Privacy Policy

Introduction

This Privacy Policy ("Policy") describes and governs the information collection, use, and sharing practices of NoBid Inc. and its corporate affiliates, subsidiaries, and divisions as may change from time to time (collectively, "NoBid," "we," "us," and "our") with respect to NoBid's websites, mobile applications, and other digital and interactive services that link to this Policy (together, the "Services").

Before you submit any information on or through the Services, please carefully review this Policy and any other documents referred to therein to understand our views and practices regarding your information and how we will treat it. By using any part of the Services, you consent to the collection, use, and disclosure of your information as further outlined in this Policy. We will continue to evaluate this Policy as we update and expand the Services and our offerings, and we may make changes to the Policy accordingly.

Please note that this Privacy Policy applies only to information collected through the Services and not to information collected offline or to information you may provide to any third-party sites to which NoBid may link, except as expressly provided herein. This Policy applies regardless of the device used to access the Services (e.g., personal computer, mobile device, consumer electronics device, or any other technology or software known today or developed in the future). Some online services offered by or affiliated with NoBid may be governed by a separate privacy policy. In those instances, the product-specific privacy policy shall apply to that online service.

For the purpose of data protection laws applicable from time to time to you in the location that you provide your information ("Applicable Law"), NoBid Inc. will be the 'data controller' (or such equivalent or replacement terminology as appropriate).

GDPR Compliance

NoBid respects your rights to data privacy and protection and is committed to maintaining internal policies, procedures, and working practices that meet the requirements of the GDPR. NoBid Inc. is committed to compliance with the GDPR as a controller of personal data and has appointed a data protection officer ("DPO") to ensure compliance on an ongoing basis.

We place a high priority on protecting and managing data in accordance with accepted standards and helping our customers utilize our products and services to the same end. As part of its provision of advertising services to our partners, NoBid.io processes personal data as defined in the GDPR.

IAB Transparency & Consent Framework (TCF) Participation

NoBid Inc. is a registered vendor in the IAB Europe Transparency & Consent Framework (TCF v2.2) and is listed on the Global Vendor List (GVL). As a TCF participant, NoBid adheres to the TCF Policies and Technical Specifications governing the collection, processing, and sharing of personal data in the context of digital advertising.

Through our participation in the TCF, we work with Consent Management Platforms (CMPs) deployed by publishers to ensure that user consent and transparency preferences are respected across the programmatic advertising ecosystem. NoBid only processes personal data in accordance with the signals communicated by a CMP, and we do not create, extend, modify, or supplement consent signals beyond what has been communicated by the CMP or forwarded by another TCF-participating vendor.

Service Scope and Operating Environments

As declared on the Global Vendor List, NoBid operates as a Sell Side Platform (SSP), Ad Serving provider, and Header Bidding technology provider. Our services operate across the following environments: web, native mobile applications, and native CTV (Connected TV) applications. Our TCF participation covers all EU/EEA/EFTA/UK jurisdictions.

TCF Purposes for Processing

NoBid relies on the following standard TCF Purposes when processing personal data. For each purpose, we indicate the legal basis and applicable data retention period as declared on the Global Vendor List:

Purpose 1 - Store and/or access information on a device (Consent): We store cookies and access device identifiers to facilitate ad delivery and frequency capping. This purpose requires explicit user consent.
Purpose 2 - Use limited data to select advertising (Consent): We use limited data such as the content of the page you are visiting, the type of device you are using, or general location information to select and deliver ads that are relevant to the context. Data Retention: 1 day.
Purpose 7 - Measure advertising performance (Consent): We collect and analyze data about which advertisements were shown, how often, when, and where, and whether users took any action related to the advertisement, such as clicking on it or making a purchase. Data Retention: 1,096 days.
Purpose 10 - Develop and improve services (Consent): We use data to improve our existing products and services, including our ad delivery algorithms and yield optimization technology. Data Retention: 10 days.

NoBid does not use Purposes 3, 4, 5, 6, 8, 9, or 11. We do not create profiles for personalized advertising, select personalized advertising, create profiles to personalize content, select personalized content, measure content performance, understand audiences through statistics, or use limited data to select content.

Special Purposes

NoBid processes data under the following Special Purpose, which is essential to the functioning of the advertising services. Special Purposes operate under legitimate interest and do not require separate consent, though users are informed of this processing:

Special Purpose 2 - Deliver and present advertising and content (Legitimate Interest): We use data to deliver ads and content technically, including by responding to the technical parameters of the device, using IP addresses to deliver ads over the internet, and serving certain ad formats. NoBid has conducted and documented a legitimate interest assessment confirming that this processing does not override data subjects' interests and fundamental rights.

NoBid does not rely on Special Purpose 1 (Ensure security, prevent and detect fraud, and fix errors) as a declared TCF Special Purpose.

Save and Communicate Privacy Choices (Legitimate Interest)

NoBid processes data under TCF Purpose 3 (Save and communicate privacy choices) on the basis of legitimate interest. This processing is limited to saving and communicating the user's privacy preferences as expressed through the Consent Management Platform, ensuring that consent and objection signals are accurately recorded and transmitted across the advertising supply chain.

