loader

Privacy Policy

Updated 30th September 2023

Factori (“we”/ “us”/ “our”) provides consumer intelligence services using disparate data elements (such as location data, offline and digital identifiers, device metadata etc.) that we collect and infer for anonymized individuals (“individuals”/ “you”/ “your”). In this Privacy Policy (“Policy”), we describe our data collection and use practices for the information that we collect and the data we receive from our data partners (such as mobile app publishers and developers) about individuals. This Policyalso describes  the choices available to you regarding the use of that information and data. This Policy doesn’t apply to the data collection and use practices of our clients, and business partners and the websites, services, and applications that they operate.

Data We Collect

We receive data from a variety of business partners, clients, and other companies that license data to us, or provide us data to facilitate our services. This information, which we refer to in this Policy as the Factori “Service Data,” includes the following:

Data You Give Us: When you ask to be contacted or have questions about our services, you provide us with your contact information (like your name and email address).

Data We Collect: When you visit our website or when our services are used (by you or by our customers), certain information and data is automatically collected. Our servers collect technical information about your browser or device that it sends when you visit a website or when an advertisement is displayed or measured through our services. These server logs collect information such as the web request, internet protocol (IP) address or device identifier, browser type, referring / exit pages and URLs, number of clicks, impressions served, domain names, landing pages, pages viewed, and other such information. We (and/or our customers and partners) use cookies and web beacons to collect this data (over time and across websites, mobile apps, and devices). These tools (among other things) help us to count impressions, recognize visitors, and provide analytics about the effectiveness of an advertisement. We also use Google Analytics (or other analytics providers) to help us understand the use of our website.

Data We Receive from Others: We receive data that was initially collected (over time and across websites, mobile apps, and devices) by our data partners (such as mobile app publishers and developers, advertising networks and exchanges and other websites and services), which includes:

Ad Data- We receive advertisement requests (to display an advertisement on a website, mobile app or device) along with its associated data, such as a device identifier (like a browser ID or an advertising ID (the operating system-supplied ID meant for advertising use, such as the Apple’s Identifier for Advertisers or a Google Advertising ID(IDFA or AAID, respectively), or another similar identifier, the browser or device type, IP address, app publisher, operating system, location, and other similar device-specific information.

Movement Data-We receive data about the places people go and visit with their mobile devices (if the mobile or other location-aware device is configured to share its location data when the device or a mobile application on the device is in use or when operating in the background). In addition to location, we receive a device identifier and other information about that device (such as the browser or device type, IP address or app publisher, operating system, carrier provider, and other similar device-specific information). We do not receive the phone number or the unique hardware device ID of a mobile device through this channel. We identify devices using the advertising ID or a randomly assigned unique identifier (that is created through our own system).

Personal Data- We receive Personal Data during your registration, when you choose to provide it, such as your name and email address. The decision to provide such data is optional. In addition, we may also receive certain personal data from third parties that includes hashed email addresses and hashed phone numbers. We make our best endeavor to ensure that all such data is explicitly opted-in with clearly defined permitted use cases that the data subject consents to including sharing it with non-affiliated third parties.

Data We Receive from Other Sources- We receive data and information from other data sources about places that individuals use to verify their location, to classify those locations (such as a business, residential parcel, or other point of interest), and to identify the location’s boundaries.

Note about children. We do not knowingly collect personal information from children. If we learn that we have collected personal information of a child under 18, we will take steps to delete such information from our files as soon as possible.

How We Use the Data We Collect

We associate the data and information that we collect with the data and information we receive from others. Our technology contextualizes and aggregates this data. The consumer intelligence we derive (and infer) from the data and the information we amass is the basis of the services we provide:

  • for measurement and reporting services,
  • for capturing and understanding the interests, activities, and trends of consumers in the physical world,
  • for data analytics and data services (such as for marketing and advertising, trend analysis, or market research), and
  • for providing, maintaining, and improving the services we offer (and to develop new services).

We may use (and store) the data and information we collect and receive on servers that may be located outside the country where you live.

Information We Share with Others

We share the data and information we compile about someone using advertising IDs or another type of identifier:

  • for measurement, statistics, usage reporting, and other data analytics
  • To allow third parties to market to you, including through mobile devices and applications
  • for industry analysis, demographic profiling, market research and other such purposes
  • For lead generation, analytics, fraud prevention, credit scoring and contextual recommendations.
  • For instance of us getting acquired by or merged with another company and in the event of all of our assets getting transferred to the new formed company, we may transfer the information to the new formed company.
  • For legal compliances, we may disclose the information we collect if we believe that such an action is necessary in consonance to a judicial proceeding, court order, or other legal process, such as in response to a court order or a subpoena. 

Note: All of the information that we collect from you shall be disclosed only with your consent.

