Privacy Notice

1. Overview

Captify is committed to ensuring that your privacy is protected.

This Notice sets out how Captify uses and protects personal information that we collect and process:

  • through our Search Intelligence engine (the “Core Service”);
  • through your use of Captify websites; and
  • if you are or work for a current or prospective Captify business partner.

Any personal information we collect will be used in accordance with all applicable laws and this Notice. Captify may change this Notice at any time by updating this page. You should check this page from time to time to ensure that you are up to date with any changes.

Index of Sections:

  1. Overview
  2. Which parts of this Notice apply specifically to you?
  3. Who is Captify?
  4. How does Captify’s Core Service work?
  5. How does Captify collect personal information?
  6. How does Captify use personal information?
  7. Does Captify use sensitive information?
  8. How does Captify share your information
  9. Information collected automatically from Captify websites
  10. Additional information for individuals in Europe
  11. Additional Information for U.S. Consumers 
  12. How to Exercise your Rights under U.S. State Laws 
  13. Business Contacts Data
  14. Marketing
  15. Retention Periods
  16. Security
  17. Children’s Data
  18. Managing Cookies and Other Technologies
  19. Controller / Processor
  20. Contact Us

2. Which parts of this Notice apply specifically to you?

Captify is committed to complying with all applicable laws governing data privacy and security. We seek to ensure that this Notice takes into account different rights depending on where individuals are located or reside, as follows:

  • If you are located in the EU, the UK, other countries of the European Economic Area (“EEA”), or Switzerland, please see Section 10 “Additional Information for Individuals in Europe.”
  • If you are a consumer resident in California or other US states, please see Section 11 “Additional Information for U.S. Consumers.

This Notice is aimed at individuals to whom we serve targeted advertising through our Core Service (i.e. an “End User”). If you are not an End User, you may find the following sections of this Notice more relevant to you:

  • If you are a visitor to our websites, please see Section 9 “Information Collected Automatically from Captify Websites.”
  • If you are or work for a current or prospective Captify business partner (e.g. a supplier or potential supplier, or a client or potential client) please see Section 13 “Business Contacts Data.”
  • If you are an employee or other staff member working at any Captify group company, then this Notice does not apply to data we process about you in that context. A different Privacy Notice which sets out what employee and staff data we process, why and how, is available from Captify’s People Team.
  • If you are a candidate applying for any type of position with us, please review the Recruitment Privacy Notice for candidates available here.

3. Who is Captify?

Captify is the largest independent holder of search data outside of the ‘Walled Gardens’, connecting the real-time searches of over 2 billion people globally. Our Search Intelligence engine powers programmatic advertising and insights to display adverts that are more relevant to you (this is our Core Service). Our aim is to enhance your online advertising experience and serve our advertising clients by showing you adverts for products or services we think you might like based on your preferences or interests. However, to do this, we process and share with third parties some personal data relating to you as set out in this Notice.

4. How does Captify’s Core Service work?

Captify’s Core Service works in two main ways – with cookies (i.e. our ‘Cookie-Based Product’) and without cookies (i.e. ‘Search Powered Contextual’). 

Cookie-based Targeting

By way of a practical example, you may want to buy a plane ticket for an upcoming trip to New York City. As such, you browse a travel website which has partnered with Captify (we call websites like these a “Publisher Partner“). Later that day, Captify may serve you an advertisement related to what you have searched for (such as an airline promotion, or a new suitcase). You would have always seen an advert on the website you were visiting, but Captify ensures that the advert you are served is relevant to you.

Generally, for this to work, Captify either reads a cookie that’s already in your browser or places a cookie in your browser when you visit the travel website (assuming your browser lets this happen). When you visit another website (which may have nothing to do with travel) you may then see the advert for the new suitcase. This is because your browser sends Captify your cookie ID and, in turn, we may use that cookie to serve you an advert that could encourage you to buy that new suitcase.

Though this all sounds very personal, we actually have no way of personally identifying you – all we know is your device’s cookie ID. It’s important to note that you will also be one of a much larger selection of people who are likely to see the same advert because they have shown a similar interest in purchasing a plane ticket (we call a group of people like this an “audience“). All we know is that your ID (which is based on your device’s cookie) falls within that audience.

Please note that the example given here is for demonstration purposes only and is a simplified illustration of how our technology works. This example does not reflect how adverts are shown to you in every scenario, and in some circumstances, there are additional parties involved in the serving of advertisements. If you have any questions about this, please do contact us using the information provided at Section 20 below.

