Privacy Policy

This Privacy Policy explains how Adfinitum Inc. (“Adfinitum,” “we,” “us,” or “our”) collects, uses, shares, and protects personal information in connection with our programmatic advertising services, our website at adfinitum.space (the “Site”), and the digital advertising activities we facilitate on behalf of our clients (collectively, the “Services”).

Adfinitum operates principally as a business-to-business advertising technology and media services provider. We do not typically have direct relationships with individual consumers. However, when we facilitate digital advertising on websites, mobile applications, and connected television (“CTV”) environments operated by third parties, personal information about individuals may be processed in connection with our Services. This policy describes those practices and the rights individuals have with respect to that information.

1. Scope and Role

This Policy applies to:

• Visitors to our Site;
• Representatives of clients, advertisers, publishers, suppliers, and other business partners with whom we communicate;
• Individuals whose personal information is processed in connection with the programmatic media buying, audience targeting, measurement, and attribution services we provide to our clients.

When we plan, execute, and report on advertising campaigns at the direction of a client (the “Advertiser”), Adfinitum generally acts as a service provider (under U.S. privacy laws such as the California Consumer Privacy Act, as amended by the California Privacy Rights Act, collectively, the “CCPA”) and as a processor (under the EU and UK General Data Protection Regulations, the “GDPR”) on behalf of that Advertiser. With respect to our Site, our own business operations, and certain limited cross-client analytics and fraud-prevention activities, we act as a business and/or controller in our own right.

2. Information We Collect

The categories of personal information we and our partners may collect include:

2.1 Information You Provide to Us

• Business contact information: name, business email, employer, role, phone number, and similar information provided through forms, email, or business meetings.
• Communications: content of emails, messages, voice or video meetings (where lawfully recorded and noticed), and related metadata.

2.2 Information Collected Automatically

• Online identifiers: cookie IDs, advertising IDs such as Apple IDFA and Google Advertising ID (GAID/AAID), connected TV identifiers (e.g., Roku RIDA, Samsung TIFA, FireTV ADID), publisher- or DSP-assigned pseudonymous IDs, hashed identifiers, and identifier-on-the-open-web tokens (e.g., RampID, UID2, ID5) as they appear in bid streams and impression logs.
• Device and network data: IP address, user-agent, operating system and version, browser type and version, language, device model, screen size, carrier, and approximate geolocation derived from IP.
• Usage data: pages or ads viewed, click-through events, time spent, referring URL, app context, ad inventory metadata (e.g., publisher domain, app bundle ID, content category), and similar telemetry transmitted through OpenRTB or analogous bid-request protocols.
• Approximate location: derived from IP address or, for mobile inventory, from coarse location data passed by the publisher app where the user has consented at the operating-system level.

2.3 Information Received from Clients and Data Partners

• Hashed customer data for audience matching: Advertisers may share hashed (e.g., SHA-256) email addresses, phone numbers, or postal addresses from their first-party customer lists for the purpose of matching against ad platforms’ user graphs to build custom and look-alike audiences. Adfinitum does not unhash this data and does not use it outside the campaign for which it was provided.
• Conversion and measurement events: pixel-fires, server-to-server postbacks, and analogous events indicating that a user took a specified action (e.g., page view, lead form submission, purchase) following exposure to an ad.
• Third-party segment data: audience segments licensed from data marketplaces and clean rooms (including identity, behavioral, demographic, and intent-based segments) used to inform targeting on behalf of Advertisers.

3. How We Use Information

We use personal information for the following purposes:

• Service delivery: to plan, traffic, optimize, and report on digital advertising campaigns across display, video, CTV, online video (OLV), audio, native, and other inventory types.
• Targeting and audience activation: to build, activate, and optimize audience segments (including custom, look-alike, contextual, and re-targeting segments) at the direction of Advertisers.
• Measurement and attribution: to measure the reach, frequency, viewability, brand suitability, and post-exposure outcomes of campaigns.
• Fraud detection and brand safety: to detect and prevent invalid traffic (IVT), bot activity, and unsafe inventory, and to enforce brand-suitability requirements.
• Frequency capping and suppression: to limit how often a given user is exposed to a given ad and to suppress users from receiving ads (for example, existing customers).
• Site operation and business communications: to operate and secure the Site, respond to inquiries, and communicate with clients and prospective clients.
• Legal compliance and protection: to comply with applicable law, respond to lawful requests, enforce our agreements, and protect the rights, property, and safety of Adfinitum, our clients, and others.
• Aggregated analysis: to produce aggregated and de-identified statistics about campaign performance, market trends, and our business.

