1. Introduction
Dando Online Ltd, operating as Singular Ads ("we," "us," "our"), is a global digital advertising technology company that provides programmatic advertising services to advertisers and publishers. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website www.singularads.com (the "Site") or interact with our advertising technology platform (the "Platform").
We are committed to protecting the privacy of all individuals whose data we process, whether they are website visitors, business partners, or end users who see advertisements served through our Platform.
IAB TCF 2.2 Registered Vendor
Dando Online Ltd participates in the IAB Europe Transparency & Consent Framework (TCF) and is registered on the Global Vendor List (GVL) with Vendor ID 1225. We process personal data in accordance with the purposes and legal bases declared in the TCF.
2. Data Controller
Dando Online Ltd is the data controller for information processed through our Site and Platform.
Contact Information:
3. Information We Collect
3.1 Website Visitors
When you visit our Site, we may collect:
- Browser type, operating system, and device information
- IP address (truncated/anonymized where required)
- Pages visited, time spent, referral source
- Information you voluntarily provide via contact forms or emails
3.2 Advertising Platform (End Users)
When our Platform serves or measures advertisements, we may process the following data on behalf of our advertising partners:
- Device Identifiers: Advertising IDs (IDFA, GAID), hashed identifiers, Unified ID 2.0 tokens
- Technical Data: IP address (truncated), device type, OS version, screen resolution, browser user-agent, language settings
- Ad Interaction Data: Impressions served, clicks, viewability metrics, completion rates, attention signals
- Contextual Signals: Page URL, app bundle ID, content categories, IAB content taxonomy classifications
- Location Data: Country and region-level location derived from IP address (we do not collect precise GPS location)
- Consent Signals: TCF consent strings, GPP strings, USP strings, publisher-provided consent status
3.3 Business Partners
For advertisers and publishers, we collect business contact information including name, email, company, and payment details necessary to provide our services.
4. How We Use Information
| Purpose | Legal Basis (GDPR) | TCF Purpose |
|---|
| Serve and deliver advertisements | Consent / Legitimate Interest | Purpose 2 |
| Measure ad performance and attribution | Consent / Legitimate Interest | Purpose 7, 8 |
| Apply frequency capping | Legitimate Interest | Purpose 2 |
| Fraud detection and prevention (IVT filtering) | Legitimate Interest | Special Purpose 2 |
| Contextual ad targeting | Legitimate Interest | Purpose 2 |
| Create and use audience segments | Consent | Purpose 3, 4 |
| Develop and improve our technology | Legitimate Interest | Purpose 10 |
| Supply path optimization | Legitimate Interest | Special Purpose 1 |
| Brand safety classification | Legitimate Interest | Feature 2 |
5. Data Sharing & Third Parties
We share data with the following categories of recipients, strictly for the purposes described above:
- Demand Partners (DSPs & Advertisers): Bid request data necessary for programmatic auction participation, including device signals, contextual data, and consent information
- Supply Partners (Publishers & SSPs): Reporting and analytics data related to ad performance on their properties
- Measurement & Verification Partners: OM SDK data, viewability, and attention metrics shared with accredited verification vendors (e.g., IAS, DoubleVerify, MOAT)
- Identity Partners: Hashed identifiers for cross-device matching via privacy-preserving identity solutions (Unified ID 2.0)
- Fraud Detection Partners: Device signals for invalid traffic detection and prevention
- Cloud Infrastructure: Data processed on secure cloud infrastructure with appropriate data processing agreements in place
- Clean Room Partners: Encrypted, aggregated data for privacy-preserving audience overlap and attribution analysis
We do not sell personal data as defined under the California Consumer Privacy Act (CCPA/CPRA). Sharing of data for targeted advertising purposes through our programmatic platform may constitute "sharing" under CCPA. Users may opt out via our Opt-Out page.