But what are cookies?

Cookies are small text files stored on a user’s device for record-keeping purposes.

There are two main types of cookies, persistent cookies and session cookies:

  • Persistent cookies are used to run our technology as they enable us to track and target web users’ interests. Persistent cookies remain on your device for an extended period of time. You can remove cookies by following the directions provided in Section 18.
  • Session cookies are used to make it easier for you to navigate our websites, and usually last a much shorter time than persistent cookies.

Cookies can also be either ‘first-party’ or ‘third-party’. A first-party cookie is created and stored by the website you are visiting directly. It allows website owners to collect customer analytics data, remember language settings, and carry out other useful functions that help provide a good user experience. Third-party cookies are created by domains other than the one you are visiting directly, hence the name third-party. They are used for cross-site tracking, measurement, retargeting and ad-serving.

Pixels (also known as web beacons) consist of code embedded in a website, video, email, or advertisement that sends information about its use to a server. There are various types of pixels, including image pixels (which are small graphic images) and JavaScript pixels (which contain JavaScript code). When you access a website, video, email, or advertisement that contains a pixel, the pixel may permit us or another entity to drop or read cookies on your browser. Pixels are used in combination with cookies to recognize activity by a particular browser on a particular device. We may incorporate pixels from other entities e.g. to assist us with measuring views or conversions.

The Publisher Partners that work with us may use our technologies to place cookies on your device (or use similar identification methods). This is so that our Core Service platform can recognize that Captify has a personalized advertisement available for your device.

Advertisers or agencies that work with us may also use pixels and cookies within their advertisements. We do not control these advertisements or their content and when interacting with such ads you should check any information provided by the relevant web publisher or advertiser regarding their use of personal information.

You can find out more background information about cookies here. To manage cookies from Captify, please see Section 18 below.

Does Captify have to rely on cookies?

Although the online advertising industry has often been reliant on the use of third-party cookies, this is being phased out in favour of other methods of advertising that make less use of personal information.

As a company that respects data privacy rights, we are not only prepared for this change, but we believe that a future without the third-party cookie means that we as an industry will be better placed to deliver solutions that have you (the End User) and your privacy at the centre of our Core Service.

Although we currently use third-party cookies when we serve the majority of our campaigns, it is possible for us to serve campaigns without using third-party cookies at all. This is because Captify has server to server integrations with third parties who collect their data via first-party cookies and/or logged in (authenticated) users.

If you would like to understand more about our cookieless offering (and how this affects you), please do contact us using the details provided in Section 20.

Cookieless Targeting (referred to as ‘Search Based Contextual’)

This works in a different way to the cookie-based targeting explained above.

Again, by way of a practical example, you may be reading the news about a corporate merger and search for other articles related to house prices. If we see many such search events, our ‘Search Intelligence’ learns that people interested in business news are also interested in house prices. Later an advertising client is looking to advertise a property website, Captify would recommend a range of business news sites as good sites to place property adverts. Some visitors to business news sites will now see adverts for property websites.  

Generally, for this to work, Captify needs to process many such events to learn the patterns that occur most often, so when on one of our partner sites they will, with consent, send us search terms and the pages on which those happened. We also receive unique identifiers (we call these 1st Party IDs, or Pseudonymous IDs) that allow us to know when two searches are made by the same visitor without identifying you, your browser or your device. This helps us better learn how people’s interests are related and likely correlations.

Local Storage

Some websites we work with wish to be able to use information we collect about their End Users for their own personalized advertising. To do this, our classification of your likely interests or preferences can be sent back to local storage in your browser, so that it can be read by the relevant website and used by the publisher to select advertising.

Please note that the examples given above are for explanation purposes only and are simplified illustrations of how our technology works. These examples do not reflect how adverts are shown to you in every scenario, and in some circumstances, there are additional parties involved in the serving of advertisements. If you have any questions about this, please do contact us using the information provided at Section 20 below.

5. How does Captify collect personal information?

In respect of our Core Service, Captify only collects personal information from trusted partners. The categories of sources from which we collect information, including in the last 12 months, include:

  • Publisher Partners that operate independent websites that utilize Captify technologies and services.
  • Data Partners that obtain and commercialize data from different sources.
  • Search Partners that operate search engines outside of the Walled Gardens (such as Gener8 and Surf). 
  • Advertisers and Advertising Agencies that provide advertisements for digital platforms.
  • Data Management Platforms that provide information about content classification and user profile information.

