Updated MARCH 21, 2024

Service Privacy Policy

I. Introduction to Throtle 

Throtle helps brands to use their own customer data, along with other licensed data, to improve customer interactions on multiple channels and devices. For instance, we provide data “onboarding” services to marketers engaged in online marketing (such as through use of Data Cookies), through our data management platform as well as other data services and platforms. 

We are a member of the Network Advertising Initiative (NAI) and adhere to the NAI’s Code of Conduct. You can click HERE to reach the Network Advertising Initiative site, a central location for information about Interest-Based Advertising and the choices available to you, and to opt-out of receiving third-party Interest-Based Advertising via cookies from us and NAI member companies. 

Throtle is also a member of the Interactive Advertising Bureau (IAB). You can choose to opt-out of Throtle’s offline services HERE and our online services HERE. We describe other opt-out methods in Section XIV below. 

Throtle receives data from a variety of business partners, clients, and other companies that license data to us, or provide us with data to facilitate our services. This information is referred to in this Throtle Service Privacy Policy as “Service Data”. 

In addition to the above, we also collect information when users visit our corporate website(s), including the one this Privacy Policy is posted on. We refer to this information as “Website Information,” and describe this information in a separate policy Throtle Website Privacy Policy

II. The Types of Data We Collect & How We Source the Information 

 Throtle “Service Data” includes the following: 

Personal Information. We sometimes use or receive information that identifies people by name, address, or email, along with information about those people’s likely preferences, interests, or demographics. An example of this would be if we know that John Smith owns a home in a particular suburb and is 53 years old. We obtain this data ourselves and through data licensors, and its source may be, for instance, census bureau data, public records, or data aggregators that collect or receive information from consumers, websites, or business transactions. 

Passively Collected Information and Identifiers. This is information that we or our business partners collect passively through websites or mobile devices (or other devices) including cookie IDs, Apple mobile IDFA identifiers and Android mobile Advertising IDs, or unique identifiers tied to those identifiers. These identifiers generally identify or are linked to particular browsers and devices. We refer to all of these identifiers as “UIDs,” and they often are tied to particular browsers and mobile devices (or other devices, such as set-top boxes). (These UIDs in turn may be “synced” or linked across multiple online content providers, ad networks, and other service providers.) We describe these identifiers in more specific detail in Section V, titled Cookies, Pixels, and SDKs That We (or Our Business Partners) Use.” Sources from which we may obtain this data are data aggregators, mobile applications, and advertising networks. 

Web and Mobile Log Data. Passively collected information we receive may also include a range of data about web and mobile logs and usage, such as the type of browser or device (or operating system) being used, an IP address (which may be associated with a computer device or a smart TV), a time-stamp, other information about a user’s device or browser, and information about whether and how a user viewed an ad or interacted with content or visited a particular website (sometimes referred to as “clickstream data”). Sources from which we may obtain this data are data aggregators, mobile applications, and advertising networks. 

III. How We Use the Data 

Generally, we use the Service Data we receive and collect in order to provide marketing, advertising, and analytics services to our customers, including various business partners. We describe our services generally below, and additional descriptions may be contained on this website. 

Data “Onboarding” Services. We use Service Data to help marketers to reach their own “CRM” lists – their proprietary “first-party” lists of their current and prospective customers – or other audiences, through third-party display media platforms. We often help marketers reach audiences representing these CRM lists (or other lists) by “onboarding” their offline data online for digital advertising purposes such as display advertising. When we do this, we often work with partners that de-identify this data and connect it in de-identified fashion to display media, or other marketing channels. 

Enabling Cross-Channel Marketing. We may use Service Data to help marketers and other data platforms in “cross-channel” or “cross-device” marketing – analyzing, locating and creating potential marketing “audiences” through multiple channels, e.g., web and mobile. For instance, we may link Service Data and UIDs to the same user (based on inferences we have made), so that a marketer can find and remarket to their same audiences through web-based, mobile, or other advertising channels. 

Creating Data Segments. We also use our Service Data to create online, mobile or other consumer audiences, represented by UIDs or personal information grouped together based on common interests or preferences (“Data Segments”). These Data Segments may identify a person or, when used online, a unique online identifier, as, for instance, enjoying sports, travel, living in a middle-class neighborhood, or having children. This information may be leveraged by marketers for content personalization to send relevant and desired offers, coupons, and ads to their customers and others. We offer these Data Segments in different forms to marketers wishing to reach customers through online (e.g., web/mobile), email, and offline channels, often working with the types of partners we describe above. 

Campaign Measurement and Market Research. We sometimes use the Service Data to help marketers measure the effectiveness of display or other media campaigns – for instance, to determine which types of ads are most likely to be seen, opened, or to lead to purchases, or to perform other market research. 

Other Campaign and Data Services. We sometimes use our Service Data to provide other data and marketing services, such as verification, data or audience analytics, data modeling, or other services that may be described on this website. 

Improving Our Products. We may use our Service Data to improve, analyze and develop our own products and to analyze their effectiveness, or to work with a business partner or client to perform similar services. We also may use the Service Data for security-related or debugging purposes. 

IV. How We Sell or Share Data with Third Parties 

Throtle may sell or share any data it holds, including Service Data (described above) as follows: 

Agents and Service Providers: We may share or sell Service Data with agents and service providers who work on our behalf, or to help us provide services requested by our customers, and with our customers themselves. We may do so, for instance, for analytical purposes, to measure campaigns, or inform future campaigns. We may do so to facilitate the sending of display media, or other requested services. 

Partners: We may share or sell Service Data (including Data Segments), with business and data partners to help provide more tailored advertising and for analytical purposes. These may include data compilers and resellers, advertising networks, or media platforms. 

Affiliates, Parents, Subsidiaries and Successors: Throtle may share or sell some or all of the data in our possession with affiliated or subsidiary companies. We may also share any data with a successor in interest who purchases all or most of our assets, or in the course of any transaction leading to such an acquisition, i.e., during due diligence. 

As Required by Law or to Protect Any Party: Throtle may disclose data if we believe that such disclosure is necessary to (a) comply with relevant laws or to respond to subpoenas or warrants served on us, or (b) to protect or otherwise defend the rights, property or safety of Throtle or any other party. 

Throtle does not sell personal information to individual consumers. Throtle does not sell personal information collected from you via throtle.io website. Throtle does have consumer data products it sells to third parties as previously described in this policy.  

Throtle Disclosure of the Sale of Data During the last 12 Months: 

Throtle has sold the following categories of data over the last 12 months with advertising networks, media platforms, advertisers of consumer goods and services, brands, social networks, and distribution partners: 

Personal Information. Information that identifies people by name, address, or email, along with information about those people’s likely consumer preferences, interests, or demographics.  

Passively Collected Information and Identifiers. Information that we or our business partners collect passively through websites or mobile devices (or other devices) including cookie IDs, Apple mobile IDFA identifiers and Android mobile Advertising IDs, or unique identifiers tied to those identifiers.  

Web and Mobile Log Data. Information that contains a range of data about web and mobile logs and usage, such as the type of browser or device being used, an IP address, a timestamp, other information about a user’s device or browser, and information about whether and how a user viewed an ad or interacted with content or visited a particular website. 

V. Cookies, Pixels, and SDKs That We (or Our Business Partners) Use 

This section provides more information about cookies and similar technologies that we, our clients and their service providers, and our business partners may use, and how they work. 

Cookies. Cookies are small text files that websites and other online services use to store information about users on users’ own computers. For instance, cookies are often used to store sign-in credentials and other preferences, so that you don’t need to enter them upon returning to a website. Cookies also often store information to make web viewing more customized to a particular user. Cookies also often store Unique Identifiers (UDIs tied to your computer or browser, so web services and third-party ad networks can recognize you across different websites over time. You may be able to configure your internet browser to advise you each time a cookie is being placed, and you may be able to refuse all or certain cookies altogether. However, if you refuse cookies (particularly first party cookies), this may interfere with certain website operations that are optimized and customized to you and may interfere with other important functions of websites. Throtle places cookies (and may allow third parties to place cookies) on our own website. We also sometimes act as a “third party” and deploy cookies (or sync with other cookies) placed on other websites or by other business parties. When we place these third-party cookies, they do not contain what we refer to as “personally identifiable information” such as name, address, email address or phone number, and we expire these cookies within 24 months (and often over a shorter time than that). 

Pixels or Web Beacons. Pixels, sometimes called web “beacons,” may also communicate information from your internet browser to a web server. Pixels can be embedded in web pages, emails and even videos, and can allow a web server to collect or read information from your browser, determine whether you have viewed particular web content or emails, or determine your IP address or the URL you are viewing content. We often work with business partners (who are themselves third-party providers) to provide our services, and these partners often set and access their own cookies, pixel tags, and use other technologies to interact with your device, which may have cookies with varying expiration periods. These partners also may collect various types of information, often in pseudonymous or de-identified form, about your browser, device, or browsing activities through these cookies. 

Some of our partners use cookies to link to various de-identified information and identifiers that are derived from personal information, and inferred personal interests, preferences, or other demographic information. These partners use various de-identification techniques such as “hashing,” to obscure and make non-human readable personal identifiers. For instance, a hashed version of “ouruser@emailprovider.com” might read as: “e37cda4da913332dc143a6a43174de8a9457697f.” 

Mobile Identifiers and SDKs: We may also work with partners who use mobile “SDKs” (software development kits) to collect information about how users interact with mobile apps, platforms, and systems, including third party ad networks. The SDK is computer code that app developers can include in their apps to enable ads to be shown, data to be collected, or to optimize or improve their apps in other ways. These SDKs may collect (and provide to us) information such as mobile identifiers (e.g., Apple IDFAs and Android Advertising IDs), and information about what apps a user engages with, mobile devices information, and how users interact with ads. To avoid having ads tailored to you in this way on your mobile device, please following the instructions in the below Section IX titled “Do Not Sell My Personal Information: Your Opt-Out Rights.” 

VI. GDPR Compliance Statement 

The General Data Protection Regulation (GDPR) is effective as of May 25, 2018 across all European Union (EU) member states. In short, if you process data about individuals in the context of selling goods or services to European citizens in any EU country, then you will need to comply with GDPR. 

At the bare minimum, the GDPR was drafted with the intended purposes of protecting all non-anonymized personal data (or personally identifiable information: PII). And any company (or organization) that stores or processes personal information about “natural persons” (individual human beings) who are “data subjects” under the Regulation — e.g., persons who reside in an EU state — must comply. 

VII. Throtle’s Policy Regarding EU Data, Protection & Security 

It is our general policy to not deliberately accept for processing any personal data where an individual resides in any EU member country. Throtle performs scans on data that we ingest from sources, partners and clients designed to identify non-US postal and foreign email domains. In addition, we work with our partners and sources to inform us if they are ingesting any data from outside the US. Throtle regularly cleanses its Identity graph to remove any linkages that are found to originate outside the United States. 

VIII. CCPA (California Consumer Privacy Act) Consumer Rights

At Throtle, we take privacy and personal information very seriously and are committed to complying with all applicable laws and regulations, including the California Consumer Privacy Act (“CCPA”) regulation. We see CCPA as an opportunity to further safeguard consumers’ rights by providing them with the data needed to make informed decisions regarding their personal information. This includes understanding and controlling how and why their personal information is collected, used, and disclosed. 

In compliance with CCPA rules effective as of January 1, 2020, consumers who are California residents (as defined by the CCPA) have: 

  • The right to know what personal information is being collected about them and what the business purposes are for doing so 

  • The right to know to whom their personal information is being disclosed or sold to 

  • The right to opt-out of the sale of their personal information 

  • The right to access and correct their personal information 

  • The right to request deletion of their personal information 

Throtle Service Data is subject to CCPA. Information regarding what type of data we collect, the source of the information, our business purposes for using the data, and to whom such information is disclosed or sold is detailed in Sections II-V of our Privacy Policy above, in accordance with CCPA requirements. 

While we do not typically have direct interactions with consumers, Throtle has made mechanisms available to support consumer requests for opt-outs, delete requests, and requests to know in accordance with CCPA requirements. Instructions to submit opt-out requests, delete requests, and/or right to know requests through either our Website or our Toll-Free number may be referenced in Sections XV-XVII  of this Privacy Policy. 

Non-discrimination 

We will not discriminate against you for exercising any of your CCPA (or any other State or Federal privacy) rights. Unless permitted by the CCPA, we will not: 

  • Deny you goods or services 

  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties 

  • Provide you a different level or quality of goods or services 

  • Suggest that you may receive a different price or rate for goods or services or a different level of goods or services. 

CCPA Requirements for Minors 

The CCPA includes special restrictions on the sale of children’s personal information. Businesses must obtain special “opt-in” consents for the sale of personal information if they wish to sell information related to minors under 13, or information of minors 13 to 16 years of age. 

Throtle does not knowingly accept, process, or sell any personal information related to minors in all U.S. States. 

IX. Virginia Consumer Privacy Rights 

The Virginia Consumer Data Protection Act (VCDPA) provides privacy rights to Virginia consumers and imposes related obligations on businesses subject to the VCDPA. The following information is provided to explain consumers' rights and the obligations Throtle has under the VCDPA.  

Throtle Service Data is governed by VCDPA. Information regarding what type of data we collect, the source of the information, our business purposes for using the data, and to whom such information is disclosed or sold is detailed in Sections II-V of our Privacy Policy above. 

VCDPA Consumer Rights 

Residents of Virginia, as defined by VCDPA, have the following rights: 

  • The right to know what personal information is being collected about them and what the business purposes are for doing so 

  • The right to know to whom their personal information is being disclosed or sold to 

  • The right to unsubscribe or opt-out from usage of their personal information 

  • The right to access, correct, or request deletion of their personal information 

You can find information on how to exercise your rights in sections XV-XVII  below. 

X. Colorado Consumer Privacy Rights 

The Colorado Privacy Act (CPA) provides privacy rights to Colorado consumers and imposes related obligations on businesses subject to the VCDPA. The following information is provided to explain consumers' rights and the obligations Throtle has under the CPA.  

Throtle Service Data is governed by CPA. Information regarding what type of data we collect, the source of the information, our business purposes for using the data, and to whom such information is disclosed or sold is detailed in Sections II-V of our Privacy Policy above. 

Residents of Colorado, as defined by CPA, have the following rights:  

  • The right to know what personal information is being collected about them and what the business purposes are for doing so 

  • The right to know to whom their personal information is being disclosed or sold to 

  • The right to unsubscribe or opt-out from usage of their personal information 

  • The right to access, correct, or request deletion of their personal information 

You can find information on how to exercise your rights in sections XV-XVII  below. 

XI. Connecticut Consumer Privacy Rights 

The Connecticut Consumer Data Privacy Act (CTDPA) provides privacy rights to Connecticut consumers and imposes related obligations on businesses subject to the CTDPA. The following information is provided to explain consumers' rights and the obligations Throtle has under the CTDPA.  

Throtle service data is governed by CTDPA. Information regarding what type of data we collect, the source of the information, our business purposes for using the data, and to whom such information is disclosed or sold is detailed in Sections II-V of our Privacy Policy above. 

Residents of Connecticut, as defined by CTDPA, have the following rights: 

  • The right to know what personal information is being collected about them and what the business purposes are for doing so 

  • The right to know to whom their personal information is being disclosed or sold to 

  • The right to opt-out of the sale of their personal information 

  • The right to access and correct their personal information 

  • The right to request deletion of their personal information 

You can find information on how to exercise your rights in sections XV-XVII below. 

 

XII. Utah Consumer Privacy Rights 

The Utah Privacy Act (UCPA) provides privacy rights to Utah consumers and imposes related obligations on businesses subject to the UCPA. The following information is provided to explain consumers' rights and the obligations Throtle has under the UCPA.  

Throtle Service Data is governed by UCPA. Information regarding what type of data we collect, the source of the information, our business purposes for using the data, and to whom such information is disclosed or sold is detailed in Sections II-V of our Privacy Policy above. 

Residents of Utah, as defined by UCPA, have the following rights: 

  • The right to know what personal information is being collected about them and what the business purposes are for doing so 

  • The right to know to whom their personal information is being disclosed or sold to 

  • The right to opt-out of the sale of their personal information 

  • The right to access their personal information 

  • The right to request deletion of their personal information 

You can find information on how to exercise your rights in sections XV-XVII  below.  

XIII. Oregon Consumer Privacy Rights 

The Oregon Consumer Privacy Act (OCPA) provides privacy rights to Oregon consumers and imposes related obligations on businesses subject to the OCPA. The following information is provided to explain consumers' rights.  

Information regarding what type of data we collect, the source of the information, our business purposes for using the data, and to whom such information is disclosed or sold is detailed in Sections II-V of our Privacy Policy above. 

Residents of Oregon, as defined by OCPA, have the following rights: 

  • The right to know whether the controller is processing the consumer’s data 

  • The right to obtain a copy of the consumer’s personal data 

  • The right to correct inaccurate personal data 

  • The right to request deletion of their personal information 

  • The right to receive a list, at the controller’s discretion, of third parties to whom the controller has disclosed the consumer’s personal data 

  • The right to opt-out of processing, sale, or profiling of the consumer’s personal data 

  • The right to revoke any previous given consent 

You can find information on how to exercise your rights in sections XV-XVII below. 

XIV. Nevada Consumer Privacy Rights 

The Nevada Privacy Law (NPL) and Nevada Consumer Health Privacy Law (NCHPL) provide privacy rights to Nevada consumers and imposes related obligations on businesses subject to the NPL and NCHPL. The following information is provided to explain consumers' rights.  

Information regarding what type of data we collect, the source of the information, our business purposes for using the data, and to whom such information is disclosed or sold is detailed in Sections II-V of our Privacy Policy above. 

Residents of Nevada, as defined by NPL and NCHPL, have the following rights: 

  • The right to review and request changes to their personal or health information 

  • The right to opt-out of the sale of personal or health information 

  • The right to rescind or withdraw consent 

  • The right to a list of third parties with whom data has been sold 

  • The right to delete personal or health data 

You can find information on how to exercise your rights in sections XV-XVII below. 

XV. Do Not Sell My Personal Information: Your Opt-Out Rights 

Some of our services involve the use of inferred user interests and preferences collected or employed across multiple websites, devices or channels. These services are often referred to as a type of “Interest-Based Advertising” or “IBA,” and we provide a way for consumers to “opt-out” of these IBA services. There are several methods by which you may opt-out of our IBA service as described below. 

Throtle Cookie Opt-Outs, i.e. “Do Not Sell” Requests 

If you decide to opt-out of our IBA services via this method, we will set an opt-out cookie (or similar technology) on your browser or device, to indicate to us that you have opted out. You may opt-out by clicking HERE. 

We will complete the processing of your opt-out request within 15 days of receipt. 

Please note that if you browse the web from multiple browsers or devices, you will need to opt-out from each browser and/or device to ensure that we withhold our IBA services on all of them. For the same reason, if you procure a new device, change browsers or delete your Throtle opt-out cookie (or clear all cookies), you will need to perform this opt-out task again. 

Also note that the opt-out cookie cannot be set if your browser is configured to block third-party cookies. 

Please note that your choice to use any of our opt-out tools will not affect ads placed by any other organization. 

Third-Party Cookie Opt-Outs 

If you would like to opt-out of other third party ad platforms and services (including some that we work with, and may have transferred data to previously), we recommend visiting the opt-out pages offered by the Network Advertising Initiative (the NAI), the Digital Advertising Alliance Web Choices Tool or the Digital Advertising Alliance CCPA Opt Out Tool. Opting out in this way will not prevent you from seeing ads. It will, however, generally prevent ads that are targeted to inferences made about your preferences based on your activity across websites and over time. 

Permanent Opt-outs via Mobile Advertising IDs (MAIDs) 

Apple assigns an “ID for Advertising” (IDFA) to each iOS device, and Google assigns an “Advertising ID” to all Android devices. Similar to how a cookie is leveraged for IBA on a web browser, these Mobile Advertising IDs (MAIDs) can be used to deliver ‘cross-app’ advertising ads to mobile applications to help inform your ad preferences. 

If you would like to opt-out of this advertising, you can generally opt-out through your device “settings.”. Common device settings are as follows: 

For Apple Devices: Apple users can opt-out of remarketing by enabling a device setting called “Limit Ad Tracking” (LAT), which restricts advertisers from using the IDFA for behavioral advertising. On your iOS or iPadOS device, you can enable Limit Ad Tracking by going to Settings > Privacy > Advertising and turning on Limit Ad Tracking. You may also reset your advertising ID by going to Settings > Privacy > Advertising > Reset advertising ID. You can reference further details on how to limit ad tracking on your iOS device here: IDFA Opt-Out

For Android Devices: Similar to IDFA for Apple devices, Android users may opt-out of app-based tracking for IBA by opening the Google Settings app on your device, selecting Ads, and then selecting the option to opt-out of interest-based ads. You can learn more about how identifiers on mobile are used for advertising and receive instructions on how to opt-out of mobile advertising on the Google Privacy & Terms website. 

Please note that these platforms control how these settings work, so the above may change, at their discretion. Likewise, if your device uses other platforms not described above, you should check the settings for those devices. 

You may also opt-out of Throtle’s use of Mobile Advertising IDs (MAIDs) set by Android devices via the following link on our webpage: https://throtle.io/data-privacy-manager/do-not-sell/. Because Apple does not disclose their IDFA to users, we are not able to establish an opt-out request based on an Apple MAID (IDFA) in our system. MAIDs are device specific, so you must include each mobile device (e.g smart phone, tablet) that you use as part of your opt-out request. 

We will complete the processing of your opt-out request within 15 days of receipt. 

We will retain your associated personal information on an internal “opt-out” list to prevent further sale of your data in connection with Throtle services. 

Opt-outs via IP Address 

You may opt-out of the use of your IP Address in connection with Throtle services by submitting an opt-out via the following form on the Throtle webpage: https://www.throtle.io/data-privacy-manager

Please note, if you use several IP addresses you must include all of them in your opt-out request. Also note that Throtle will need a name and/or email address to pair with the IP address so we can be thorough in ensuring we opt-out the appropriate identity. 

Since IP addresses update frequently on most consumer devices, Throtle will maintain your IP in our opt out system for at least 200 days. 

We will complete the processing of your opt-out request within 15 days of receipt. 

Please note that your choice to use any of our opt-out tools will not affect ads placed by any other organization. 

Permanent Opt-outs via Email Address, Name/Home Address, or Telephone Number 

You may opt-out of the use of your email address, name/home address, or telephone number in connection with Throtle services by submitting an opt-out via the following form on the Throtle webpage: https://throtle.io/data-privacy-manager/do-not-sell/

Please note, if you use several email addresses you must include all of them in your opt-out request. Similarly, if you have multiple home addresses or telephone numbers, you must submit opt-outs for each one. 

We will complete the processing of your opt-out request within 15 days of receipt. 

If you opt-out, we will retain your hashed email address on an internal “opt-out” list to prevent further sale of your data in connection with Throtle services. Please note that opting out of Throtle’s processing of your data does not mean that online advertising will be blocked altogether or that you will see fewer ads, it means the ads you see will not be personalized for you. Ads may be served because they relate to the website you are visiting or to your current search, or they may just be randomly placed. 

Please note that your choice to use any of our opt-out tools will not affect ads placed by any other organization. 

XVI. Delete Requests 

In compliance with CCPA, and other State, privacy regulations, residents have the right to request that Throtle delete any personal data that we may have collected from a Consumer. A delete request may be submitted via the following webform on the Throtle website (/data-privacy-manager/delete-request/) or by calling our toll-free number (866) 672-5235. 

Throtle will confirm receipt of Delete Requests within 10 days including a brief description about how Throtle will process the request. 

We will complete the processing of your delete request within 45 days after receipt. If Throtle is unable to process the request within 45 days, we will notify you with an explanation of the delay, with an extension to not exceed an additional 45 days. 

XVII. Right to Access Personal Information 

In compliance with CCPA, and other State, privacy regulations,  residents may request certain information with respect to the PII we (when we act as a “business” under the CCPA) store, process, or share with third parties for those third parties’ direct marketing purposes. This includes: 

  • The categories of personal information that have been collected 

  • The specific pieces of personal information that have been collected about that consumer 

To exercise your rights, please submit a request to us by either completing our ‘Request to Know’ webform on our website (https://throtle.io/data-privacy-manager/request-to-know/) or by calling our toll-free number at (866) 672-5235. 

