Promoted Privacy & Security FAQs

At Promoted, we are passionate about helping companies build and scale advertising platforms. The privacy and security of our customers’ information, as well as that of their end-users, is a cornerstone of our platform. We continually implement privacy and security by design and privacy by default techniques. Below we answer some frequently asked questions about our approach to privacy and security.

Is Promoted a “controller” or a “processor” for purposes of data protection and privacy laws?

We act as a “processor” as defined by the GDPR and a “service provider” as defined by the CCPA as to the personal information provided by our clients. We only use the information we collect to provide our services and we never sell the information we collect or use it for cross-site or interest-based advertising purposes. We offer a standard Data Processing Addendum that documents these commitments.

What personal information does Promoted collect through its services?

Our products are highly configurable so that our clients determine what information we collect. Data minimization is an important foundation of our products and services, and accordingly, we have designed our services to collect the least amount of personal data necessary. Typically, we collect a customer ID determined by the client as well as log information about a consumers’ session.

Does Promoted collect identifying information?

Because data minimization is core to our philosophy as a company and because we do not need identifying information to provide our services, we ask that our clients not provide us certain identifying information such as the names or email addresses of end-users.

How does Promoted secure the information it collects?

Promoted implements robust technical and organizational security measures to ensure a level of security appropriate to the risk of processing at hand. Some of the measures we have in place include ensuring all of our servers are in a virtual private cloud, in a private subnet, with access controls in place. We also encrypt our log records and DB traffic in transit and at rest.

Does Promoted combine the information it collects across clients?

No. We silo information by a client.

How does Promoted help clients to meet their obligations under privacy and data protection laws?

As noted above, we act as a “service provider” as defined by the CCPA and a “processor” as defined by the GDPR. That means that when you share your customers’ personal information with us, we use it only to provide the Promoted service and the disclosure of that information is not a “sale” as defined by the CCPA. As a result, clients do not need to build opt-outs to enable sharing personal information with us. In addition, we support customers’ obligations to provide access to and to delete their customers’ personal information.

How long does Promoted retain the information it collects?

We are passionate about building best in class marketplaces and other solutions with a strong privacy and security backbone, and we would be happy to discuss our efforts with you further. Feel free to reach out to us at
© 2022