        In the past 12 months, we have collected the following categories of personal information:

        • Core Service Data, which is made up of:

        Keyword Feed Data:

        • Cookie ID 
        • Persistent ID (non-Cookie)
        • Search Terms 
        • URL 
        • Referring Site and Terms 
        • Time and Date
        • Truncated and/or Full IP address 
        • Device Type 
        • User Agent
        • Consent string (a string of characters that indicates an End User’s consent choices and which data processing purposes have been consented to)

        Log Level Data:

        • Cookie/ID 
        • URL 
        • Time and Date 
        • Device 
        • Placement
        • Format of Ad
        • Inferred Postcode (truncated or full, depending on area) or approximate location 
        • OS Information 
        • Line Item 
        • Campaign 
        • Split ID

        Bid Stream Data:

        • URL 
        • Date 
        • Country 
        • Placement Type (available on page)

        Although some elements of the ‘Core Service Data’ set may not be classed as personal information, we treat them as though they are to ensure the highest level of security protection.

        • Demographics, which may be inferred from other information (such as your likely age range or gender), or data that you have voluntarily given to one of our Data Partners (such as age, gender, employment type or status, income bracket, and education level).
        • Commercial information, including purchases and engagement with a Publisher Partner’s website.
        • Internet activity, including your interactions with ads, a Publisher Partner’s website or a Search Partner’s website. We will also get information that allows us to offer our Cookieless solution, such as chrome category IDs.
        • Geolocation data, including location-enabled services such as Wi-Fi.
        • Inferences, including inferred trends, behaviours, preferences, attitudes and sentiment based on collected data.

        In connection with our Core Service, we do not collect or process any personal information that would allow us to personally identify you (such as your name, address, date of birth or email address).

        6. How does Captify use personal information?

        We use this information for business and commercial purposes in accordance with this Notice, including in the last 12 months, for the following purposes:

        • Displaying (or enabling our publisher partners to display) ads to you that may be more relevant to your interests or preferences, based on our interpretation of the personal information that we collect.
        • Monitoring and analyzing trends, usage, and activities.
        • Providing information to our clients and partners about the performance of their advertising campaigns and websites, and improving performance over time.
        • Detecting fraud to help alert us to situations which could not have been caused by human behaviour, such as a massive amount of clicking in a limited period of time.
        • Based on your approximate location, understanding your data rights, and immediately discarding information for which we infer that required consents or other valid legal basis may not have been obtained.
        • Optimizing responses to bids for display of advertising and selection of products to be presented.
        • Training our software and modelling algorithms.
        • Development and improvement of our technologies and services.

        7. Does Captify use sensitive information?

        In the UK and the EU, Captify will never serve you advertisements based on special categories of data (“SCPD”). SCPD includes ‘sensitive’ information, such as information relating to your race, religion, health, political opinions or sex life.

        Before use, we run any personal information that we collect (as described in Section 5) through a ‘GDPR Classifier’. This GDPR Classifier removes the whole search made by that user from our servers (which includes both the SCPD, but any other information that was contained within that search). As such, the only information that is retained by Captify is a ‘log’ of the number of searches that have been erased in each of our markets. We believe that it is necessary to process SCPD in this way to ensure that we are not carrying out any further processing of or building any profiles based on sensitive information.

        Please note that if you search for terms related to SCPD, then it is possible that this information could be ingested into our Core Service dataset (we call this “Inferred SCPD”). To combat this, we ensure that we do not serve any adverts that are based on Inferred SCPD.

        Outside of the UK and EU (to the extent permitted by applicable laws), we process certain categories of “non-sensitive” health data and political data, as further described in Section 11. As of January 2024, Captify has engaged in Political Advertising in the USA. If you would like more information about this, please reach out to us on the contact information below.

