharing. See Section 13.2 for details.
For EEA/UK/Switzerland residents: Exercise your data subject rights (e.g., access, objection, erasure) via our Privacy Center or by emailing privacy@sovrn[.]com. See Section 13.1.
** If you have questions or need assistance with any of these options, please contact us at privacy@sovrn.com.
10. Children’s Privacy
We do not knowingly collect, use, or share personal information from children under the age of 18. Our Services are not directed to children. If you are under 18, please do not use our Site or provide any personal information through it.
10.1 Publisher Responsibility
Publishers who use our Services are responsible for ensuring their own websites and content comply with laws protecting children’s privacy (such as COPPA in the United States). This includes obtaining any necessary parental consent before collecting personal information from children.
10.2 What We Do If We Discover Child Data
If we become aware—through routine reviews or reports—that a child under 18 has submitted personal information through our Site or a Publisher’s site using our Services, we will take reasonable steps to delete that information from our systems.
If you believe a child has provided us with personal information, please contact us at privacy@sovrn.com
11. Data Retention
We keep your personal information only for as long as necessary to fulfill the purposes for which it was collected or for as long as necessary to provide services as described in Section 3.
When deciding how long to retain personal information, we consider:
- The purpose for which we collected the data and whether we can achieve that purpose through other means.
- The amount, nature, and sensitivity of the information.
- The potential risks of unauthorized use or disclosure.
- Applicable legal, accounting, or regulatory requirements.
- Whether the data is needed to establish, exercise, or defend legal claims.
12. Security
We take the security of your personal information seriously and implement commercially reasonable technical, administrative, and physical safeguards to protect it from unauthorized access, loss, misuse, or alteration.
Our security measures include:
- Encryption of data in transit (e.g., using HTTPS/TLS) and at rest where appropriate.
- Access controls, including role-based permissions and multi-factor authentication for our systems.
- Regular security assessments, vulnerability scanning, and monitoring for suspicious activity.
- Employee training on data protection and incident response.
- Secure third-party service providers with contractual safeguards.
Note: No method of transmission over the Internet or electronic storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security.
If you have questions or concerns about the security of your information, please contact us at privacy@sovrn[.]com or security@sovrn[.]com.
13. Regional Privacy Rights
Various privacy laws grant individuals in certain regions additional rights regarding their personal information. This section supplements the rest of this Privacy Policy and describes those rights in detail.
These rights are not absolute and may be subject to exceptions (e.g., legal obligations, inability to verify identity, or situations where exercising a right would conflict with our legitimate interests or legal duties).
13.1 Rights for Residents of the EEA, UK, and Switzerland
This section applies to individuals located in the European Economic Area (EEA), United Kingdom, or Switzerland. For these purposes, “personal data” has the meaning given in applicable data protection laws (e.g., EU GDPR, UK GDPR).
13.1.1 Sovrn’s Role
Sovrn may act as a controller (determining the purposes and means of processing your personal data) or as a processor (processing personal data on behalf of a Publisher or other customer). In most cases involving Reader data from Publisher sites, Sovrn acts as a processor, while Publishers act as controllers. This distinction affects how rights are exercised and which entity is primarily responsible.
13.1.2 Legal Basis for Processing
We process personal data based on one or more of the following lawful bases:
- Your consent (e.g., for interest-based advertising; Publishers are responsible for obtaining this consent on our behalf where required).
- Legitimate interests (e.g., improving our Services, fraud prevention, security, and direct marketing to Publishers), unless your rights and freedoms override these interests.
- Legal obligations (e.g., complying with tax laws, responding to law enforcement requests, or maintaining records for audits).
- Performance of a contract (e.g., providing Services to Publishers under our agreements).
We conduct legitimate interest assessments to balance our needs with your rights.
13.1.3 Your Rights
Depending on the circumstances and legal basis, you may have the following rights:
- Access: Request confirmation of whether we process your personal data and obtain a copy, along with details about the processing.
- Rectification: Ask us to correct inaccurate or incomplete personal data.
- Erasure (“right to be forgotten”): Request deletion of your personal data in certain situations (e.g., when consent is withdrawn and no other legal basis applies).
- Restriction of processing: Limit how we process your data (e.g., while we verify a correction request or during an objection).
