Privacy Policy

A-Prism ("we," "us," or "our") operates a programmatic advertising platform comprising supply-side (SSP) and demand-side (DSP) technology services. This Privacy Policy describes how we collect, use, disclose, and protect information in connection with our platform, websites, and related services (collectively, the "Services").

By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy. If you are a publisher or advertiser using our platform, additional data processing terms may apply under your service agreement.

1. Information We Collect

1.1 Platform Data (Programmatic Advertising)

In the course of providing our SSP and DSP services, we process the following categories of data through real-time bidding (RTB) and programmatic transactions:

• Bid request data — device type, operating system, browser, screen resolution, language settings, and connection type
• Contextual signals — page URL, content categories, app bundle identifiers, and publisher domain information
• Advertising identifiers — IDFA, GAID, cookie IDs, and other pseudonymous identifiers used for ad targeting and frequency capping
• Geolocation data — country, region, city, and approximate coordinates derived from IP address or device-level signals (where permitted)
• Ad interaction data — impressions served, clicks, video completion rates, viewability metrics, and conversion events
• Auction and transaction data — bid prices, clearing prices, deal IDs, and demand partner responses

1.2 Client Account Data

When you register for a platform account or engage with us as a publisher, advertiser, or demand partner, we collect:

• Business name, contact name, email address, and phone number
• Billing information and payment details
• Technical integration credentials (API keys, endpoint configurations)
• Communication records related to account management and support

1.3 Website Visitor Data

When you visit our website (a-prism.io), we may collect:

• IP address, browser type, referring URL, and pages viewed
• Information submitted through contact forms or demo requests
• Cookies and similar tracking technologies as described in Section 7

2. How We Use Information

We use the information we collect for the following purposes:

2.1 Programmatic Advertising Operations

• Facilitating real-time bidding auctions between supply and demand partners
• Optimizing ad delivery, floor pricing, and yield management for publishers
• Enabling audience targeting, frequency capping, and campaign optimization for advertisers
• Detecting and preventing invalid traffic (IVT), ad fraud, and brand safety violations
• Providing reporting, analytics, and bidstream diagnostics to our clients
• Training and improving our proprietary machine learning optimization models

2.2 Business Operations

• Managing client accounts, billing, and contractual obligations
• Providing technical support and platform maintenance
• Communicating service updates, policy changes, and operational notices
• Complying with legal obligations, regulatory requirements, and industry standards

3. Data Sharing and Disclosure

We share data with the following categories of recipients in the normal course of our programmatic advertising operations:

3.1 Demand and Supply Partners

As an SSP, we transmit bid request data to demand-side platforms, ad exchanges, and advertisers participating in real-time auctions in accordance with the OpenRTB protocol. As a DSP, we receive bid request data from supply-side partners. This data sharing is essential to the functioning of programmatic advertising.

3.2 Measurement and Verification

We share data with third-party verification providers for viewability measurement, brand safety scoring, invalid traffic detection, and independent audit purposes.

3.3 Service Providers

We engage trusted service providers for infrastructure hosting, data processing, analytics, and business operations. These providers are contractually bound to use data only for the purposes we specify.

3.4 Legal and Compliance

We may disclose information when required by law, in response to valid legal process, to protect our rights and safety, or to enforce our terms of service.

4. Data Retention

We retain data in accordance with the following guidelines:

• Bid-level data — raw bid request and response logs are retained for up to 90 days for operational analysis and fraud detection, then aggregated or deleted
• Reporting and analytics data — aggregated campaign and performance data is retained for the duration of the client relationship plus 12 months
• Client account data — retained for the duration of the business relationship plus any period required by applicable law
• Advertising identifiers — pseudonymous identifiers used for targeting are retained for a maximum of 13 months from last activity, in line with industry standards

5. International Data Transfers

A-Prism operates across the Asia-Pacific region. Data collected through our platform may be transferred to and processed in countries where our infrastructure, partners, and service providers are located. When we transfer data across borders, we implement appropriate safeguards including:

• Standard contractual clauses approved by relevant regulatory authorities
• Data processing agreements with all partners and sub-processors
• Technical and organizational security measures appropriate to the sensitivity of the data

6. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you
• Rectification — request correction of inaccurate or incomplete data
• Erasure — request deletion of your personal data, subject to legal retention requirements
• Restriction — request that we limit processing of your data in certain circumstances
• Portability — request a machine-readable copy of your data
• Objection — object to processing based on legitimate interests, including profiling for advertising purposes
• Withdraw consent — where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, contact us at info@a-prism.io. We will respond within 30 days or as required by applicable law.

Opt-Out of Interest-Based Advertising

You may opt out of interest-based advertising through the following mechanisms:

• Industry opt-out tools provided by the DAA (optout.aboutads.info) or NAI (optout.networkadvertising.org)
• Device-level advertising identifier settings (Limit Ad Tracking on iOS, opt out of Ads Personalization on Android)
• Browser cookie settings and do-not-track signals where supported

7. Cookies and Tracking Technologies

We use cookies and similar technologies for the following purposes:

• Essential cookies — required for platform functionality, authentication, and security
• Advertising cookies — used to facilitate ad delivery, frequency capping, and auction participation in programmatic transactions
• Analytics cookies — used to understand website usage patterns and improve our services
• Sync cookies — used for cookie syncing between our platform and demand/supply partners to enable cross-platform ad delivery

You can manage cookie preferences through your browser settings. Note that disabling certain cookies may affect the functionality of our platform services.

8. Data Security

We implement industry-standard technical and organizational measures to protect data processed through our platform, including:

• Encryption of data in transit (TLS 1.2+) and at rest
• Isolated per-client infrastructure with dedicated databases
• Role-based access controls and multi-factor authentication
• Regular security audits, penetration testing, and vulnerability assessments
• Incident response procedures with defined notification timelines

9. Regional Compliance

GDPR (European Economic Area)

Where we process personal data subject to GDPR, we do so as a data processor on behalf of our clients (data controllers) or as a joint controller where applicable. We support IAB TCF 2.2 for transparency and consent management in programmatic advertising.

Asia-Pacific Regulations

We comply with applicable data protection regulations across the Asia-Pacific markets in which we operate, including but not limited to PDPA (Singapore, Thailand), APPI (Japan), Privacy Act (Australia), and PIPA (South Korea). Specific compliance measures are documented in our regional data processing addenda.

10. Industry Standards

A-Prism adheres to the following industry frameworks and standards:

• OpenRTB 2.6 protocol specification for bid request/response handling
• IAB TCF 2.2 for consent management in programmatic transactions
• ads.txt and sellers.json for supply chain transparency
• VAST 4.2 for video ad serving
• TAG (Trustworthy Accountability Group) guidelines for fraud prevention

11. Children's Privacy

Our platform services are not directed at children under the age of 16 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take prompt steps to delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify clients of material changes through our platform dashboard or via email. The "Last updated" date at the top of this page indicates when the policy was last revised.

13. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or need to report a data protection concern, please contact us: