Privacy Policy
Last Updated: 15 October 2025
1. About SpinX
SpinX Pte Ltd ("SpinX", "we", "our", "us") operates a Programmatic Ad Exchange connecting advertisers and publishers to facilitate automated buying and selling of digital advertising inventory. Our Services include real-time bidding (RTB), ad delivery, measurement, optimization, fraud mitigation, consent propagation, and analytics. We serve and operate globally.
By using our Services, you agree to this Privacy Policy. If you disagree, please discontinue use of the Services.
2. Information We Collect
2.1 From Business Partners
- Business contact details (name, email, company, role)
- Account details (logins, roles), billing and payment information
- Communications (support tickets, emails, call notes)
2.2 From End Users (via Ad‑Tech Integrations)
Through ad requests and auction mechanics, we may collect or receive:
- IP address, device identifiers (e.g., IDFA, GAID), user agent
- Browser/OS type, device model, language, non‑precise geo
- App or domain where the ad is shown, timestamp, session metadata
- Ad delivery and engagement metrics (impressions, clicks, viewability)
- Consent signals (e.g., IAB TCF consent string) and preferences
- Contextual or behavioral signals where permitted by applicable consent
We do not collect direct identifiers such as name, personal email, or phone from end users, and we do not process sensitive categories of data (e.g., health, biometric, or financial data).
3. Legal Bases
Depending on jurisdiction, our processing relies on one or more of the following:
- Consent (e.g., for personalized ads or third‑party sharing where required)
- Legitimate interests (service operation, security, fraud prevention, analytics)
- Contractual necessity (to provide services to partners)
- Legal obligations (compliance, tax, reporting, recordkeeping)
4. How We Use Information
- Deliver, measure, and optimize digital advertising
- Enable real-time bidding and auction mechanics
- Detect and prevent invalid traffic (IVT) and fraud; ensure brand safety
- Honor and propagate consent signals under IAB TCF
- Provide reporting, insights, and performance analytics
- Operate, maintain, improve, and secure our Services
- Support, billing, account management, and communications
- Comply with laws, audits, and regulatory requests
We may use aggregated or anonymized data that does not identify an individual or device for research and business intelligence.
6. International Transfers
We process data globally, including in the EU, UK, US, and APAC. When transferring personal data from regions with data protection laws (e.g., EEA/UK) to other countries, we implement appropriate safeguards such as Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms to ensure an adequate level of protection.
7. Data Retention
- Ad‑tech log data (requests, bidding, IVT) retained up to 180 days unless law requires longer.
- Business records (contracts, billing, compliance) retained as required by applicable law.
- Aggregated/anonymized datasets may be retained for analytics without time limit.
When data is no longer needed, we securely delete or anonymize it.
9. Your Rights
Depending on your location, you may have rights to access, rectify, delete, restrict, or object to processing of your personal data; request portability; and withdraw consent where processing is based on consent. You may also have the right to lodge a complaint with a supervisory authority.
To exercise rights, contact us at contact@spinx.io. We may request information to verify your identity.
10. Security
We implement administrative, technical, and physical safeguards (including access controls, encryption‑in‑transit, monitoring, and regular reviews) to protect data. No system is perfectly secure; we encourage strong security practices by all partners.
11. Children’s Data
Our Services are not directed to individuals under 18, and we do not knowingly collect data from minors. If you believe we have collected such data, please contact us to request deletion.
12. Compliance & Industry Standards
- IAB Europe Transparency & Consent Framework (TCF): Approved Vendor
- Trustworthy Accountability Group (TAG): Member
- Regulatory Alignment: GDPR/UK GDPR, CCPA/CPRA, Singapore PDPA, and other applicable laws
13. Changes to This Policy
We may update this Privacy Policy to reflect changes in practices, technology, or legal requirements. The date at the top indicates the latest revision. Material changes may be highlighted on this page or communicated directly where appropriate.
14. GDPR Compliance
SpinX Pte Ltd complies with the General Data Protection Regulation (EU) 2016/679 (GDPR). This section outlines your rights and our obligations for data subjects in the EEA and the UK.
Lawful Basis for Processing
- Consent: For specific purposes such as personalized ads where required by law.
- Contractual necessity: To provide our Services to business partners.
- Legal obligation: To comply with applicable laws.
- Legitimate interests: For platform operation, fraud prevention (including IVT detection), analytics, and improvement.
Your GDPR Rights
- Access to your personal data
- Rectification of inaccurate or incomplete data
- Erasure ("right to be forgotten") where applicable
- Restriction of processing in certain circumstances
- Portability of data in a structured, machine‑readable format
- Objection to processing, including for direct marketing
- Withdraw Consent at any time for consent‑based processing
Data Protection Officer (DPO)
Our DPO oversees GDPR compliance. Contact: contact@spinx.io.
Supervisory Authority
You may lodge a complaint with your local data protection authority or consult the European Data Protection Board for contacts.
15. Contact Us
SpinX Pte Ltd531A Upper Cross St, UNIT 04-95 Hong Lim Complex,
Singapore 051531
Email: contact@spinx.io
Website: www.spinx.io