- Objection: Object to processing based on legitimate interests or direct marketing (including profiling for advertising).
- Data portability: Receive your data in a structured, commonly used, machine-readable format and transmit it to another controller (where technically feasible).
- Withdraw consent: Withdraw consent at any time where processing is based on consent (this does not affect prior processing).
13.1.4 How to Exercise Your Rights
Submit requests through our Privacy Center or email privacy@sovrn[.]com. We may ask for additional information to verify your identity and the validity of your request. There is no fee for most requests, but we may charge a reasonable fee or decline repetitive or unfounded requests.
13.1.5 International Data Transfers
We are headquartered in Boulder, Colorado (USA) and may transfer personal data to the U.S. and other countries outside the EEA/UK/Switzerland. We use appropriate safeguards, such as Standard Contractual Clauses (SCCs) or other approved mechanisms, to ensure an adequate level of protection. For more information on these safeguards, contact privacy@sovrn[.]com.
13.1.6 Questions or Complaints
Contact our Data Protection Officer at privacy@sovrn[.]com for any questions or concerns. If we are unable to resolve your issue, you have the right to lodge a complaint with your local supervisory authority (e.g., the Information Commissioner’s Office in the UK or the relevant authority in your EEA country). A list of authorities is available on the European Data Protection Board website.
Or you can email an EU representative: IT Governance Europe Limited (email: eurep@itgovernance.eu).
13.2 Rights for California Residents (CCPA/CPRA)
This section applies to California residents. For these purposes, “personal information” has the meaning given in the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), excluding data exempted by law.
13.2.1 Categories of Personal Information Collected
| Category | Examples |
|---|---|
| Identifiers | Cookie ID, unique online identifiers, IP address, mobile advertising ID, hashed email, connected TV ID |
| Internet or Network Activity | Browsing history, search history, interactions with websites, emails, apps, or advertisements |
| Inferences | Profiles reflecting preferences, characteristics, or behavior derived from the above data |
| Commercial Information | Records of products or services considered, obtained, or purchased |
| Customer Records | Publisher contact information and payment details (not sold or shared for advertising) |
13.2.2 Purposes of Collections and Use
See Section 7, How We Use Your Information, for detailed information on the business and commercial purposes for which we collect and use these categories. We use this information to provide and improve our Services, support advertising, and meet legal obligations.
13.2.3 Categories “Sold” or “Shared”
We “sell” or “share” (as defined under California law) the following categories of personal information:
| Category of Personal Information | Sold/Shared With |
|---|---|
| Identifiers | Publishers, Advertising Partners, Other Third-Party Customers (e.g., data services and resellers) |
| Internet or Network Activity | Publishers, Advertising Partners, Other Third-Party Customers |
| Inferences | Publishers, Advertising Partners, Other Third-Party Customers |
Note:
- We do not sell or share sensitive personal information (as defined under California law) or the personal information of individuals under 18.
- We do not sell or share Commercial Information or Customer Records as these are used only for internal (legitimate) business purposes.
13.2.4 Your Rights
As a California resident, you have the following rights:
- Right to Know/Access: Request details about the categories of personal information collected, sources, purposes, and third parties with whom we share it, as well as a copy of your data.
- Right to Delete: Request deletion of your personal information, subject to exceptions.
- Right to Correct: Request correction of inaccurate personal information.
- Right to Opt-Out of Sale/Sharing: Stop the sale or sharing of your personal information for cross-context behavioral advertising.
- Right to Non-Discrimination: Exercise these rights without receiving discriminatory treatment.
13.2.5 How to Exercise Your Rights
You may exercise your rights under CCPA/CPRA as follows:
- Opt-out of sale/sharing: Visit our Privacy Center page or enable Global Privacy Control (GPC) in your browser settings as we honor GPC signals automatically.
- Access, delete, or correct: Submit requests via the Privacy Center, email privacy@sovrn[.]com (include “CCPA Consumer Request” in the subject line), or call +1 (888) 280-8085.
- If you direct us not to sell/share your Personal Information, we will consider it a request pursuant to California’s “Shine the Light” law to stop sharing your Personal Information covered by that law with third parties for their direct marketing purposes.