Additional Information for Individuals Residing in United States 

As per U.S. State Privacy Laws, individuals have certain additional rights with respect to their data privacy. These Privacy Laws require us to provide individuals with information about processing of their personal information and the rights that are available to them under such laws.   Personal information of individuals include any information that directly or indirectly identifies, relates to, describes, or can be associated with or reasonably linked to an individual including their name, address, mobile device identifiers, precise location data, IP and cookie identifiers, inferences and biometric data. 

We receive the aforementioned individual’s personal information through the following sources:

From you- As the name suggests, this is the information that we take directly from you when you visit our website or when you use our website.

From our customers- Our customers may directly provide us with your information for our performance of services to them; 

From Third Parties and Business Partners- We may collect your personal information from our third-party data suppliers who collect your data either directly or indirectly.

Individuals’ Rights in United States with Connection to Personal Information 

Individuals have the following rights as per U.S. State Privacy Laws:

  • Right to Know & Right to Access- Individuals have the right to request for-
  • the categories of personal information we collected, sold, or disclosed for a business purpose in the previous 12 months;
  • the categories of sources from which we collected such personal information;
  • the business or commercial purposes for collecting and selling such personal information; and 
  • the categories of third parties to whom we sold or disclosed for business;

In consideration to the aforementioned, you have the right to request a copy of the personal information that we collected from you in the 12 months preceding such request. We shall disclose to you such information that we collected after duly confirming your identity to the degree required by law and corresponding regulations.

  • Right to Delete- Individuals have the right to ask us to delete or remove the personal information we have collected from you and retained. We shall delete the personal information upon your request, unless that information is required for us to be retained in compliance with a legal obligation or applicable law, or to prevent any security incidents.  
  • Right to Opt-Out of Sale- Individuals have the right to opt out of sale of their personal information or to opt out of any further resale of their personal information. Such request to opt out of sale can be made by individuals either directly or can be made through a third-party partner requesting us to cease selling individual’s personal information.

In case you change your mind and wish to opt back in any time, you can contact us at- privacy@factori.ai.

Exercising your Rights-

In order to exercise any of the aforementioned rights, please contact us by-

Emailing your request at-privacy@factori.ai

In order to confirm your identity and to ensure your right to know, access and delete your personal information, we may request for specific data and/or additional information. 

No fee will be charged to you for your access to the personal information and a written response shall be emailed to you. We may refuse to comply with requests in instances of them being unfounded, repetitive or excessive and will be obligated to respond to only 2 requests for data access.

CCPA Consumer Rights

Factori also adheres to the new California Consumer Privacy Act (“CCPA”) regulation. In compliance with CCPA rules effective as of January 1, 2020, consumers who are California residents (as defined by the CCPA) have:

  • The right to know what personal information is being collected about them and what the business purposes are for doing so
  • The right to know to whom their personal information is being disclosed or sold to
  • The right to opt-out of the sale of their personal information
  • The right to access and request deletion of their personal information

While we do not typically have direct interactions with consumers, Factori has made mechanisms available to support consumer requests for opt-outs, delete requests, and requests to know in accordance with CCPA requirements.  Instructions to submit opt-out requests, delete requests, and/or right to know requests through our Website is referenced in this Privacy Policy.

Non-discrimination

We will not discriminate against you for exercising any of your CCPA rights.  Unless permitted by the CCPA, we will not:

  • Deny you goods or services
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties
  • Provide you a different level or quality of goods or services
  • Suggest that you may receive a different price or rate for goods or services or a different level of goods or services.

CCPA Requirements for Minors

The CCPA includes special restrictions on the sale of children’s personal information. Businesses must obtain special “opt-in” consents for the sale of personal information if they wish to sell information related to minors under 13, or information of minors 13 to 16 years of age.

Factori does not knowingly accept, process, or sell any personal information related to minors.

Delete Requests

In compliance with CCPA regulation, California residents have the right to request that Factori delete any personal data that we may have collected from a Consumer.  A delete request may be submitted to us via email at privacy@factori.ai or submit your request here. We will confirm receipt of Delete Requests within 10 days including a brief description about how Factori will process the request.

We will complete the processing of your delete request within 45 days after receipt. If Factori is unable to process the request within 45 days, we will notify you with an explanation of the delay, with an extension to not exceed an additional 45 days.

Right to Access Personal Information

In compliance with CCPA regulation, California residents may request certain information with respect to the their personal information (when we act as a “business” under the CCPA) store, process, or share with third parties for those third parties’ direct marketing purposes.  This includes:

  • The categories of personal information that have been collected
  • The specific pieces of personal information that have been collected about that consumer

To exercise your rights, please submit a request to us by either completing our ‘Request to Know’ via email at privacy@factori.ai

We take security and privacy very seriously and take proactive measures to ensure we do not inadvertently disclose your personal information to an unauthorized third party.  In order to securely verify your identity for all detailed Right to Access requests, we request a copy of a government issued ID as part of the required information (along with your name/address, email or MAID ID).  

Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable customer request related to your personal information.  You may only make a request for access twice in a 12-month period. The request must provide sufficient information that allow us to reasonably verify you are the person about whom we collected personal information or an authorized representative, and if you are an authorized agent, we may request additional proof as permitted by the CCPA, such as power of attorney. The scope will be limited to data from the 12-month period preceding the Consumer’s request.

