Effective Date: January 30, 2026 | Version 1.1.0
Supply Monitor ("Company," "we," "us," or "our") is committed to protecting the privacy and security of the information we receive from our clients. This Privacy Policy explains how we collect, use, disclose, and safeguard information in connection with our programmatic advertising intelligence services.
1. Information We Collect
1.1 Client Business Information
We collect information necessary to provide our services and maintain our business relationship:
- Contact information (name, email address, phone number)
- Company name and business address
- Billing and payment information
- Communications and correspondence with us
1.2 Advertising Campaign Data
To perform our analysis services, we process data from your advertising platforms:
| Data Source |
Types of Data |
| DSP Log Files (DV360, Trade Desk, Amazon DSP) |
Impression data, bid data, domain/URL information, device identifiers, IP addresses (truncated or hashed), timestamps, geographic indicators |
| Analytics Exports (GA4, Adobe Analytics) |
Session data, conversion events, traffic source information, user journey data |
1.3 Website Visitor Information
When you visit our website, we may collect:
- Information you provide when filling out forms or contacting us
- Technical information via cookies and similar technologies (see Section 8)
- Usage data about how you interact with our website
2. How We Use Information
2.1 Service Delivery
We use Client data to:
- Perform IVT (invalid traffic) detection and analysis
- Conduct supply quality assessments
- Generate supply path optimization recommendations
- Produce reports and deliverables
2.2 Service Improvement
We may use aggregated, anonymized data (containing no Client-identifiable information) to:
- Improve our detection algorithms and methodologies
- Develop industry benchmarks
- Enhance our services
2.3 Business Operations
We use business contact information to:
- Communicate about services and deliverables
- Process payments and billing
- Provide customer support
- Send service-related announcements
3. Data Sharing
3.1 We Do Not Sell Data
Supply Monitor does not sell, rent, or trade Client data to third parties for marketing purposes.
3.2 Limited Sharing
We may share data only in the following circumstances:
- Sub-processors: With service providers who assist in delivering our Services (see Section 4)
- Legal Requirements: When required by law, regulation, or legal process
- Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to affected Clients)
- With Consent: When Client has provided explicit consent
4. Sub-Processors
We use the following third-party service providers to process data on our behalf:
| Sub-Processor |
Purpose |
Location |
| Google Cloud Platform |
Data storage, processing, and analysis infrastructure |
United States |
| Anthropic (Claude API) |
AI-assisted analysis and pattern detection |
United States |
| Stripe |
Payment processing |
United States |
| SendGrid |
Transactional email delivery |
United States |
All sub-processors are contractually obligated to protect data in accordance with this Privacy Policy and applicable data protection laws.
5. Data Security
We implement appropriate technical and organizational measures to protect data, including:
- Encryption of data in transit and at rest
- Access controls and authentication requirements
- Regular security assessments
- Employee training on data protection
- Secure, automated report delivery
5.1 Data Breach Notification
In the event of a data breach that affects Client data, we will:
- Notify affected Clients within seventy-two (72) hours of becoming aware of the breach
- Provide information about the nature of the breach and data affected
- Describe measures taken to address the breach
- Cooperate with any required regulatory notifications
6. Data Retention
We retain Client data as follows:
- Campaign Data: 120 days from the end of the service period or termination
- Business Records: As required for legal, accounting, and compliance purposes
- Aggregated Data: Indefinitely (contains no Client-identifiable information)
Clients may request earlier deletion of their data by contacting us in writing.
7. International Data Transfers
Client data is processed and stored in the United States. For Clients located outside the United States, including in the European Economic Area (EEA), United Kingdom, or Switzerland:
- Data transfers are conducted in compliance with applicable data protection laws
- We rely on Standard Contractual Clauses (SCCs) approved by the European Commission for transfers from the EEA
- Additional safeguards are implemented as required by applicable law
8. Cookies and Tracking Technologies
8.1 Cookies We Use
Our website uses the following types of cookies:
| Cookie Type |
Purpose |
Duration |
| Essential |
Required for website functionality |
Session |
| Analytics (Google Analytics 4) |
Understanding website usage |
Up to 2 years |
| Advertising (Retargeting) |
Delivering relevant advertisements |
Up to 90 days |
8.2 Managing Cookies
You can control cookies through your browser settings. Note that disabling certain cookies may affect website functionality.
9. Your Rights
9.1 General Rights
All Clients have the right to:
- Request access to their data
- Request correction of inaccurate data
- Request deletion of their data (subject to retention requirements)
- Withdraw consent where processing is based on consent
9.2 Rights for EEA, UK, and Swiss Residents (GDPR)
If you are located in the European Economic Area, United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR), including:
- Right to Access: Request a copy of your personal data
- Right to Rectification: Request correction of inaccurate data
- Right to Erasure: Request deletion of your data
- Right to Restriction: Request limitation of processing
- Right to Data Portability: Receive your data in a structured format
- Right to Object: Object to processing based on legitimate interests
- Right to Lodge a Complaint: File a complaint with your local supervisory authority
9.3 Rights for California Residents (CCPA/CPRA)
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including:
- Right to Know: Request disclosure of personal information collected
- Right to Delete: Request deletion of your personal information
- Right to Correct: Request correction of inaccurate information
- Right to Opt-Out: Opt out of the sale or sharing of personal information
- Right to Non-Discrimination: Not be discriminated against for exercising your rights
We do not sell personal information.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify Clients of material changes via email or through our website. The "Effective Date" at the top of this Policy indicates when it was last revised.
11. Contact Us
For questions about this Privacy Policy or to exercise your rights, contact us at:
Supply Monitor
Email: privacy@supplymonitor.ai