Features and Special Features

NoBid does not currently rely on any TCF Features (such as matching and combining data from other sources, linking different devices, or identifying devices based on information transmitted automatically) or Special Features (such as precise geolocation data or active device scanning for identification). If this changes, we will update this Policy and our GVL registration accordingly.

Information We Collect

In accordance with TCF data category definitions and applicable law, we collect and/or already hold the following categories of data as declared on the Global Vendor List:

IP addresses
Device identifiers
Device characteristics
Probabilistic identifiers
Browsing and interaction data
Non-precise location data
User-provided data
User profiles
Privacy choices

NoBid does not collect authentication-derived identifiers or precise location data.

Legal Bases for Processing

The GDPR provides several legal bases upon which NoBid.io can rely for processing of personal data, namely consent, contractual necessity, compliance with a legal obligation, vital interests of data subjects, public interest, or legitimate interest.

For TCF Purposes 1, 2, 7, and 10, NoBid relies exclusively on user consent as the sole legal basis. Consent is obtained through a Consent Management Platform (CMP) deployed by the publisher, and NoBid does not process data under these purposes unless a valid, affirmative consent signal has been received.

Legitimate Interest Claim

NoBid relies on legitimate interest as the legal basis for the following processing activities. In each case, NoBid has conducted and documented a legitimate interest assessment confirming that the processing does not override data subjects' interests and fundamental rights:

Special Purpose 2 - Deliver and present advertising and content: NoBid has a legitimate interest in the technical delivery and presentation of advertising and content. This processing is limited to the technical operations necessary to serve an ad in response to a bid request, including responding to device parameters, resolving IP addresses for delivery over the internet, and rendering ad creative in the appropriate format. This processing is essential to the basic functioning of NoBid's advertising services, is minimally intrusive, and does not involve profiling or personalization of the user experience. Without this processing, ad-supported digital content could not be delivered to users.
Save and communicate privacy choices: NoBid has a legitimate interest in saving and communicating the user's privacy preferences as expressed through the CMP. This processing ensures that consent signals, objection signals, and other user privacy choices are accurately recorded, stored, and transmitted across the advertising supply chain so that all participating vendors can respect the user's preferences. This processing directly serves the interests of data subjects by ensuring their choices are honored.

Users may exercise their right to object to legitimate interest-based processing at any time through the Consent Management Platform (CMP) provided on the publisher's website or application. When a user objects, NoBid will receive the updated signal in real time and will cease the relevant processing accordingly.

How We Use Your Information

We use the information we collect for the following purposes:

To provide, maintain, and improve the Services
To deliver relevant advertising and measure its effectiveness
To analyze usage trends and optimize user experience
To detect, prevent, and address technical issues and fraud
To comply with legal obligations and enforce our terms
To communicate with you about updates, offers, and promotions related to our Services

Information Sharing and Disclosure

We may share information with third parties in the following circumstances:

With service providers who assist us in operating our Services
With advertising partners to facilitate targeted advertising
In response to legal process or government requests
To protect the rights, property, or safety of NoBid, our users, or others
In connection with a merger, acquisition, or sale of assets

We do not sell your personal information to third parties for their own marketing purposes without your explicit consent.

TCF Signal-Based Data Sharing

As a participant in the IAB Europe Transparency & Consent Framework, NoBid only transmits personal data to another vendor when the TCF signals confirm that the receiving vendor has a valid legal basis for processing. NoBid respects consent and legitimate interest signals on an individual, real-time basis and does not rely on stored or previously cached signals when a more recent signal has been received. We do not create consent signals where no CMP has communicated a signal, and we only forward signals that originate from a registered CMP without extension, modification, or supplementation.

Cookies and Tracking Technologies

We use cookies, pixel tags, and similar technologies to collect information about your interactions with our Services. These technologies help us deliver relevant advertising, measure campaign performance, and improve our Services.

You can control cookies through your browser settings. Most browsers allow you to refuse cookies or alert you when cookies are being sent. However, some features of our Services may not function properly without cookies.

Device Storage Duration

In accordance with TCF requirements, NoBid discloses the following information about how we store data on user devices:

Maximum cookie duration: NoBid cookies have a maximum lifespan of 604,800 seconds (7 days) from the time they are set.
Duration refresh: Yes. Cookie duration may be refreshed upon subsequent interactions with publisher properties that use NoBid services. This means the expiration date resets each time you visit a site where NoBid is active, counting from the date of your most recent interaction.
Non-cookie storage: NoBid does not use other methods of storing or accessing information on a user's device, such as localStorage, IndexedDB, or mobile ad IDs.

NoBid does not store information on or access information from a user's device without consent for Purpose 1 (Store and/or access information on a device), unless applicable law exempts such storage from the requirement to obtain consent. Detailed, purpose-specific storage and access information is available through our Device Storage Disclosure at our registration on the Global Vendor List.