4. Cookies, Pixels, and Similar Technologies

Adfinitum and our advertising partners use cookies, pixels (also known as web beacons or clear GIFs), software development kits (SDKs), local storage, server-to-server postbacks, and similar technologies (collectively, “Tracking Technologies”) to deliver, measure, and improve the advertising we facilitate.

We classify these technologies as follows:

You can manage Tracking Technologies through your browser settings, your device’s operating-system controls (e.g., iOS “Allow Apps to Request to Track”, Android “Opt out of Ads Personalization”), and through the industry opt-out mechanisms described in Section 11. Disabling cookies or advertising identifiers may affect the functionality of certain parts of the Site or the relevance of ads you receive but will not stop ads being shown to you.

5. Cross-Context Behavioral Advertising

Adfinitum facilitates cross-context behavioral advertising, which means targeting advertising to a consumer based on personal information obtained from the consumer’s activity across businesses, distinctly-branded websites, applications, or services, other than the business, website, application, or service with which the consumer intentionally interacts. This is also known in market parlance as “interest-based advertising,” “targeted advertising,” or “online behavioral advertising.”

For purposes of the CCPA and substantially similar U.S. state privacy laws (Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA, Texas TDPSA, Oregon OCPA, Montana MCDPA, and others as enacted), this activity may constitute a “sale” and/or “sharing” (or “targeted advertising”) of personal information. You can exercise your right to opt out of these activities as described in Section 9 and Section 10.

With respect to our advertising services, Adfinitum honors the Global Privacy Control (GPC) signal where it is passed in the bid request as a valid request to opt out of sale or sharing for cross-context behavioral advertising in jurisdictions that recognize the GPC. Our corporate website at adfinitum.space does not currently collect personal information for cross-context behavioral advertising and therefore does not respond to GPC signals at this time.

6. How We Share Information & Ad Tech Partners

We share personal information with the following categories of recipients:

• Clients (Advertisers): campaign reporting and measurement data, including aggregated and, where contractually permitted, user-level event data.
• Demand-Side Platforms (DSPs): we operate seats on, or transact through, DSPs that participate in real-time bidding to purchase impressions on behalf of Advertisers.
• Supply-Side Platforms (SSPs), Ad Exchanges, and Curation Platforms: we transact with SSPs and curation marketplaces that aggregate publisher inventory and pass bid requests and impression logs.
• Identity, Onboarding, and Audience Partners: partners that match hashed first-party data against device and identity graphs and deliver audience segments to DSPs and SSPs.
• Measurement, Attribution, and Verification Partners: partners that measure viewability, invalid traffic, brand suitability, and post-exposure outcomes.
• Service Providers and Sub-Processors: hosting, cloud storage, analytics, email, customer-relationship management, accounting, and similar back-office providers that process data on our behalf under written contract.
• Legal, Compliance, and Successor Recipients: courts, regulators, and law-enforcement bodies where required; professional advisors; and parties to a corporate transaction (merger, acquisition, financing, or asset sale) subject to confidentiality.

6.1 Named Advertising Partners

The list below identifies advertising-technology and data partners with which Adfinitum currently transacts or may transact on behalf of Advertisers. The list is illustrative and may change as we add or remove partners. Each named partner publishes its own privacy notice and opt-out mechanism; clicking the partner name will take you to that partner’s privacy page.

If you would like an up-to-date listing of partners specific to a particular campaign or relationship, you may request it by writing to privacy@adfinitum.space.

7. Legal Bases for Processing (GDPR / UK GDPR)

For individuals in the European Economic Area, the United Kingdom, and Switzerland, we rely on one or more of the following legal bases under Articles 6 and (where applicable) 9 of the GDPR / UK GDPR:

• Consent (Art. 6(1)(a)), where required, including for the placement of advertising and analytics cookies and Tracking Technologies on devices located in the EEA, UK, and Switzerland. Consent is collected and managed by the operator of the website or app at the point of collection through a Consent Management Platform (CMP) compliant with the IAB Europe Transparency & Consent Framework (TCF) v2.2 or an analogous standard. Adfinitum receives and respects the TCF signal as it is passed in the OpenRTB bid request and conforms its downstream processing to the choices reflected in that signal.
• Contract (Art. 6(1)(b)), to perform contracts with clients, suppliers, and other business counterparties.
• Legitimate interests (Art. 6(1)(f)), for limited business-to-business communications, the security and integrity of our Site and Services, fraud detection, and product improvement; balanced against the rights and freedoms of the data subject.
• Legal obligation (Art. 6(1)(c)), to comply with applicable laws.

