ironSource Mobile Ltd. Privacy Policy

Effective Date: July 10th, 2022

Table of Contents:

  • About us
  • Scope
  • Information we collect
  • How we use the information we collect
  • Maximum information retention period
  • How we share information
  • How to control information
  • Children
  • International transfers
  • EU Representative
  • Changes to this Privacy Policy
  • Contact us

About Us

ironSource Mobile Ltd. (“ironSource Mobile”) operates 4 main services:

  • Ad Network – A platform that allows app developers to serve ads within their apps, and advertisers to promote their products, and services within apps. 
  • Mediation Platform – A platform that helps app developers to manage all the ad providers with which they have a direct relationship (e.g. ironSource Mobile ad network, third party ad networks, additional online advertising companies, etc.) that serve ads on their apps.
  • Analytics Platform – A platform that allows app developers to receive insights on their apps.
  • Ad Quality PlatformA platform that allows app developers to monitor advertising content displayed within their apps.

      We collect information in either of 2 ways:

      • Directly – through our SDKs integrated by app developers in their apps. SDK, or a Software Development Kit, is a software component that allows us to serve ads in a mobile app, and to collect information directly from such apps.
      • Indirectly – through other third party mediation platforms with which we engage in order to serve ads in apps, or by receiving information from our advertisers.

      Scope

      This privacy policy describes ironSource Mobile’s privacy practices with respect to information it processes through its Ad Network, Mediation Platform, Analytics Platform and Ad Quality Platform. This privacy policy does not govern the use of our website, dashboard for publishers, and dashboard for advertisers.

      ironSource Mobile serves ads to users all around the world. Accordingly, throughout the document, we try to harmonize our approach and the language of the privacy policy as much as possible. However, sometimes we refer to specific laws that require further disclosures. For example,  whenever you see throughout the policy the annotation “The GDPR angle”, it means that the purpose of such section is to satisfy the transparency requirements of the General Data Protection Regulation (the “GDPR”), and therefore it applies only to personal data (as defined by the GDPR) associated with devices who we deem to be located in the European Economic Area, United Kingdom, or Switzerland. In addition, if you are a resident of Nevada, please see “The Nevada Angle” for information related to Nevada privacy rights”. If you are a resident of California, please see “The CCPA Angle” for information related to the California Consumer Privacy Act (the “CCPA”).  “The CCPA Angle” sections apply only to “personal information” that is subject to the CCPA. For purposes of the CCPA, this Privacy Policy serves as both the Privacy Policy and Notice at Collection of Personal Information.

      Information We Collect

      • Information collected through our Ad Network (“Ad Network Information”) –

      Identifiers: Advertising ID, IP address, and a self-created ID unique to a specific app, and IDs unique only to apps of the same developer. The term Advertising ID refers to the Google Advertising ID on Android devices, and ID For Advertising (“IDFA”), or . The Advertising ID is a resettable persistent identifier generated by Android or iOS that allows online advertising companies to recognize a device across apps, for advertising purposes. You can find additional information about how to limit our use of the Advertising ID under “How to Control Your Information”.

      General technical information about a device: Technical information such as the device’s time zone, the amount of free memory on the device, the name and version of the app to which the ad is served, battery status, operating system name and version,  the language of the operating system, the name of the mobile carrier, internet connection type (e.g. WiFi), etc.

      Campaign information: An indication if an ad was viewed, or clicked, or if there was an install of an advertised app. Information about actions performed within an advertiser’s app following such an install, such as in-app purchases, and level in the game (if the advertiser chooses to provide such information).

      • Information collected through our Mediation Platform (“Mediation Information”) –

      Identifiers: Advertising ID, IP address, a self-created ID unique to a specific app, and IDs unique only to apps of the same developer. 

      General technical information as described above.

      Data provided by the app developers (if they choose to provide it) – The app developer can choose to share with us the following information: age, gender, in-app purchases, advance in the game, and such other information provided by the app developer.

      • Information collected by our Analytics Platform (“Analytics Information”)

      Identifiers: a self-created ID unique to a specific app.

      App events: Events set by the app developer that occurred within the app.

      General technical data about the device.

      • Information collected by our Ad Quality Platform (“Ad Quality Information”)

      Identifiers: a self-created ID unique to a specific app.

      Advertising content: The ads displayed within the app, and interactions with such ads.

      General technical data about the device.