Tailored Online and Mobile Advertising

We may use information collected through cookies and similar technologies to deliver advertisements tailored to your interests. You may opt out of receiving tailored advertising by visiting the Digital Advertising Alliance's opt-out page at www.aboutads.info/choices or the Network Advertising Initiative's opt-out page at www.networkadvertising.org/choices.

When using a mobile application, you may also receive tailored in-application advertisements. Each operating system (iOS for Apple phones, Android for Android devices, and Windows for Microsoft devices) provides its own instructions on how to prevent the delivery of tailored in-application advertisements. You may review the support materials and/or the privacy settings for the respective operating systems to opt out of tailored in-app advertisements.

For any other devices and/or operating systems, please visit the privacy settings for the applicable device or contact the applicable platform operator. We do not control how the applicable platform operator allows you to control receiving personalized in-application advertisements; thus, you should contact the platform provider for further details on opting out of tailored in-application advertisements.

Social Media and Third-Party Services

If you access the Services through a third-party connection or log-in (e.g., through a social network), you may allow us to have access to and store certain information in your social network profile. You may also visit third-party sites and give your consent to the collection and transfer of your Personal Information, which the third party transfers to us.

The information collected by and from social media and other content platforms may include your first name, last name, gender, general location, a link to your profile, your time zone, birthday, profile picture, your "likes," and your list of friends. If you do not wish to have this information shared, do not use a social networking connection to access the Services.

Data Security

We implement appropriate technical and organizational measures to protect the information we collect against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the Internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.

Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. When determining retention periods, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure, and applicable legal requirements.

Retention Periods by Purpose

In accordance with TCF requirements, NoBid applies the following maximum retention periods for data processed under each declared purpose, as registered on the Global Vendor List:

Purpose 1 - Store and/or access information on a device: Data associated with device storage (cookies, identifiers) is retained for a maximum of 7 days, subject to refresh as described in the Device Storage Duration section above.
Purpose 2 - Use limited data to select advertising: Data retention of 1 day. Contextual signals and limited data used for ad selection are processed in near-real time and are not retained beyond a single day.
Purpose 7 - Measure advertising performance: Data retention of 1,096 days (approximately 3 years). This retention period supports long-term measurement, trend analysis, and reporting obligations for publishers and advertisers.
Purpose 10 - Develop and improve services: Data retention of 10 days. Data used for service improvement is retained briefly before being anonymized or deleted.
Special Purpose 2 - Deliver and present advertising and content: Data retention of 0 days. Data used for technical ad delivery is processed in real time and is not retained.

Your Rights

Depending on your location, you may have certain rights regarding your personal information, including:

The right to access and receive a copy of your personal data
The right to rectify inaccurate personal data
The right to erasure ("right to be forgotten")
The right to restrict processing
The right to data portability
The right to object to processing, including processing based on legitimate interest
The right to withdraw consent at any time, as easily as consent was given

To exercise any of these rights, please contact us using the information provided below.

How to Withdraw Consent or Object to Legitimate Interest

NoBid relies on consent as the sole legal basis for Purposes 1, 2, 7, and 10. If you have previously given consent through a publisher's Consent Management Platform (CMP), you may withdraw that consent at any time by re-accessing the CMP interface on the publisher's website or application. Publishers participating in the TCF are required to make the CMP easily accessible, typically through a floating icon, footer link, or settings menu on each page of their website. Withdrawal of consent is designed to be as easy as giving consent.

When you withdraw consent through the CMP, NoBid will receive the updated signal in real time and will immediately cease processing your data under the relevant purposes. The withdrawal of consent does not affect the lawfulness of processing that took place before the withdrawal.

For processing based on legitimate interest (Special Purpose 2 and saving/communicating privacy choices), you have the right to object through the CMP. When you object, NoBid will receive the updated signal and cease the relevant processing accordingly.

California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of personal information. To exercise these rights, please contact us at dpo@nobid.io.

Children's Privacy

Our Services are not directed to children under the age of 16, and we do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information.

International Data Transfers

Your information may be transferred to and processed in countries other than the country in which you reside. These countries may have data protection laws that are different from the laws of your country. We take appropriate safeguards to ensure that your personal information remains protected in accordance with this Policy.

Contact Information

NoBid, its Data Protection Officer, or its Representative may be contacted using the information below:

Data Protection Officer

NoBid

Attn: Data Privacy

4813 West Haven Rd.

West Haven, UT 84401, USA

dpo@nobid.io

EEA Representative

Pursuant to Article 27 of the General Data Protection Regulation (GDPR), NoBid, Inc. has appointed European Data Protection Office (EDPO) as its GDPR Representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR:

By using EDPO’s online request form: https://edpo.com/gdpr-data-request/
By writing to EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium

Changes to This Policy

We may update this Policy from time to time. When we make changes, we will post a notification on the main page of the website and revise the "last updated" date at the top of this Policy. We encourage you to frequently review this Policy for any changes.