taking privacy and web data protection seriously

Krux delivers technology to help website operators and users manage and protect consumer data. Our overarching goal is to make digital media less creepy and more productive for consumers, publishers, and advertisers. That's why we take data privacy and data piracy very seriously.

There are many practices on the web today that, while not illegal, are unethical and inappropriate. Two of the more egregious examples include the distribution of spyware or malware, and the emerging practice of reaching into a user's browser during a website visit to read and record past web surfing habits. Serious questions can also be raised about the increasing number of third parties who are skimming or stealing audience data from a website through rogue cookie and pixel activities.

We make Publishers (defined below) and other website operators aware of uninvited, unauthorized entities who are skimming data from their sites, and we give them tools to mitigate and control such data flow within the technical limitations induced by existing internet protocols and standards.

We use data collected via our technology to enhance our products, improve the performance and security of our systems and our customer’s systems, and support our customers' business needs within the bounds established by this privacy framework.

Krux is not in the business of setting industry standards, but we do all that we can to advance industry dialogue and improve standards of practice. To that end we will enable our clients to manage their data in a responsible way; we will empower consumers to determine what data is collected and how it is used; and we will expose inappropriate or unethical practices in data collection and ad targeting whenever we discover them. Through our technology, we will expose bad actors and their actions, educating the industry and consumers on the impact of any unethical, inappropriate, or illegal activities we discover.

In all of our work, we will seek to maintain alignment with standards established by groups such as the IAB, NAI, DAA, and OPA, and we are members in good standing of the IAB and OPA.  When we feel industry standards fall short, we will take all reasonable steps to ensure that our customers and consumers receive greater protection. Above all, our priorities are to advance the interests of publishers and consumers and to expose and correct bad data practices. By doing so, we will enable the industry to become a more responsible steward of audience data.

How data is collected on the Internet

Cookies: Most websites use a small computer file known as a “cookie” to help provide many services and improve the user experience.  A cookie is a small unique randomly generated text file sent by a website's server to be stored on the user's web-enabled device that is returned unchanged by the user's device to the server on subsequent interactions. The cookie enables the website domain to associate data with that device and distinguish requests from different devices.  Examples of the use of cookies would be to associate a set of website viewer preferences with a device or user (without identifying the user), such as a language preference or other user configurable options. 

Should I disable or delete cookies?

Users have the ability to accept or decline cookies.  Currently, there are five ways to disable or delete the cookies stored by your Internet browser.  Each browser is different in its user interface, so you may need to refer to your help or FAQ file to determine how to delete or disable cookies in your browser. You may set the browser to (i) delete all cookies manually; (ii) refuse all cookies for all website visits; (iii) refuse all third party cookies (all cookies from other than the website being visited); (iv) use an “Opt-Out” mechanism; or (v) require your approval to accept cookies.  If you delete or refuse cookies you will find that many websites do not function as well as they did when using cookies. For example, websites where you have an account may not recognize your browser and it may take additional steps to login and reach the desired portion of the website. If you require permission to accept cookies, you may find the number of requests is so high as to make this impractical. If you accept cookies, you will be able to later delete the cookies. Please refer to information provided by your browser and follow the instructions regarding deleting cookies.

Current web browsers that conform with industry standards contain a mechanism, known as a “Do Not Track” (“DNT”), that allows a user to elect to opt-out of the collection of certain browsing data by websites.  As a user, you may elect to employ the DNT option if your browser supports it.  The Krux platform recognizes these DNT signals from consumer browsers and ensures those users’ wishes are honored across all websites using our technology for data collection and targeting.  Further, Krux offers a one click opt-out solution for users who have not made a DNT election but who wish to opt-out of any tracking and targeting via Krux.    

About pixel tags: Pixel tags (also known as beacons) are small strings of html or JavaScript code that provide a method for delivering a graphic image on a Web page or other document. Pixel tags allow the operator of the Web page or other document, or a third party who serves the pixel tag, to set, read, and modify the Krux Digital targeting cookies. Pixel tags may also be used to obtain information about the computer being used to view that Web page such as the IP address of the computer to which the pixel tag is sent, the time it was sent, the user's operating system and browser type, and similar information.  No personally identifiable information is collected through the use of pixel tags.

 

Security

We take commercially reasonable efforts to maintain security protections in accordance with industry “best practices” to protect data we collect from loss, alteration, destruction, misuse and unauthorized access or disclosure. We maintain strict control and physical security of the facilities used to store data and only allow access to authorized personnel.  We restrict access to data to those employees, contractors and agents that have a need to know the information in order to provide and support our services. All Krux employees are bound by confidentiality obligations and may be subject to disciplinary or legal action if they fail to meet these responsibilities.

We process information in data centers located in the United States and the European Union, and to facilitate our operations, we may transfer data between locations and across international boundaries. You understand and agree to this transfer and our compliance with the laws of the country(ies) in which the data center(s) is/are located.

Krux Privacy Policy

We do not use cookies on our own site for any other purpose than to enable consumers to opt in or out of our privacy framework and to collect Krux Session Data (defined below).  All Krux cookies other than the Krux Opt-Out cookie expire automatically if inactive for six (6) months.   We will not, and will not enable website owners or operators that use our technology (“Publishers”) to, use our technology to associate or link any personally identifiable information (defined below) (“PII”) to any cookies or non-personally identifiable information (“non-PII”).  We will actively work to prevent our Publishers from engaging in any activity that results in linking PII to non-PII.