13.2.6 Verification Process
We reserve the right to confirm your California residence to process your requests and will need to confirm your identity to process your requests to exercise your right to know/access, delete, and correct. This is a security measure to, for example, help ensure we do not disclose information to a person who is not entitled to receive it.
The identity verification process may vary depending on how you submit your request. We will only ask for information needed to verify your identity, such as a different email address, or cookie ID.
13.2.7 Authorized Agent
Consistent with California law, you may designate an authorized agent to make a request on your behalf. If you do so, we may require proof of your identification, the authorized agent’s proof of identification, and any other information that we may request in order to verify the request, including evidence of valid permission for the authorized agent to act on your behalf. We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it.
Authorized agents may submit a request through our Privacy Center, where instructions are provided for completing the request.
13.2.8 Metrics
For details on the number and types of consumer requests received in the previous calendar year, see our CCPA Metric page.
13.3 Other Jurisdictions
If you reside in another region with specific privacy rights (e.g., Canada under PIPEDA, Brazil under LGPD, Colorado under CPA, Virginia under VCDPA, or other U.S. states with emerging privacy laws), please contact privacy@sovrn[.]com. We will provide information on applicable rights and how to exercise them based on your location.
14. Changes to This Privacy Policy
We may modify or amend this Privacy Policy from time to time at our discretion. When we make material changes to this Privacy Policy, we will amend the revision date at the top of this page and such modified or amended Privacy Policy shall be effective as to the Personal Information governed by this Privacy Policy as of that revision date. We encourage periodic review of this Privacy Policy to view any updates, as well as the revision log found at the end of this page.
15. Contact Us
Please contact us at privacy@sovrn[.]com with questions or concerns regarding our Privacy Policy or how we process your Personal Information.
Sovrn will respond in good faith to all privacy inquiries but may not be able to provide complete information if the request requires Sovrn to release confidential information of third parties or otherwise imposes an undue burden or expense.
Sovrn U.S. Headquarters
1600 Pearl St
Second Floor
Boulder, CO 80302
United States
Sovrn U.K. Headquarters
53, 64 Chancery Ln,
London WC2A 1QU
United Kingdom
Sovrn Switzerland, S.A.
Via Cantonale 19, CH-
6900 Lugano
Switzerland
16. Revision Log
| Section | Revision Summary | Version |
|---|---|---|
| Throughout | Updated semantics and formatting for readability, removed duplicative and/or redundant information. | Jan. 2026 |
| Our Commitment to Good Advertising Practices & How to Opt Out | Removed information related to the European Interactive Digital Advertising Alliance (EDAA) YourOnlineChoices program | Dec. 2023 |
| Information We Collect | Updated Privacy Policy to disclose the collection of voice recordings to support Publisher Sales and Support teams | Sep. 2023 |
| Notice to Residents of the EEA, Switzerland and UK: Data Subject Rights; Contacts | Updated semantics for readability; updated Sovrn UK, Limited address | Aug. 2023 |
| Information We Collect; How We Collect Information & How We Use Information | Updated Privacy Policy to disclose additional identifiers processed due to new offered services | Aug. 2023 |
| Information We Collect; How We Collect Information & How We Use Information | Updated Privacy Policy to disclose additional identifiers processed due to new offered services | Apr. 2023 |
| Throughout | Updated Privacy Policy for required disclosures under new US state privacy laws in effect Jan 1 2023, and for general readability | Jan. 2023 |
| Our Commitment to Good Advertising Practices & How to Opt Out | Added information related to our integration with the European Interactive Digital Advertising Alliance (EDAA) YourOnlineChoices program | Aug. 2022 |
| Throughout | Revised email addresses throughout to reduce spam | Aug. 2022 |
| Exercising California Consumer Rights | Replaced toll-free number with new toll-free number | Aug. 2022 |
| Entire Policy | Consolidated Website and Service Privacy Policies, reordered sections, and updated internal links. | Apr. 2021 |
| Information We Collect | Added ‘Universal ID’ to the list of Personal Information types | Apr. 2021 |
| Personal Data Rights (throughout) | Separation of UK from EU personal data rights as a result of the enactment of the UK GDPR | Feb. 2021 |
| Personal Data Rights: Questions or Complaints | Addition of EU representative as a result of the UK’s exit from the EU | Feb. 2021 |
| Revision Log | New section added for clarity of changes over time | Feb. 2021 |