Adfinitum does not process special categories of personal data (Art. 9) in the ordinary course of its Services and does not knowingly accept such data from clients or partners.

8. Your Rights: EEA, UK, and Switzerland

Subject to applicable law, individuals in the EEA, UK, and Switzerland have the right to:

• Request access to personal data we hold about them;
• Request rectification of inaccurate or incomplete data;
• Request erasure (“right to be forgotten”);
• Request restriction of processing;
• Object to processing carried out on the basis of legitimate interests, including profiling, and at any time to processing for direct marketing purposes;
• Request data portability;
• Withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal;
• Lodge a complaint with a competent supervisory authority.

Where Adfinitum acts as a processor on behalf of a client, requests should be directed in the first instance to the client (the data controller). We will assist controllers in responding to data-subject requests as required by the GDPR. You may also contact us directly at privacy@adfinitum.space; we will route your request to the appropriate controller or respond directly where we are the controller.

9. Your Rights: California (CCPA/CPRA)

If you are a California resident, you have the following rights under the CCPA:

• Right to Know: to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business or commercial purposes, and the categories of third parties with whom we share it;
• Right to Delete: to request deletion of personal information we have collected from you, subject to legal exceptions;
• Right to Correct: to request correction of inaccurate personal information;
• Right to Opt-Out of Sale or Sharing: to direct us not to “sell” or “share” (for purposes of cross-context behavioral advertising) your personal information;
• Right to Limit Use of Sensitive Personal Information: to direct us to limit our use of sensitive personal information to purposes specified in the CCPA, where applicable;
• Right to Non-Discrimination: we will not discriminate against you for exercising any of these rights.

Categories of personal information collected, sold, or shared. In the preceding twelve (12) months, Adfinitum has collected, and through advertising partners has “sold” or “shared” for cross-context behavioral advertising, the following categories of personal information as defined in Cal. Civ. Code § 1798.140: identifiers (including online and device identifiers and IP address); internet or other electronic network activity information (including browsing and app activity, ad impression and click events); geolocation data (approximate); commercial information (interactions with ads and conversion events); and inferences drawn from the foregoing (audience segments). We do not knowingly collect or process sensitive personal information beyond what is incidentally transmitted in bid requests (e.g., precise geolocation passed at the publisher’s discretion), and we do not use such data to infer characteristics about consumers.

To exercise your rights, please submit a verifiable consumer request through any of the following channels:

• Email: privacy@adfinitum.space with subject line “California Privacy Request”;
• Postal mail: Adfinitum Inc., Attn: Privacy, 30 N Gould St, Ste R, Sheridan, WY 82801, USA;
• Browser-based: enable the Global Privacy Control (GPC) in your browser; we honor a valid GPC signal as an opt-out of sale or sharing where it is passed to us in the bid request through our advertising-services data flow.

You may use an authorized agent to submit a request on your behalf; we will require evidence of the agent’s authority and, in most cases, verification of your identity.

10. Your Rights: Other U.S. States

Residents of states with comprehensive consumer-privacy laws (including, as of the effective date of this Policy, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Delaware, New Hampshire, New Jersey, Tennessee, Minnesota, Maryland, Indiana, Kentucky, Rhode Island, and others as enacted) generally have rights similar to those of California residents, including the right to access, correct, and delete personal information, the right to opt out of targeted advertising (which we treat as equivalent to “sharing” for cross-context behavioral advertising), and, in most states, the right to appeal a denial of a request.

To exercise your rights, contact us at privacy@adfinitum.space. We honor browser-based universal opt-out signals (such as GPC) where required by applicable state law.