        8. How does Captify share your information?

        The categories of entities to whom we disclose information for business purposes, including in the last 12 months, includes:

        • Captify Group Companies. We may need to share personal information with other companies in our corporate group that require access to such information in order to enable our services to be provided in different regions.
        • Customers. We may share information with our customers (who may be brands or advertising agencies) relating to the engagement with their campaigns (e.g. the number of times ads are seen or clicked on, to what extent they were viewable, how many purchase may have been made at an advertiser’s online or offline store. We may also share anonymous information regarding trends and browsing behaviour. We may also provide audience data to customers through vendors or marketplaces that allow customers to plan and use such data within their own campaigns.
        • Website Publishers. We may return data to the local storage on your browser so that the relevant website from which we collected the data can also use it to display relevant ads.
        • Processors/Service Providers. We work with reputable third-party data processors or service providers, to which we provide certain data which may include personal information, and who provide us with services such as hosting, storage, analytics and audience measurement, content creation, fraud detection etc. We also work with other organizations that provide general business services and advice that may require access to personal information, e.g. accounting, legal, insurance or financial services providers. Our processors or service providers work under data processing agreements that require them only to carry out the processing on our instructions and for no other purpose.
        • Vendors. We also share information with providers of technologies and marketplaces for advertising management and delivery, who may be independent data controllers. These vendors may set and/or access cookies or other data collection technologies which collect information about visits to websites, mobile websites and/or mobile applications across your various devices, in order to enable our and their advertising clients to provide content and advertisements about goods and services of interest to you. If you would like more information about these activities and your choices with respect to them, please refer to the relevant third parties’ privacy policies and to Section 18 below on How to Manage Cookies and Other Technologies. A list of our vendors can be provided on request. Where we process the IAB Europe TCF consent string, IAB Europe is considered a joint data controller in relation to its generation and collection, but not in relation to its subsequent processing by Captify (or any other IAB members).
        • Merger or Acquisition. We would share information in connection with, or during negotiations of, any proposed or actual merger, acquisition, sale or any other type of acquisition or business combination of all or any portion of our shares or assets, or transfer of all or a portion of our business to another business.
        • Security and Compelled Disclosure. We share information to comply with the law or other legal or regulatory process, and in response to requests by public authorities, including to meet national security or law enforcement requirements. We may also share information to protect the rights, property, life, health, security and safety of our staff, websites or services, or others. If any court, authority, police force or regulator requests data from us, we normally comply with such request without having to notify you or other users.

              9. Information collected automatically from Captify websites

              We collect information automatically when you use Captify’s websites (e.g. at,, or any other subpages or domains that we may use from time to time). For example, with your consent, we use cookies, pixels, and other tracking technologies to improve our site and services. The most recent list of cookies and similar technologies used on our websites are set out in our Cookie Notice.

              The following are the categories of information that we collect and have collected automatically on the Captify websites in the last 12 months:

              • Service Use Data, including data about site activities, pages you visit, digital advertisement interaction information, search history, and inferences such as inferred trends, behaviours, preferences, attitudes and sentiment based on collected data.
              • Device Data, including data about the type of device or browser you use, device identifiers such as IP address and unique personal or online identifiers such as cookies and pixels. For more information with respect to cookies, pixels, and managing your rights, please refer to Section 4 “How does Captify’s Core Service work?” and Section 18 “Managing Cookies and Other Technologies.”

              With respect to the Google audience measurement tools used on Captify’s websites, Google enables you to change your consents and preferences in relation to the use of certain information collected by Google Analytics at

              10. Additional information for individuals in Europe

              This additional information applies only to individuals located in the European Economic Area, the United Kingdom or Switzerland (or whose personal information was collected while they were there).

              Data Protection Rights

              In accordance with the EU’s GDPR and equivalent UK legislation, you have rights in relation to personal information that we process about you. This includes the right to:

              • access, correct, update or request deletion of your personal information; and
              • object to the processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information.

              If you are an End User, please see our dedicated Data Subject Request page.

              If you are a current or former employee or other staff member working at any Captify group company, then please submit your request in writing to, or a member of the Captify People Team.

              If you are or work for a current or prospective Captify business partner (e.g. a supplier or a client), then please submit your request in writing to, or speak to your regular Captify point of contact.

              Where we are processing your personal information within our Core Service, the main method of meeting the requirement for erasure is by deleting all personally identifying elements in the data we hold, so that the personal information cannot be traced back to you or any other identifiable person and is irreversibly anonymized (sometimes called “de-identifying”).

              Where we process any personal information based on consent that you have given in the past, you can withdraw your consent at any time (though the processing that took place before withdrawal will still be legal). The main ways to do this are (1) to manage online choices as set out in Section 18 below; or (2) by contacting the Publisher Partner sites where you have previously given your consent.