      How We Use the Information We Collect

      As stated above, we provide 4 main services. For each such service, we use the information we collect in different ways. Below is a general description of how we use information across our services:

      • Operating our Ad Network – We use Ad Network Information to serve ads on app developers’ apps. More specifically, we use such information for the following purposes:
        • Ad delivery: we use Ad Network Information to technically enable the delivering of ads to your device.
        • Reporting, billing and attribution: We use Ad Network Information to generate reports for our publishers and bill advertisers and publishers, including for ensuring that if you interacted with our ads, we will receive payment for our service.
        • Internal Operations: We use Ad Network Information for internal operations, such as debugging, support, security, and improving our services.
        • Fraud detection and prevention: We use Ad Network Information for detecting and preventing fraud, and for ensuring viewability of our ads.
        • Optimization and frequency capping: We use Ad Network Information for optimizing advertising campaigns, including for limiting the number of times you view a specific campaign across our network, or the number of ads you view in a specific app.
        • Whitelisting/blacklisting: We allow advertisers to upload lists of device IDs to include/exclude in, or from their advertising campaigns.
        • Operating our ad marketplace – We use Ad Network Information to allow the third party advertising companies listed here to bid on ad inventory. 
      • Operating our Mediation Platform – We use Mediation Information to operate our mediation platform. More specifically, we use such information for the following purposes:
        • Reporting: We generate reports for the app developers using our mediation platform in order to allow them to better understand their audience in terms of interaction with ads.
        • Segmentation: We allow app developers to create segments based on parameters they configure in our mediation platform. Such segmentation allows them to use different ad networks and different ad units for different segments of users. However, this feature does not allow them to serve you with personalized advertising, as app developers cannot control the content of the ads served by different networks.
        • Sending ad requests on behalf of the app developer: In addition to the other information used to operate the mediation platform, we use the Ad Network Information in order to send ad requests on behalf of the app developer to ad networks with which the app developer has direct contractual relationship, but due to technical reasons, we are in the best position to populate the ad request with the Ad Network Information.
      • Operating our Analytics Platform – We use Analytics Information to operate our Analytics Platform. More specifically, we use such information for the following purposes:
        • Reporting: We generate reports for the app developers using our Analytics Platform in order to allow them to better understand the use of their apps.
        • Internal Operations: We use Analytics Information for internal operations, such as debugging, support, security, and improving our services.
      • Operating our Ad Quality Platform – We use Ad Quality Information to operate our Ad Quality Platfrom. More specifically, we use such information for the following purposes:
        • Reporting: We generate reports for the app developers using our Ad Quality Platform in order to allow them to see which ads were served within their apps, and how such ads affected the use of their apps.
        • Internal Operations: We use Ad Quality for internal operations, such as debugging, support, security, and improving our services.
      • Compliance with legal obligations – We may use Ad Network Information, Mediation Information, Analytics Information, and Ad Quality Information to comply with applicable legal obligations.

      The GDPR Angle:

      • Legal basis for the processing of personal data –
      Processing Details Controller/Processor Legal Basis
      Mediation platform Processing of Mediation Information for the purpose of operating our mediation platform on behalf of app developers Processor The legal basis applicable to the processing is chosen by the app developer, as the controller
      Ad network Processing Ad Network Information for the purpose of operating our ad network, including for purposes listed above, such as optimization and frequency capping, attribution, fraud detection and prevention, and internal operations Controller Our legitimate interests, and the legitimate interests of app developers
      Ad network – Ad marketplace (allowing third parties to bid on ad inventory) Processing of Ad Network Information for the purpose of operating our ad marketplace, including the sharing of personal data with third party advertising partners listed here, for the purpose of receiving bids from such third party advertising partners Controller Consent 
      Ad Network – Blacklisting/whitelisting ad campaigns Processing of personal data for the purpose of excluding/including devices from, or in an ad campaign Processor The legal basis applicable to the processing is chosen by the app developer, as the controller
      Analytics Platform Processing of Analytics Information for the purpose of operating our Analytics Platform on behalf of app developers Processor The legal basis applicable to the processing is chosen by the app developer, as the controller

      The CCPA Angle:

      • We act as “service providers” – In many cases, we act as a service provider to collect personal information from, or on behalf of, customers who use our services. These customers have their own privacy policies that describe how they use information. To the extent that we are processing personal information subject to the CCPA on behalf of a customer in our role as a service provider, you should reach out to that customer directly to exercise your rights under the CCPA.
      • The remainder of this section provides disclosures for users for cases where we are not acting as a service provider to a customer.
      • Personal Information We Collect, Disclose for a Business Purpose, and Sell – We collect the categories of personal information about California users identified in the chart below.  As further set forth in the chart below, in the past 12 months, we have disclosed and sold personal information about California users to third parties for business or commercial purposes.
      Categories of Personal Information  Categories of sources from which information is collected: Business or commercial purposes for collection, use, and sharing: Disclosed for business purposes to the following categories of third parties: Sold to the following categories of third parties:
      Personal and online identifiers (such as first and last name, email address, or unique online identifiers) See the “About Us” Section See the “How We Use the Information We Collect” Section See the “How We Share Information” Section All categories listed below.
      Internet or other electronic network activity information (such as browsing history, search history, interactions with a website, email, application, or advertisement) See the “About Us” Section See the “How We Use the Information We Collect” Section See the “How We Share Information” Section All categories listed below.
      Geolocation information See the “About Us” Section See the “How We Use the Information We Collect” Section See the “How We Share Information” Section All categories listed below.
      Other information about you that is linked to the personal information above See the “About Us” Section See the “How We Use the Information We Collect” Section See the “How We Share Information” Section All categories listed below.
          • Recipients of California Personal Information – Although we do not sell personal information for monetary consideration, we do sell personal information, subject to the choices with respect to “sale” of personal information communicated to us by the app developer from which our services are available, to the categories of third parties listed below, under the definition of “sale” in the CCPA:
            • Advertising/marketing companies;
            • Advertising networks;
            • App developers; and
            • Attribution companies.
      • Maximum Information Retention Period:

      We will retain your personal data included in Ad Network Information, Mediation Information, and Advertiser Information for the longer of: (i) a period of up to 6 months from the date such information is first stored in our systems; or (ii) a period of 3 months from the last appearance of your Advertising ID in our systems.

      How We Share Information:

      • We share information with:
        • Other advertising partners – We share Ad Network Information for the purpose of allowing the advertising companies listed here to bid on ad inventory.
        • Our corporate affiliates – from which we receive services, such as IT, security, storage, and other internal operations.
        • App developers – for the purposes of attribution and whitelisting/blacklisting, and reporting, as stated above.
        • Service providers –for the purpose of receiving services such as fraud detection and prevention, viewability measurement, reporting, and storage.
        • Viewability measurement – Please note that certain versions of our SDK may include software libraries that allow advertisers to verify if their ads were actually viewed. 
      • We may also disclose information if we have a good faith belief that disclosure of such information is reasonably necessary to: (i) comply with any applicable law, regulation, legal process or governmental request; (ii) enforce our agreements and policies, including investigations of potential violations thereof; (iii) investigate, detect, prevent, or take action regarding illegal activities or other wrongdoing, suspected fraud or security issues; (iv) to establish or exercise our rights to defend against legal claims; (v) prevent harm to the rights, property or safety of us, our users, yourself or any third party; (vi) for the purpose of collaborating with law enforcement agencies or in case we find it necessary in order to enforce intellectual property or other legal rights; or (vii) when we are undergoing any change in control, including by means of merger, acquisition or purchase of all or substantially all of our assets.

        How to Control Information

          • Collection of device data – Updated versions of iOS, and Android, enable you to control how apps can collect the Advertising ID. please follow the below instructions:
            • iOS devices (iOS 14+): go to Settings > Privacy > Tracking > Allow Apps to Request to Track. Please note that if you use more than one device, you need to opt-out separately in each device.
            • Android devices: Please follow the instructions set forth at:  https://support.google.com/ads/answer/1660762 (under Mobile Controls). Please note that if you use more than one device, you need to opt-out separately in each device.


        The GDPR Angle:

        • Withdraw consentYou have the right to withdraw the consent you provided to us for sharing Ad Network Information with third party advertising companies. You can withdraw your consent from within the app you provided to us the consent (this will affect only our processing within this specific app), or by following the instructions above on how to control collection of device data (this will affect our processing of data of all apps on your device). 
        • Data subject rights – Please note that you have the right to request from us access to and rectification or erasure of your personal data we process as controllers, or to restrict or to object to processing of your personal data in accordance with the provisions of the GDPR. To submit a request for exercising your rights, please use one of the following ways:
          • For access and erasure requests, submit your request through our online form, which can be accessed at https://ironsrc.formtitan.com/Data_Subject_Request
          • For other data subject requests, please send an email with your request to the following address: privacy-request@ironsrc.com

        Please note that we will process your request subject to verification, and authentication of your identity.

        • Complaint to supervisory authority – You also have the right to file a complaint with the relevant supervisory authority (e.g. of your country or domicile) where ironSource has not addressed your concerns.

