Privacy Policy

This Privacy Policy explains how Iris Technologies ("Iris", "we", "us") collects, uses, and shares information when you access our websites, SDKs, APIs, and related services (collectively, the "Services"). This Policy is intended to provide transparency regarding our advertising technology practices while maintaining a high standard of user trust and platform integrity.

1. Information We Collect

We may collect information in the following categories to enable ad delivery, measurement, security, and service improvement:

• Device and Network: IP address, user-agent, operating system, device type, browser type, language, timezone, network provider, and connection metadata.
• Identifiers: Advertising identifiers (e.g., AAID/IDFA where permitted), pseudonymous identifiers, and internal IDs used for fraud prevention, frequency management, and measurement.
• Contextual Signals: Page or conversation-level context, keywords, categories, and other non-personal signals that help determine ad relevance without identifying individual users.
• Interaction and Performance: Ad requests, impressions, clicks, conversions, viewability, scroll and visibility metrics, session timings, and SDK/API error diagnostics.
• Location: Approximate geolocation derived from IP address or system signals, used for regional targeting, reporting, and fraud controls.

Where permitted by law or with appropriate consent, we may also collect or receive hashed contact information, ad campaign metadata, and aggregated audience segments provided by trusted partners for measurement and reach estimation. We do not knowingly collect sensitive personal information unless expressly required for compliance or safety, and we restrict use of such data to permitted purposes.

2. How We Use Information

We use the information described above to:

• Serve, manage, and optimize native ad experiences in LLM environments
• Measure performance, attribution, and reach across campaigns and inventory
• Detect, prevent, and investigate ad fraud, invalid traffic, and abuse
• Provide reporting, analytics, and billing to publishers and advertisers
• Comply with legal obligations and enforce our terms and policies
• Improve our Services, including testing, research, and product development

We may use de-identified or aggregated information for research, benchmarking, and product development. We may also perform limited modeling, inference, and prediction to improve ad relevance and safety, without attempting to re-identify individuals.

3. Legal Bases

Where required, our processing is based on consent, legitimate interests in delivering and improving advertising services, performance of a contract, and/or compliance with legal obligations.

4. Controllers and Processors

Depending on the integration, Iris Technologies may act as a controller (e.g., for our own sites, services, and analytics) or as a processor/service provider on behalf of publishers and advertisers. When acting as a processor, we process personal data pursuant to the instructions and permissions of the applicable controller and in accordance with a data processing addendum where required.

5. Data Sharing

We may share information with trusted partners to operate the Services, such as demand partners, exchanges, measurement providers, anti-fraud vendors, and cloud service providers. We require recipients to use reasonable security and process data only for the purposes described herein or as otherwise authorized by you or required by law.

We may disclose information in connection with a merger, acquisition, financing, or sale of assets, and as required to comply with law, respond to lawful requests, enforce our rights, or protect the safety of users and the public.

6. Data Retention

We retain information for as long as necessary to fulfill the purposes described in this Policy, including recordkeeping, dispute resolution, fraud prevention, and compliance with legal obligations. Retention periods vary based on data type and our operational needs.

7. Security

We employ administrative, technical, and organizational safeguards designed to protect information against unauthorized access, loss, or misuse. No system can be guaranteed to be 100% secure, and you use the Services at your own risk.

8. Your Choices

Depending on your location and applicable law, you may have rights and choices with respect to certain data practices, including the ability to opt out of interest-based advertising, access or delete certain information, and manage consent settings. Publishers integrating our SDKs are responsible for providing appropriate notices and obtaining necessary consents from their users.

Where available, we honor applicable preference signals and industry opt-out frameworks. Requests relating to data processed on behalf of a publisher or advertiser should be directed to that entity; we will assist controllers in responding to requests where required by law.

9. International Transfers

We may transfer information to countries other than your own, including the United States, where we and our service providers operate. We implement appropriate safeguards for such transfers where required by law.

10. Children

Our Services are not directed to children, and we do not knowingly collect personal information from children. If we learn that a child has provided us with personal information, we will take appropriate steps to delete such information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice through the Services or by other reasonable means. Your continued use of the Services after the effective date constitutes acceptance of the updated Policy.

12. Contact

If you have questions about this Privacy Policy or our privacy practices, please contact us at privacy@trygravity.ai or support@trygravity.ai.