11. Industry Opt-Out and Control Mechanisms

In addition to the legal rights described above, you may use industry-wide opt-out tools to limit interest-based advertising:

• Digital Advertising Alliance (DAA):optout.aboutads.info and YourAdChoices.com;
• DAA AppChoices (mobile):youradchoices.com/appchoices;
• Network Advertising Initiative (NAI):optout.networkadvertising.org;
• European Digital Advertising Alliance (EDAA):youronlinechoices.eu;
• Mobile device controls: on iOS, disable “Allow Apps to Request to Track” and reset your Advertising Identifier; on Android, enable “Opt out of Ads Personalization” and reset your Advertising ID;
• Connected TV controls: most CTV operating systems (Roku, FireTV, Samsung Tizen, LG webOS, Vizio SmartCast, Apple tvOS) provide a setting to limit ad tracking and reset the device’s advertising identifier;
• Global Privacy Control:globalprivacycontrol.org; honored by Adfinitum on the Site as a valid opt-out signal where required by law.

12. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, to comply with our legal and contractual obligations, and to resolve disputes:

• Advertising and bid-stream data. Auction-level data and impression logs are held principally by our DSP and SSP partners, each of which applies its own retention schedule. For data we receive in identifiable form (for example, post-impression reporting extracts or measurement files), our standard retention does not exceed thirteen (13) months, after which the data is aggregated or deleted.
• Hashed audience-matching data. Retained for the duration of the relevant campaign and deleted within ninety (90) days of campaign conclusion, unless the Advertiser’s instructions require earlier deletion.
• Site analytics. Retained according to the configuration of the analytics provider, typically fourteen (14) to twenty-six (26) months.
• Business contact and contract records. Retained for the duration of the relationship plus the period required by applicable law, typically up to seven (7) years for accounting and tax records.

13. International Data Transfers

Adfinitum is headquartered in the United States. Personal information processed in connection with our Services may be transferred to, stored in, and processed in the United States and in other countries where we or our service providers maintain facilities. Where personal information originates in the EEA, the United Kingdom, or Switzerland and is transferred to a country that has not received an adequacy decision from the relevant authority, we rely on appropriate safeguards including the European Commission’s Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, and the Swiss Federal Data Protection and Information Commissioner’s standard clauses, supplemented where necessary by technical and organizational measures.

13.1 EU and UK Representative

Pursuant to Article 27 of the GDPR and the UK GDPR, Adfinitum is in the process of formally designating a representative in the European Union and the United Kingdom. Until that designation is finalized, supervisory authorities and data subjects in the EEA and UK may direct inquiries concerning processing carried out by Adfinitum to privacy@adfinitum.space or to the postal address listed in Section 18. We will respond to such inquiries within the timeframes required by applicable law. Adfinitum is not required to designate a Data Protection Officer under Article 37 of the GDPR; privacy@adfinitum.space is our designated privacy contact for all data-protection inquiries.

14. Security

We maintain technical, administrative, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. These include encryption in transit and at rest where appropriate, role-based access controls, multi-factor authentication for administrative access, vendor due diligence, and regular review of our security posture. No method of transmission over the Internet or method of electronic storage is 100% secure, and we cannot guarantee absolute security.

15. Children’s Privacy

Our Site and Services are not directed to, and we do not knowingly collect personal information from, children under the age of 13 in the United States (within the meaning of the U.S. Children’s Online Privacy Protection Act, “COPPA”) or under the age of 16 in the EEA and UK (within the meaning of the GDPR). For programmatic media buying, we restrict our targeting and inventory selection to prevent placement on child-directed content as defined by COPPA. If you believe that a child has provided us with personal information, please contact us at privacy@adfinitum.space and we will take steps to delete the information.

16. Sensitive Information

Adfinitum does not use or disclose “sensitive personal information” (as defined under the CCPA) or “special categories of personal data” (as defined under the GDPR) to infer characteristics about a consumer. We do not knowingly accept, target on, or activate audiences derived from health, sexual orientation, race, religion, immigration status, precise geolocation, or genetic or biometric data. We require, through contractual terms with our clients and partners and through technical controls applied to data we ingest, that such categories of data not be passed to our platform or used in any campaign we facilitate.

17. Changes to this Policy

We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we do, we will revise the “Last updated” date at the top of this Policy and, where the changes are material, we will provide additional notice (for example, by posting a notice on the Site or, where appropriate, by direct communication). We encourage you to review this Policy periodically.

18. Contact Us

If you have any questions or comments about this Policy or our privacy practices, or wish to exercise any of your rights, please contact us:

Adfinitum Inc.
Attn: Privacy
30 N Gould St, Ste R
Sheridan, WY 82801
United States
Email: privacy@adfinitum.space
General contact: contact@adfinitum.space