Privacy & Compliance

Compliances

GDPR

Adopted by European Union in 2016, GDPR (General Data Protection Regulation) is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states.

GDPR applies to:

  • A company or entity which processes personal data as part of the activities of one of its branches established in the EU, regardless of where the data is processed; or
  • A company established outside the EU offers goods/services (paid or free) or monitors individuals' behavior.

InMobi mandates a Data Privacy Addendum (DPA) documented and maintained per GDPR guidelines for the demand partners. To enable EU supply, demand partners must get a DPA signed and provided to InMobi. ​InMobi will not enable supply from EU countries to demand partners that do not meet the above criteria.

TCF

Transparency & Consent Framework (TCF) is an IAB (Interactive Advertising Bureau) initiated collaborative solution for businesses conducting targeted advertising in compliance with GDPR. The purpose of TCF is to standardize how businesses (publishers, ad tech vendors, and agencies) can continue running advertising in a way that is compliant with GDPR.

TCF 2.0 – the latest release expands publishers' bidstream options for collecting and assigning consent. Companies must disclose specific kinds of data they use or collect and their role in ad campaigns to register for the TCF.

InMobi is now a certified IAB TCF 2.0 Vendor. In the last few months, we have been working closely with our publishers and industry-leading CMPs (Ogury, Faktor, and OneTrust in particular) to enable TCF 2.0 compliant inventory for those demand partners ready to process the TCF 2.0 consent string. This will be available in addition to TCF 1.0 and binary consent inventory.

Demand partners will continue to receive all three consent strings in the "gdpr_consent" JSON object and can respond based on their current version.

CCPA

The California Consumer Privacy Act (CCPA) is a state-wide data privacy law that regulates how businesses worldwide are allowed to handle the personal information (PI) of California residents. The effective date of the CCPA was January 1, 2020.

InMobi mandates that privacy addendum be signed for supply and demand partners as required by CCPA​ as part of the MSA. For more information, see ​Privacy Addendum for Demand Partners.

COPPA

The Children's Online Privacy and Protection Act, more commonly known as COPPA, deals with how websites, apps, and other online operators collect data and personal information from kids under 13.

In response to the new COPPA rules effective on July 1, 2013, InMobi ensures that we do not collect and use information from childrenu2019s sites for behavioral advertising (often referred to as interest-based advertising). We will continue to only use any data in the manner that COPPA prescribes. For more information. see COPPA.

LGPD

It is a comprehensive data privacy regulation applicable to users based in the Brazilian territory. It imposes transparency concerning collecting, processing, and using data subjects' data and provides them with certain rights over such usage.

In its endeavor to comply with the LGPD, InMobi has implemented measures towards obtaining consented personal data of Brazilian data subjects. We have also appropriately updated our Privacy Policy to indicate the type of data being processed, purposes of the processing, sharing with downstream partners, and so on. InMobi has also implemented appropriate mechanisms to honor any rights exercised by data subjects under LGPD (such as the right to know, access, deletion of personal data) and notify the same downstream.

Privacy Guidelines for Online Customized Ads- Korea

As part of the compliance requirements for any ads serviced in Korea published by the Korea Communications Commission (KCC), InMobi ensures that the statutory mandates are adhered to. Ads directed to Korean nationals by InMobi include a symbol on a conspicuous area, which links to our privacy policy page that enlists:

  • name of the entity collecting and processing the behavioral data
  • types of behavioral data collected, method of collection, purpose, retention and usage period, post-data processing methods after such retention; and
  • use, methods of exercising user rights, methods of how the user may get compensated.

For more information, see Privacy Policy.

On This Page

Last Updated on: 26 Nov, 2021