Factori will confirm receipt of your Right to Access request within 10 days including a brief description about how Factori will process the request.  This includes Factori’s verification process and timing of when the consumer should expect a response.

We will respond to your verified request within 45 days. If we cannot verify your identity or authority to make the request and confirm the personal information relates to you, we will notify you within 45 days as to why the request cannot be completed.

If Factori is unable to process the request within 45 days, and requires more time to do so, Factori will notify you with an explanation of the delay, with an extension to not exceed an additional 45 days.

We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request. 

Your Choices (this applies collectively to all the individuals) 

If you don’t want the data that is collected about you to be used for certain purposes, you have options: 

Cookie Opt-out

You may control how your browser responds to cookies by adjusting the privacy and security settings of your web browser. Further, Do Not Track (“DNT”) is an optional browser setting that allows you to express your preferences regarding tracking by advertisers and other third parties.

Please note that the opt-out choices you select are stored in opt-out cookies only in the browser that you use to visit the opt-out websites, so you should separately set your preferences for other browsers or Devices you may use. For more information on cookie opt-out, please visit this link.

Mobile Opt-out

On your mobile devices, you have an option to reset the Advertising IDs (for both Android & iOS).

We honor these “limit” or “opt out” instructions or “flags” by removing recognized Devices from our reporting solutions, on a going forward basis. (We may continue to use information from these Devices for other purposes, such as market research and aggregated customer analytics, but we will not use this information for interest-based advertising purposes.)

Location Settings

If you want to limit or prevent location data from your device from being collected, you can adjust this capability through your mobile device settings.

Additional Opt-out Links

Network Advertising Initiative: https://optout.networkadvertising.org/

Ad Choices (Digital Advertising Alliance): https://optout.aboutads.info/

Security and Data Retention

We take steps to help ensure that the data we possess is housed and transmitted securely. We use multiple types and layers of physical and electronic security, including firewall protections, encryption of data during transfer, and strict access controls to personal information. While neither we nor any platform can guarantee 100 percent safety from hacks or illegal intrusion, we make substantial efforts to ensure that this does not occur.

We use public cloud providers (AWS and GCP) for all our data storage and processing applications. For example, we use Server-Side Encryption for protecting data at rest in Amazon S3. This encrypts objects before saving it on disks in its data centers and then decrypts it when we download the objects.

We also enforce encryption of data in transit by using https (TLS) to prevent potential attackers from eavesdropping on or manipulating network traffic using person-in-the-middle or similar attacks. We allow only encrypted connections over https (TLS) using the aws SecureTransport condition on Amazon S3 bucket policies.

We generally retain mobile advertising IDs on the following schedule:

(a) we render mobile advertising IDs inactive for interest-based advertising purposes within 120 days,

(b) we continue to use mobile advertising IDs for analytics purposes and other purposes unrelated to interest-based advertising and reporting (for instance, in aggregated form for market research) for up to 24 months (outside of EEA countries and Switzerland) or 13 months (in EEA countries and Switzerland), provided that we may retain them if we have a legal or significant operational or legal need to do so, such as for auditing, corporate record-keeping, compliance, record-keeping, accounting or security and bug-prevention purposes.

Changes

If we change our data collection and/or use practices, we will post an updated version of this Policy  (and a more prominent notice if the changes are significant) with the new practices and when they go into effect. The data and information that we collect are subject to the privacy statement in effect at the time the data and information were collected by us. 

General Data Protection Regulation (GDPR)

“Personal Data” in GDPR context means any data that identifies or can identify a particular unique user or device – for instance, names, addresses, cookie identifiers, mobile device identifiers, precise location data and biometric data.

To comply with the GDPR, we provide the below representations and information, which are specific to persons located in EEA countries or Switzerland:

Legal grounds for processing your Personal Data

The legal basis for us processing your Personal Data will typically be because:

  • You provided your consent: In order to provide our services that involve use of precise location information related to other Personal Data, (and to store and gain access to information stored on your device such as mobile advertising IDs), we rely on your consent.  To obtain this consent, we rely on our own compliance steps and our web and mobile partners’ compliance steps, designed to ensure that consent is collected and passed on to partners, and to ensure that we only facilitate the collection of legally obtained data. We may choose to obtain consent in other cases as well, in which case we will adhere to applicable laws relating to such consent and its withdrawal.
  • The processing is in our legitimate interest:  We rely on legitimate interest when we use Personal Data to maintain the security of our services, such as to detect fraud or to ensure that bugs are detected and fixed.  We also rely on legitimate interest when we use or own customers’ data to communicate with them about our Services.

Contacting Us

If you have any questions or would like to speak with us, please email us at privacy@factori.ai. Additionally you can also opt out of Factori’s database by submitting your mobile advertising ID at the below link: https://www.factori.ai/do-not-sell-my-information