When you visit the Krux website (the "Krux Site"), you may be explicitly asked to provide some information about yourself in order for us to provide you services that you request (“Account Data”). This may include your name, home or business address, e-mail address, and/or telephone number, all of which is considered PII.   You can chose to provide this information to us by entering it into the Krux Site when requested.  We can only obtain this information from you if you choose to enter it into the Krux Site, and we will only use it to communicate with you and provide you, directly and through third parties, the services you requested.  However, if you do not provide such information, we will be unable to provide some or all of the services you requested.

When you navigate to the Krux website, we will also collect non-PII related to your visit to the Krux Site (“Krux Session Data”).   When you navigate to a Publisher website (the “Publisher Site”), the Publisher may also collect and transfer to Krux, certain non-PII related to your visit to their website (“Publisher Session Data”). This may include information about how you came to the Publisher Site, which search engine(s) and search terms you used to find the Publisher Site, your experience on the Publisher Krux Site, and similar information.  Additionally, certain standard information that your browser sends to every website you visit, such as your IP address, browser type and language, access times, and referring Web site addresses is collected by Krux during visits to the Krux Site and by the Publisher during visits to the Publisher Site.

Certain types of data associated with a specific individual, such as Social Security Numbers or other Government-issued identifiers, financial account numbers, sexual orientation, precise information about an individual’s past, present, or potential future health or medical conditions or treatments, including genetic, genomic, and family medical history, are highly sensitive (“Sensitive Data”) and Krux does not itself collect, use, or store Sensitive Data. 

How we use non-PII

Krux uses the Krux Session Data and the Publisher Session Data to operate and enhance the Krux Site, the Publisher Site (in accordance with the Publisher's request), and to facilitate Krux services.  We do not use any Krux or Publisher Session Data that is more than ninety (90) days old for user profiling or targeting.  The source data used to inform user profiling or targeting is stored by Krux for six (6) months, after which time it is purged.  Non-PII may be stored and processed in the U.S. or any other country where Krux or its service providers, or its or their affiliates, conduct business.

How we use PII

We aim to keep PII data off of our platform whenever possible. If we are required to host PII data, we will do so only at the specific request of the Publishers or consumers from whom it originates and will protect that data in accordance with all applicable state and federal laws and this Privacy Policy.  If you terminate your account, we will remove your PII from our systems within a reasonable time following such termination, subject to our right to retain (i) copies of transactions between you and Krux and related payment information, and (ii) information relating to any dispute or potential fraud.

Krux does not share PII without the user's permission. If we discover that a Publisher is using or sharing PII without the user's permission, or not complying with their Privacy Policy, we will immediately alert the Publisher. If the Publisher does not take aggressive, feasible steps to remedy the infraction within 15 days, we will terminate the Publishers use of our services and sever our contractual relationship. From time to time, Krux engages with partners to perform services on behalf of Krux or other publishers who use our services. For example, we use third parties under contract with Krux (“Contracted Parties”) to provide services such as credit card verification and processing, fraud detection and prevention.  In all cases, Contracted Partners are contractually required to maintain the confidentiality of PII and may not use it for purposes other than performing the specific services on Krux's behalf.  Other than such disclosure to Contracted Parties, Krux may also disclose PII is if such disclosure is required for Krux to comply with valid and binding legal requirements, to protect Krux's rights or property (or that of Krux customers), and/or where needed to protect personal safety.  In the event we are required to disclose personal information in response to legal process or a government request, we will notify you to the extent we are legally permitted to do so.

In accordance with industry standards and the COPPA regulations, we do not knowingly collect, administer, or enable the commercial use of PII relating to children less than 13 years of age.

Krux will provide the ability for users to (i) obtain and correct or request destruction of any PII relating to them maintained by Krux by sending an email to privacy@krux.com or by contacting us at the address noted below, (ii) control the delivery of promotional emails from Krux, (iii) "opt out" from receiving cookies (other than an “Opt-Out” cookie) from the Krux Site and participating Publisher Sites through the Krux “opt-out mechanism” located here and displayed on our site, and (iv) opt-out of any behavioral targeting or tracking through the use of your browser’s DNT feature. 

Residents of the European Union or Switzerland

Krux complies with the US-EU Safe Harbor Framework and US-Swiss Safe Harbor Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland.  Krux has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement.  To learn more about the Safe Harbor program, and to view our certification page, please visit

http://www.export.gov/safeharbor/

.

In compliance with the US-EU and US-Swiss Safe Harbor Principles, Krux commits to resolve complaints about your privacy and our collection or use of your personal information.  European Union or Swiss citizens with inquiries or complaints regarding this privacy policy should first contact Krux via: email at:

privacy@kruxdigital.com

or postal mail at 181 South Park, #2, San Francisco, CA 94107.

Krux has further committed to refer unresolved privacy complaints under the US-EU and US-Swiss Safe Harbor Principles to an independent dispute resolution mechanism, the BBB EU SAFE HARBOR, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by Krux, please visit the BBB EU SAFE HARBOR web site

here 

for more information and to file a complaint.

Changes and questions

From time to time, we may update this privacy policy to reflect changes in industry standards or evolving legal requirements when necessary and all changes will comply with regulatory, legal, and industry standards. Please review this privacy policy from time to time to remain informed regarding how Krux is protecting your information.

If you have any questions regarding this privacy policy, or if you would like additional information, please contact us at privacy@krux.com, or via mail to 181 South Park, #2, San Francisco, CA 94107.

Last Updated: November 30, 2012