6. Supply Chain Transparency
Singular Ads is committed to full supply path transparency in accordance with IAB standards:
- Ads.txt / App-ads.txt: We support and enforce ads.txt and app-ads.txt authorization to ensure that only authorized sellers can offer our inventory
- Sellers.json: Our sellers.json file is publicly available and lists all publisher entities authorized to sell through our exchange
- SupplyChain Object: Every bid request originating from our platform includes a complete OpenRTB SupplyChain (schain) object identifying each node in the supply path
- Zero Resold Inventory: We maintain direct publisher relationships with no daisy-chaining or unauthorized reselling
7. Data Retention
We retain personal data for the minimum period necessary to fulfill the purposes outlined in this policy:
- Ad serving logs: 90 days (aggregated thereafter)
- Device identifiers: 13 months maximum, refreshed upon new consent
- Fraud detection data: Up to 24 months for pattern analysis
- Business partner data: Duration of business relationship plus 7 years for tax/legal compliance
- Website analytics: 26 months (anonymized thereafter)
8. International Data Transfers
Our Platform operates globally. Data may be transferred outside the European Economic Area (EEA) or United Kingdom. When this occurs, we ensure appropriate safeguards are in place:
- EU Standard Contractual Clauses (SCCs) with all relevant data processors
- UK International Data Transfer Agreement (IDTA) where applicable
- Data Processing Agreements with all sub-processors
- Assessment of third-country legal frameworks as required by Schrems II
9. Your Rights
9.1 European Economic Area / UK (GDPR / UK GDPR)
If you are located in the EEA or UK, you have the right to:
- Access the personal data we hold about you
- Rectify inaccurate personal data
- Erase your personal data ("right to be forgotten")
- Restrict processing of your personal data
- Data portability
- Object to processing based on legitimate interest
- Withdraw consent at any time without affecting the lawfulness of prior processing
- Lodge a complaint with your local supervisory authority
9.2 California (CCPA / CPRA)
California residents have the right to:
- Know what personal information is collected, used, and shared
- Delete personal information
- Opt-out of the sale or sharing of personal information
- Correct inaccurate personal information
- Limit use and disclosure of sensitive personal information
- Non-discrimination for exercising privacy rights
9.3 Brazil (LGPD)
Data subjects in Brazil have rights of access, correction, anonymization, portability, deletion, and the right to information about sharing under the Lei Geral de Proteção de Dados.
9.4 Global Opt-Out
We honor Global Privacy Control (GPC) signals and the IAB CCPA Compliance Framework. To exercise any of these rights, visit our Data Subject Access Request (DSAR) page or email privacy@singularads.com.
10. Children's Privacy
Our Platform is not directed at children under 16 years of age. We do not knowingly collect personal data from children. We comply with COPPA (Children's Online Privacy Protection Act) and equivalent international regulations. Our bid requests include signals to ensure child-directed content is appropriately handled per applicable regulations.
11. Security
We implement industry-standard technical and organizational measures to protect data, including:
- Encryption in transit (TLS 1.3) and at rest (AES-256)
- Regular security audits and penetration testing
- Role-based access controls with multi-factor authentication
- SOC 2 Type II compliant infrastructure
- Continuous monitoring and incident response procedures
12. Anti-Fraud & Invalid Traffic
Singular Ads maintains a comprehensive anti-fraud program:
- OM SDK Integration: Open Measurement SDK for transparent viewability and verification
- Pre-Bid Filtering: Real-time IVT detection on all bid requests using behavioral biometrics and device attestation
- Post-Bid Analysis: Continuous monitoring with third-party verification partners
- TAG Certified Against Fraud: Adherence to Trustworthy Accountability Group anti-fraud standards
- 99.7% Valid Traffic Rate: Verified by independent measurement
13. Brand Safety
We maintain strict brand safety standards across our Platform:
- AI-powered contextual analysis beyond keyword blocklists
- Pre-bid brand safety scoring on all inventory
- Compliance with GARM (Global Alliance for Responsible Media) Brand Safety Floor and Suitability Framework
- Integration with third-party brand safety verification (IAS, DoubleVerify)
- Publisher quality standards and ongoing compliance monitoring
14. IAB Transparency & Consent Framework
✓ IAB TCF 2.2 — Vendor ID 1225
We operate within the IAB Europe Transparency & Consent Framework and only process personal data when valid consent or legitimate interest has been established through a registered Consent Management Platform (CMP). We respect all TCF signals including:
- Purpose consents and legitimate interests
- Special features opt-ins
- Vendor-specific consent
- Publisher restrictions
When no valid TCF consent string is present in the EEA/UK, we do not bid on or process personal data for that impression. Our no-consent-no-bid policy ensures full compliance.
15. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will post the updated policy on this page and update the "Last Updated" date. Material changes will be communicated via our website and, where appropriate, via email to our business partners.
16. Contact Us
For privacy inquiries, data subject access requests, or complaints:
Dando Online Ltd
Operating as Singular Ads