              Please note that for some ways you interact with Captify (for example, when you are an End User), Captify does not process contact data such as names or emails and so, while we will always investigate any request thoroughly, often it will be difficult for us to know whether or not we are processing any data relating to you, or we may not technically be able to locate it unless you provide us with the unique ID of the relevant cookie. We will always investigate any request thoroughly, but we are not able to offer you a platform where you can directly update, correct, restrict processing or request portability of information relating to your device.

              We are always available through the contacts in Section 20 to help resolve any issues or doubts you may have in relation to processing of your personal information. If you believe that your rights have not been respected at any time then you also have a right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact the relevant data protection authority. (Contact details for data protection authorities in the European Economic Area are available .)

              Legal Basis

              Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.

              However, we will normally collect personal information relating to you only (i) where we have your consent to do so; (ii) where we need the personal information to perform a contract with you, (iii) where the processing is in our legitimate interests and not overridden by your rights; or (iv) where we have a legal obligation to do so.

              If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).

              We may collect and use your personal information in reliance on our legitimate interests (or those of any third-party) that are not overridden by your rights or interests, for example to respond to queries from our clients, improve our platform, undertake marketing, or to detect or prevent illegal activities). 

              Core Service

              In respect of our Core Service, we rely on consent to process your personal information. You may have given this consent directly to Captify, or you may have given a third party consent for us to process your personal information on their behalf. You can change your preferences at any time as set out in Section 18 “How You Can Manage Cookies and Other Technologies” above.

              In addition, we and our Publisher Partners and advertising clients have a legitimate interest, which does not conflict with your legal rights (in particular as this processing is not intrusive and within the expectations of most web users), in processing personal information for the following business purposes:

              • Ensuring security
              • Detecting and combating fraud
              • Optimizing website and mobile app experiences
              • Training our software and modelling algorithms
              • Developing and improving our products and services.

              International Transfers

              We provide personal information to other companies in our corporate group and vendors and technical service providers inside and outside the EU/EEA/UK that require access to personal information in order to assist us in providing our services. This means that when we collect your personal information it may be processed in countries that have data protection laws that are different to the laws of your country.

              However, we have taken appropriate safeguards to require that the personal information we process will remain protected in accordance with applicable laws and this Notice when transferred internationally, including when processed by our third-party service providers and partners.

              The safeguards we have taken include implementing the European Commission’s Standard Contractual Clauses for transfers of personal information to our third-party service providers, vendors and partners which require them to protect any personal information they process from the EEA, Switzerland or UK in ways equivalent to those required under European data protection laws. We have implemented similar appropriate safeguards with our non-EEA/EU/UK offices operating under the Captify brand. Our Standard Contractual Clauses may be provided if we receive a valid request. 

              Captify Commitments

              Captify adheres to the IAB Europe OBA Framework. Please see Section 18 which explains how you can make choices and control the collection and use of your personal information for online behavioural advertising.

              In addition, Captify is compliant with IAB’s Transparency and Consent Framework (TCF) and complies with the specifications and policies applicable to Captify’s business. Captify’s identification number within the framework is #2.

              Captify is IAB Gold Standard 2.0 Certified. Captify is certified with TAG Anti-Fraud and TAG Brand Safety.

              11. Additional Information for U.S. Consumers

              These additional disclosures for U.S. consumers apply only to individuals who are residents of a U.S. State which has its own privacy-related legislation such as the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA”) in California. Some parts of this section may not apply to you, depending on the legislation in the state where you are resident.

              Categories of Personal Information Collected

              In the past 12 months, we have collected the following categories of personal information enumerated in the CCPA:

              • Identifiers, including unique personal identifiers, online identifiers, and IP addresses.
              • Demographics, such as your age range, gender, employment type, income bracket, education level, pregnancy and childbirth and (non-sensitive) medical conditions. This category includes data that may qualify as protected classifications under other California or federal laws.
              • Commercial information, including products or services purchased, obtained or considered, other purchasing histories or tendencies.
              • Internet activity, including browsing history, search history, and your interactions with a publisher’s website or advertisements.
              • Geolocation data, including location enabled services such as Wi-Fi. Using your IP address and third-party services, we may derive general location information such as your country, city, state or zip code. Collecting this information not only supports our services (for example, by knowing which advert to show you or to run advertising analytics), but helps us to understand your data rights.
              • Inferences, including inferred trends, behaviours, preferences, characteristics, attitudes and sentiment based on collected data.
              • Sensitive Personal Information, such as precise geolocation and information concerning health.

