I’ve always been a vocal advocate for consumer protection against data mining and privacy infringing advertising technologies. It’s something I’m passionate about, and it’s something we take very seriously at BuySellAds.
Since the beginning, our team has built ad serving tools that protect online privacy and provide positive user experience. For example, our ads respect the user experience so much that they are whitelisted across ad blockers. Why? Our ads are unobtrusive, and in all of our products, we focus on collecting only vital data and using it in a way that maintains user privacy.
In light of GDPR and CCPA, I thought now would be a good time to clearly outline the user data we track, how we use it, and who can access it.
What user data we collect
When it comes to end user data, we only collect what is absolutely necessary to catch fraudulent traffic and provide reporting for our publishers and advertisers.
Our data is limited to basic information about the user as well as their activity on our network. Here’s the specific information we collect and why:
- IP address to determine geographic location.
- Browser type and operating system, as determined from user agent string. (We do not store the user agent string itself but do store a hash of the user agent.)
- Creative, ad zone, and publisher segment(s) to determine where impressions and clicks are happening.
But, what about cookies?
Currently, we set user IDs for each person who visits a website where ads are delivered by our serving technology. This ID is a combination of the user’s IP address and the first time the user was seen. It is tracked alongside clicks and impressions, and is vital for our fraud prevention efforts. We never import this data permanently into our statistics database.
Moving forward, we’re exploring tools to serve ads and track aggregate statistics through cookies that only store non-personally-identifiable data.
How we use the data we collect
The basic information we collect is only used in three ways: to allow very basic campaign targeting, calculate campaign pacing, and detect fraud across our network. In all cases, data is kept anonymous to maintain user privacy.
Basic campaign targeting
Advertisers can use geographic information derived from IP addresses to reach a specific traffic segment based on country, state, or city.
User agent strings provide basic browser information that can be used for campaign targeting or to provide further insight to publishers about where their traffic is coming from and what devices they’re using to navigate their content.
We don’t use this information to profile users. We never use a user’s traffic history or advertisement interactions to build a profile and sell targeting based on that generated profile. This is standard practice in the ad tech industry, but we don't do it.
Calculating campaign pacing
Additionally, we use aggregate data to pace ad delivery during campaigns.
We offer basic targeting based on geography, browser, operating system, and segment. In order to support these choices, we track geographies (through IP addresses), browsers (through user agent strings), operating systems (through user agent strings), and segments for any hits to a page that could load an ad—whether or not there is an ad to show.
We need this because:
- For certain ad types, we provide aggregate stats to the publisher and advertiser on the basic demographics (country, browser, OS) of the people who viewed the ad.
- Whether or not ads load, we need to be aware of how much traffic is available so we sell no more than the available impressions. This same availability data is also used to serve ads at an even pace over the course of the campaign.
Fraud detection and prevention
The data we collect is also used to detect unusual behavioral patterns across our network and remove abnormal traffic. Any traffic source that generates suspicious impressions or clicks is identified and marked for fraud evaluation.
Further analysis is then run on the offending traffic. We use a third-party vendor list to compare the suspect traffic to a list of offenders already known to be associated with fraudulent traffic online. If our data matches, we then mark the traffic as suspicious and remove it from our network before they can influence campaign results and show up in campaign statistics.
Who can access our data
No one but us… and not even all of us. Within BuySellAds, only a very small subset of the team has access to our non-aggregate data. We use the principle of least privilege to ensure strong security.
Our data is never sold to third parties or used for any purpose other than what was covered in the previous section. At our core, we believe that user data belongs to the user and should never be sold by intermediaries acting as middle-men... especially in unregulated industries that have already demonstrated a lack of self-control (e.g. ad tech).
We don’t partner with third party data companies, and we don’t sell data to others.
This sets us apart in the advertising community, which is sad to say. There are tons of exchanges, agencies, and platforms that collect and sell user data, often without publishers and users knowing it’s happening.
So, let me be clear: we’ve never purchased or sold first person user data from third-party resellers, nor have we experimented with it. We’ve always maintained that data belongs to users and not the advertising platform that a publisher chooses to work with.
Of course, marketers have the right to ask for access to the data to build effective campaigns, but it’s our opinion that the data transmissions should be limited to the relationship between publishers and their advertisers. At no point should marketers have the right to re-package the data and sell it to other third party services.
Good for users, publishers, and marketers
BuySellAds isn’t a typical ad tech company, and that’s a good thing.
Our approach to ad tech aims to strike a balance between maintaining user privacy, providing publishers with necessary audience insights, and giving marketers what they need to report on campaigns.
Publishers running our serving technology and the advertisers they work with have access to certain aggregate data via reporting in our services. On top of that, advertisers get access to aggregate geographic data for their campaigns, and not session by session, or user by user data. They only see the macro picture.
We believe this respectful approach can increase revenue and CPM values of publisher inventory. Our publishing partners don’t need to sell data to third parties for survival. In fact, they have thrived in an environment without the usual tracking and data collection of ad tech.