SpinX
SpinX

Legal

Privacy Policy

Last updated: 15 October 2025

1. About SpinX

SpinX Pte Ltd operates a programmatic ad exchange connecting advertisers and publishers for automated buying and selling of digital advertising inventory. Services include real-time bidding, ad delivery, measurement, optimization, fraud mitigation, consent propagation, and analytics, operating globally.

2. Information We Collect

2.1 From Business Partners

  • Business contact details (name, email, company, role)
  • Account details (logins, roles), billing and payment information
  • Communications (support tickets, emails, call notes)

2.2 From End Users

Through ad requests and auction mechanics:

  • IP address, device identifiers (IDFA, GAID), user agent
  • Browser/OS type, device model, language, non-precise geo
  • App or domain where ads appear, timestamp, session metadata
  • Ad delivery and engagement metrics (impressions, clicks, viewability)
  • Consent signals (IAB TCF consent string) and preferences
  • Contextual or behavioral signals where permitted by consent

Not collected: Direct identifiers like name, personal email, phone from end users; sensitive data categories (health, biometric, financial).

3. Legal Bases

Processing relies on:

  • Consent for personalized ads or third-party sharing
  • Legitimate interests (service operation, security, fraud prevention)
  • Contractual necessity to provide services
  • Legal obligations (compliance, tax, reporting)

4. How We Use Information

  • Deliver, measure, and optimize digital advertising
  • Enable real-time bidding and auction mechanics
  • Detect and prevent invalid traffic and fraud; ensure brand safety
  • Honor and propagate consent signals under IAB TCF
  • Provide reporting, insights, and performance analytics
  • Operate, maintain, improve, and secure Services
  • Support, billing, account management, communications
  • Comply with laws, audits, regulatory requests

Aggregated or anonymized data may be used for research and business intelligence.

5. Data Sharing & Disclosure

  • Demand & Supply Partners: To execute advertising transactions per consent and law
  • Technology Providers: Fraud detection, viewability, analytics, hosting under limiting contracts
  • Legal/Regulatory Authorities: Where required by law or to protect rights and safety
  • Corporate Transactions: Merger, acquisition, reorganization with appropriate safeguards
  • Aggregated/Anonymized Outputs: Not identifying individuals or devices

Personal data is not sold for direct marketing.

6. International Transfers

Data processing occurs globally across EU, UK, US, and APAC. When transferring personal data from regions with data protection laws to other countries, SpinX implements Standard Contractual Clauses or other lawful mechanisms ensuring adequate protection.

7. Data Retention

  • Ad-tech log data (requests, bidding, invalid traffic) retained up to 180 days unless law requires longer
  • Business records (contracts, billing, compliance) retained as required by applicable law
  • Aggregated/anonymized datasets retained for analytics without time limit

Data is securely deleted or anonymized when no longer needed.

8. Cookies & Similar Technologies

Websites and partners use cookies, SDKs, pixels, and similar technologies for functionality, analytics, fraud prevention, consent management, and ad measurement. Users can manage cookies via browser settings. Opt-out options include YourOnlineChoices (EU) or the Network Advertising Initiative (US).

9. Your Rights

Depending on location, individuals may have rights to access, rectify, delete, restrict, or object to processing; request portability; withdraw consent; and lodge complaints with supervisory authorities.

To exercise rights, contact contact@spinx.io. Identity verification may be requested.

10. Security

Administrative, technical, and physical safeguards protect data, including access controls, encryption-in-transit, monitoring, and regular reviews. No system is perfectly secure; strong security practices by all partners are encouraged.

11. Children's Data

Services are not directed to individuals under 18. SpinX does not knowingly collect minor data. Contact us for deletion requests if applicable.

12. Compliance & Industry Standards

  • IAB Europe Transparency & Consent Framework (TCF): Approved Vendor
  • Trustworthy Accountability Group (TAG): Member
  • Regulatory Alignment: GDPR/UK GDPR, CCPA/CPRA, Singapore PDPA, and applicable laws

13. Changes to This Policy

Updates reflect changes in practices, technology, or legal requirements. The date at the top indicates the latest revision. Material changes are highlighted or communicated directly.

14. GDPR Compliance

SpinX complies with GDPR (EU 2016/679) for data subjects in the EEA and UK.

Lawful Basis for Processing

  • Consent: For personalized ads where required
  • Contractual necessity: Providing Services to partners
  • Legal obligation: Complying with applicable laws
  • Legitimate interests: Platform operation, fraud prevention, analytics, improvement

Your GDPR Rights

  • Access personal data
  • Rectify inaccurate or incomplete data
  • Erasure (“right to be forgotten”) where applicable
  • Restrict processing in certain circumstances
  • Data portability in structured, machine-readable format
  • Object to processing, including direct marketing
  • Withdraw consent for consent-based processing

Data Protection Officer

Oversees GDPR compliance. Contact: contact@spinx.io

Supervisory Authority

Lodge complaints with local data protection authorities or consult the European Data Protection Board.

15. Contact Us

SpinX Pte Ltd
138 Robinson Rd, #26-01 Oxley Tower
Singapore 051531
Email: contact@spinx.io
Website: www.spinx.io