        The CCPA Angle:

        • Your Rights Regarding Personal Information – California residents have certain rights with respect to the personal information collected by businesses.  If you are a California resident, you may exercise the following rights regarding your personal information, subject to certain exceptions and limitations:
          • The right to know the categories and specific pieces of personal information we collect, use, disclose, and sell about you, the categories of sources from which we collected your personal information, our purposes for collecting or selling your personal information, the categories of your personal information that we have either sold or disclosed for a business purpose, and the categories of third parties with which we have shared personal information.
          • The right to request that we delete the personal information we have collected from you or maintain about you.
          • The right to opt out of our sale(s) of your personal information. Please note that if you opt out of certain types of sales, we will be unable to provide you with the services that rely on such sales.
          • The right not to receive discriminatory treatment for the exercise of the privacy rights conferred by the CCPA.
        • Exercise your rights – To exercise any of the above rights, please use one of the following ways:
          • For exercising your rights to know or to delete personal information, submit your request through our online form, which can be accessed at https://ironsrc.formtitan.com/Data_Subject_Request
          • Alternatively, you may send an email with your request to the following address: privacy-request@ironsrc.com

        For more information on how you can exercise your rights you may also call our toll-free phone number: +1(888)244-7212

        • Verification Process and Required Information – Note that we may need to request additional information from you to verify your identity or process your request, although you will not be required to create an account with us to submit a request or have it fulfilled. We will require you to provide, at a minimum, your email address. We will also collect information that identifies your device when you submit a request, in order to help verify your identity.
        • Authorized Agent – You may designate an authorized agent to make a CCPA request on your behalf by verifying your identity and providing the agent with written permission to make the request on your behalf.

        Information about California resident requests in 2021

          Request type Requests received Requests complied with Requests denied Mean number of days for response
          Request to know

          72

          67

          5

          14.25 days

          Request to delete

          174

          174

          0

          6.5 day

            The Nevada Angle:

            • Although we do not currently conduct sales of personal information (covered by the relevant Nevada law), Nevada residents may submit a request directing us to not sell personal information we maintain about them if our practices change in the future, by sending the request to the following email address: nevada-request@ironsrc.com.  

            Children

            ironSource does not knowingly collect or maintain personal information collected online from children under the age of 13, except to the extent that the U.S. Children’s Online Privacy Protection Act permits us to collect and maintain such information without parental consent. If you believe your child has provided us with personal information that is covered by the U.S. Children’s Online Privacy Protection Act without your required consent, please contact us at legal@ironsrc.com and we will make reasonable efforts to delete the information from our records. Our services may link to other websites or mobile apps. Please be advised that we are not responsible for the privacy practices of such other websites or mobile apps as those may have different privacy policies and terms of use and are not associated with us. You agree that we cannot control these websites and/or mobile apps and we shall not be responsible for any use of such websites and/or mobile apps.

            The GDPR Angle:

            • We do not collect or otherwise process personal data from individuals in the European Economic Area, the United Kingdom, and Switzerland whom we know to be under the applicable age stated in the different implementations of the GDPR, except to comply with law or to support our legitimate interests or the legitimate interests of our app developers partners as described above.

            The CCPA Angle:

            • We do not sell the personal information of minors under 16 years of age.

            International Transfers

            We store information that we collect from a device on our Amazon Web Services servers in the United States. Accordingly, please note that if you do not live in the United States, we will transfer your information to and store it in, the United States.

            The GDPR Angle:

            ironSource Mobile Ltd. is based in Israel, which is considered by the European Commission to be offering an adequate level of protection for the Personal Information of EU Member State residents.

            We will transfer personal data to third parties located outside of the European Economic Area, the United Kingdom, or Switzerland based on standard contractual clauses. 

            Representation for data subjects in the EU

            We value your privacy and your rights as a data subject and have therefore appointed Prighter as our privacy representative and your point of contact.
            Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative Prighter or make use of your data subject rights, please visit the following https://prighter.com/q/13822340265.

            Changes to This Privacy Policy

            We may revise this Privacy Policy from time to time. The most current version of the policy will govern our processing of information and is posted at https://developers.is.com/ironsource-mobile/air/ironsource-mobile-privacy-policy/. If we make a change to this policy that, in our sole discretion, is material, we will notify you via a banner on this website and by posting the revised Privacy Policy. By continuing to access or use an app containing our services after those changes become effective, you agree to be bound by the revised Privacy Policy.

            Contact Us

            ironSource Mobile Ltd.

            dpo@ironsrc.com

            121 Menachem Begin Rd., Tel Aviv, Israel

            Attn: Data Protection Officer