We take security and privacy very seriously and take proactive measures to ensure we do not inadvertently disclose your personal information to an unauthorized third party. In order to securely verify your identity for all detailed Right to Access requests, we request a copy of a government issued ID as part of the required information (along with your name/address, email or MAID ID). If you do not have a government issued ID, please contact us at https://throtle.io/data-privacy-manager/request-to-know to request alternate documentation options for identity verification. 

Only you, or a person registered with the California Secretary of State, or other State administrative offices with similar privacy laws, that you authorize to act on your behalf, may make a verifiable customer request related to your personal information. You may only make a request for access twice in a 12-month period. The request must provide sufficient information that allow us to reasonably verify you are the person about whom we collected personal information or an authorized representative, and if you are an authorized agent, we may request additional proof as permitted by the CCPA, and other State privacy laws, such as power of attorney. The scope will be limited to data from the 12-month period preceding the Consumer’s request. 

Throtle will confirm receipt of your Right to Access request within 10 days including a brief description about how Throtle will process the request. This includes Throtle’s verification process and timing of when the consumer should expect a response. 

We will respond to your verified request within 45 days. If we cannot verify your identity or authority to make the request and confirm the personal information relates to you, we will notify you within 45 days as to why the request cannot be completed. 

If Throtle is unable to process the request within 45 days, and requires more time to do so, Throtle will notify you with an explanation of the delay, with an extension to not exceed an additional 45 days. 

We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request. 

XVIII. Sensitive Information, and Information Pertaining to Health Conditions 

Throtle does not offer for public use Data Segments we have created containing or identifying sensitive health conditions or medical ailments, or regarding a person’s sexual orientation. This only applies to the data that Throtle itself directly provides, however — our customers, data partners, ad networks or other platforms with whom we work may use or make available their own, distinct sets of data. 

Throtle creates and shares audience segments consisting of political data available on our platform where permitted by law and self-regulatory rules. Click here for a list of standard political segments. 

While Throtle does not maintain sensitive data on health conditions or medical ailments, Throtle may create or share Data Segments consisting of those with interests about health and wellness topics. These topics include:  

  • Interest in Dieting/Weight Loss 

  • Purchase of Health or Beauty Products 

  • Known Reader of Medical or Health Materials 

None of the above data segments are specific to any conditions or diagnoses.  

XIX. Security and Data Integrity 

Throtle takes steps to help ensure that the data we possess is housed and transmitted securely. We use multiple types and layers of physical and electronic security, including firewall protections, encryption of data during transfer, and strict access controls to personal information. While neither we nor any platform can guarantee 100 percent safety from hacks or illegal intrusion, we make substantial efforts to ensure that this does not occur. 

XXX. Updates to this Privacy Policy 

We may update this Privacy Policy from time to time, such as to describe new types of data we collect or services that we offer. If you are interested in our data collection, use and sharing policies, we recommend that you check back to review these updates, as they occur. 

XXI. International Users 

Our Service Data is generally stored on servers in the United States. If your information is used in our services, and you are located in another country (such as a nation within the European Union), you should know that the laws governing various types of data in the United States may be different or less protective than those of your own country, and you may wish to consider that factor in deciding whether or not to opt-out of our or other similar data services. 

XXII. Data Retention 

The service data we hold is not subject to any sector specific data retention requirements. As described in Sections II-IV above, we process ‘Service Data’ for different purposes, and the length of time that we retain this data varies depending on the processing purpose, the type of data and certain external factors. 

We retain raw, cookie level data associated with our services for up to 12 months. 

Throtle service cookies expire in 9 months, however additional user registration at an onboarding partner site may result in placement of a new cookie. 

Associations made through Mobile Identifiers expire 18 months after the last time you interact with a partner website or advertiser. 

All other offline data is retained as long as it is useful in our products. 

Data may be deleted as space requires or in the normal course of business. Furthermore, we may delete personal data in response to a request from a user under applicable law, when requested to do so by our clients, or when contracts with our clients end. Generally, Client data obtained as part of our services is retained for up to 6 months following the termination of the relationship, unless the Client has requested a longer retention period.” 

Questions or Concerns 

If you have questions or concerns about Throtle’s privacy efforts or products, please contact us at: 

ATTN: Privacy Officer 

Throtle, Inc. 

141 West Front Street, Suite 312 

Red Bank, NJ 07701 

Or, you may email us at privacy@throtle.io