              For more background on information we collect, please review Section 5, “How does Captify collect your personal information?”

              Sources of Personal Information

              We collect personal information from the sources referred to in Section 5, “How does Captify collect your personal information?”

              Business or Commercial Purposes

              We use personal information for business and commercial purposes in accordance with this Notice and in particular the purposes referred to in Section 6. “How does Captify use personal information?

              Disclosure to Third Parties

              The categories of third parties to whom we disclose personal information are set out in Section 8, “How does Captify share your information?”

              Categories of Personal Information Sold or Shared

              In the past 12 months Captify has not sold personal information.

              In the past 12 months, we have “shared” (as defined by the CCPA) the same categories of personal information as set out in the list above.

              Categories of Personal Information Disclosed for Business Purposes

              In the past 12 months, we have disclosed for business purposes the same categories of personal information as set out in the list above. Please also refer to Section 8, “How does Captify share your information?”

              If you are a U.S. consumer then, depending on your state of residence, you may have the following key rights:

              Right to Delete

              You can ask us to delete the personal information we have collected from or about you. If we receive a verifiable request, we will anonymize the information in accordance with Section 15 and notify any relevant service providers, contractors or third parties that they should also delete such personal information from their records. Please note that this right may be subject to exceptions, e.g. in particular where processing the personal information is necessary for security reasons, exercising free speech, or complying with legal obligations. For personal information within our Core Service, the main method of meeting the requirement for deletion is by deleting all personally identifying elements so that the personal information cannot be traced back to you or any other identifiable person or household and is irreversibly anonymized (sometimes called “de-identifying”). In this case, we will maintain and use the information in de-identified form only and will not attempt to re-identify it.

              Right to Correct 

              If we hold inaccurate personal information relating to you, you have the right to request that we correct such inaccurate personal information, taking into the account the nature of the personal information and the purposes of its processing.

              Right to Know / Right of Confirmation and Access

              You may request that we confirm whether or not we are processing your personal information and, up to twice every twelve months, that we disclose to you the categories and specific pieces of personal information that we have collected about you, the categories of sources from which your personal information is collected, the business or commercial purpose for collecting your personal information, the categories of personal information that we disclosed for a business purpose, any categories of personal information about you that we sold or shared, the categories of third parties with whom we have shared your personal information, and the business or commercial purpose for selling or sharing your personal information, if applicable.

              Right to a Copy

              You may ask for personal information that you previously provided to us to be provided to you in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another organization.

              Right to Opt-Out

              To the extent we may sell or share your personal information, as those terms are defined under the California Consumer Privacy Act, you have the right to opt out of the sale and/or sharing of your personal information. In some U.S. states, this right also covers a right to opt out of data processing for targeted advertising and/or profiling for defined significant purposes.

              Right to Limit use and Disclosure of Sensitive Personal Information

              Where we process sensitive personal information relating to you, you have the right to request that we restrict our use of that information, e.g. to use that is necessary to provide goods or services requested, to certain business purposes, or other legally permitted purposes.

              Right to Non-Discrimination

              You have the right not to receive discriminatory treatment (e.g. by being offered different pricing or products, or a different level or quality of services) based on the exercise of any of your rights, and Captify will always honor this right.

              Authorized Agent

              You can designate an authorized agent to submit requests on your behalf. However, we will require written proof of the agent’s permission to do so and verify your identity directly.

              Children’s Data

              We do not knowingly “sell” or “share” as those terms are defined under the CCPA, the personal information of minors under 16 years old.

              Shine the Light

              California residents may request (i) a list of the categories of personal information disclosed by us to third parties during the immediately preceding calendar year for those third parties’ own direct marketing purposes; and (ii) a list of the categories of third parties to whom we disclosed such information. We may require additional information from you to allow us to verify your identity and are only required to respond to such requests once during any calendar year.

              Right to Alternative Format

              If you have a disability you can ask us to provide a copy of this Notice in an accessible format.

              11a. CCPA Metrics 

              During the calendar year 2023, we received and responded to consumer requests as set forth in the table below. Please note that this reflects all requests received from individuals during 2023 as generally we do not know whether or not individuals are California consumers.



              Complied with / Completed

              Unverified / Denied*

              Mean Response Time in Days

              Right to Know / Access















              Do Not Sell or Share Opt-Out 





              Limit Use of Sensitive PI





              * Requests may have not been fulfilled if the consumer’s information was not in, or could not be matched to a unique identity in, our systems; where individuals did not provide ID or verification information required when requested; or where multiple requests were received for the same matter from the same consumer.


              12. How to Exercise your Rights under U.S. State Laws

              To exercise any of your rights under U.S. state laws, please submit a request by contacting us using the details in Section 20. In the request, please specify which U.S. state you are resident in, the right you are seeking to exercise and the scope of the request. We will confirm receipt of your request within 10 days.

              If personal information about you has been processed by us as a service provider or contractor on behalf of a business and you wish to exercise any rights you have with such personal information, then wherever possible please inquire with the business directly. If you wish to make your request directly to us, please provide the name of the business on whose behalf we processed your personal information. We will refer your request to that business, and will support them to the extent required by applicable law in responding to your request.

              As indicated above, Captify does not process contact data such as names or emails and so, while we will always investigate any request thoroughly, often it will be difficult for us to know whether or not we are processing any data relating to you, or we may not technically be able to locate it. In such cases, given the safeguards in place that enable you to manage directly your online choices and cookie settings, we believe it would be contrary to the intention of the law and to good data protection practices for us to ask you for (and then to process) additional data about you in order to investigate the request.

              However, in the event you still would like us to investigate the request, we may require specific information from you for the limited purpose to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your requests to know or delete.

              If we decide not to take action in response to a request you make under this Section, then you may have a right to appeal such decision (such appeal will be assessed by Captify’s senior management). Where applicable, you may submit an appeal through the online form available here or by contacting us using the details in Section 20.

              13. Business Contacts Data

              We also need to process your personal information if we have or are considering a business relationship with you or your employer. This may include personal information such your name, organization, position, work email, work phone number, and professional qualifications and interests, relating to your work with the following:

              • A Captify customer (e.g. an agency or advertiser) in order to manage our contracts and campaigns, issue invoices and collect payments, and keep records;
              • A Captify customer (as an authorized user of our online campaign planning tools) in order to set up and manage your account, and provide customer service;
              • A web or mobile publisher or other data provider in order to manage data, make payments, and manage technical issues;
              • A supplier, potential supplier and other business contacts in order to collaborate, evaluate and negotiate the purchase of goods and services;
              • Potential clients, potential data suppliers or publishers, in order to expand Captify’s business and resources;
              • General business contacts such as journalists, influencers, policymakers, trade associations or conference organizers.

              Other general purposes for processing of business contact information include the following:

              • Creating and sending marketing and press or PR materials, including advertisements and communications, about our and third-party products, offers, promotions, and services;
              • Managing and improving our marketing efforts, products, services and websites;
              • Responding to comments, questions, and requests, and providing client service;
              • Sending technical notices, updates, security alerts, information regarding changes to our policies, and support and administrative messages.

              In Europe, our legal basis for these data uses is that they are necessary for our legitimate interests in managing and developing our business, ensuring that our customers get good service, understanding how our services are used, and improving our products and services for the future. We only use this data for the above purposes. It is always used securely, and not in any intrusive way.

              As this personal information always relates to your professional life (work email, work telephone, information about contracts etc.) and/or is obtained from sources where it is voluntarily offered (e.g. websites, trade shows, professional networking) or that are lawfully made available to the general public by you or from widely distributed media, or from sources to which you have made it available without restriction, there will be no negative impact on your privacy or rights, and our use is within what a professional data subject would reasonably expect. We have therefore concluded that we are able to process this data to support our legitimate interests in these ways.

              Although applicable laws do not require us to obtain your consent for such data processing, you are still entitled to exercise your statutory rights in relation to such processing where applicable.

              As a general matter, information is retained in accordance with Section 15, “Retention Periods”.

              However, with respect to business contact data, information may be retained for a longer period because of a contractual or legal requirement. We regularly review and update the need for retaining such data.

              For ‘business to business’ data (e.g. if you are a current or prospective Captify supplier or client) the data controller or business responsible for your data will be the Captify entity that you deal with, which may be:

              • Captify Technologies Ltd (UK)
              • Captify Technologies Inc. (USA)
              • Captify Technologies SARL (France)
              • Captify Technologies SRL (Italy) 
              • Captify Technologies SL (Spain)
              • Captify Technologies GmbH (Germany)
              • Captify Technologies Pty Ltd (Australia).

              14. Marketing

              We may send periodic promotional emails to business contacts whose data we have obtained as outlined in Section 13. Where required by law, we will obtain your consent to do so. You may withdraw consent or opt out as applicable of such communications at any time by following the instructions contained in each email, or by emailing us at

              If you opt out of receiving emails about recommendations or other information we think may interest you, we may still send you non-promotional service-related emails about your account or any services you have requested or received from us.

              15. Retention Periods

              We retain personal information we collect from you where we have an ongoing legal requirement or legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements).

              When we have no ongoing legal requirement or legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

              We anonymise all advertising related data used for our Core Service that is more than 24 months old so that it cannot be linked to any identifiable person. We will retain such anonymised data for up to 5 years.

              16. Security

              We use appropriate technical and organizational measures to protect the personal information that we collect and process about you.  The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information. If you would like more information about our technical and organizational measures, please contact us using the details set out in Section 20.

              17. Children’s Data

              Captify does not create segments that target people below the age of 16 years. It is not our intention even to collect or process data from anyone under these ages. We have an Advertising Policy in place which governs this. 

              If you are a parent or guardian and believe that Captify may be processing data from a child that you have parental responsibility for, then please contact us at the addresses set out in Section 20.

              18. Managing Cookies and Other Technologies

              If you have consented to cookies from Captify through one of our partners but you no longer want to receive Captify personalized ads, you can manage this directly as explained in this Section.

              Manage your choices here:  Your ad choices

              This does not affect email, telephone, direct mail or any other type of marketing, and if you wish to stop receiving those types of materials then you should contact the providers or any official “do not contact” lists separately.

              Please note that managing cookie preferences will not prevent ads from being displayed on the websites you visit; it will simply stop you seeing advertising that has been tailored to your interests. Please note that the platform above allows you to choose not to receive interest-based advertising delivered by its members. You may still see personalized ads from other providers and should also contact them as needed.

              PLEASE NOTE: When you manage choices in this way, a cookie will be set in your browser. You must maintain the cookie on your browser in order for advertising providers to recognize you as a visitor that has made this choice. You will need to repeat this process if you clear that cookie (or all cookies) from your browser, use a different web browser, or use a new device. If you have any questions, please contact us as set out in Section 20. If you decide not to accept cookies from a site, it is possible that in addition to not receiving personalized ads, some other functionalities and content on that site might not work as intended.

              You can configure your web browser to remove cookies by following the directions provided in your browser’s “help” section – however, please be aware that this will also clear cookies that show that you have opted out, and so using the above processes is recommended.


              You can opt out from receiving targeted advertising based on data collected via applications on mobile devices by following the instructions from the device maker or operating system provider (e.g., IOS or Android).

              Please note that if you opt out using any of these methods, the opt out will only apply to the specific browser or device from which you opt out and you may wish in addition to repeat the process on your other devices.

              Local Storage:

              If we have returned information to the local storage on your device, then we cannot delete it for you. You can change or delete it using the method applicable to your particular browser, for example found under F12>Application (Chrome or Bing), or Settings>Privacy & Settings (Firefox). Using these settings, you can also prevent websites from storing data in future. 

              19. Controller / Processor

              In relation to the Core Service, “Captify” refers to Captify Technologies Limited, (registered in England with company number 07620174). We are contactable at the addresses given in Section 20. Captify is the data controller or business that decides how and why your data is processed.

              In some cases, we only act as a data processor (or service provider). An example of this is where an advertising client provides us with access to a database of theirs in order for us to perform particular services in accordance with their instructions. The types of data we receive, the purposes it is used for, and your rights, will be similar also in this case, but the primary responsibility for providing information and permitting you to exercise your rights lies with the relevant data controller or business.

              For business contacts data, the data controller will normally be the Captify entity who you do (or may in future do) business with, as noted in Section 13.

              20. Contact Us

              If you have any questions or comments about this Notice, our data practices, or wish to exercise any of your legal rights, please contact us:

              By email:


              Or if you are a current or potential business partner, please speak to your regular Captify point of contact.

              In accordance with the GDPR, we have appointed a Data Protection Officer who can be reached at the contact below:

              Captify Technologies Ltd.
              5 Langley Street
              London WC2H 9JA, UK

              Last updated on 26 June 2024.

              Back to top of the page