Privacy Policy

Last updated: August 27, 2025

Applies to: https://www.gtaroads.com/ and related sub‑pages (the “Site”) and to the advertising services provided by GTaro Ads (together, the “Services”).

• This policy explains how we collect, use, disclose, and protect personal data of (i) visitors to our Site, (ii) our business customers and partners who use the Services as Publishers and Advertisers, and (iii) end users who view or interact with ads delivered through our technology on third‑party properties ("End Users").

If anything here conflicts with a contract you have with us, the contract controls.

Who we are

GTaro Ads ("GTaro", "we", "us", "our") operates a global advertising network offering formats including Popunder/Clickunder, Smartlink, Native, Push and Banner.
Privacy contact: [email protected]

Roles under data‑protection laws

• Site Visitors & Business Contacts (Publishers/Advertisers): GTaro acts as a data controller.
• End Users (ad delivery, measurement, fraud prevention): Depending on integration, GTaro acts as a processor for the relevant Publisher/Advertiser or as a joint controller together with partners participating in programmatic auctions (e.g., SSPs/DSPs/exchanges). Where applicable, we honor consent signals from a CMP compliant with IAB Europe TCF 2.2.

If you are a Publisher, you are responsible for providing End Users with appropriate transparency and, where required, obtaining valid consent for the use of cookies or other identifiers and for personalized ads.

Information we collect

1) From Site Visitors and Business Contacts

• Account & contact data: name, employer, role, email, phone, messaging handles, password (hashed), communication preferences.
• Transactional & verification data: billing details, payment identifiers (e.g., bank/IBAN or crypto wallet address), tax IDs, KYC/AML documentation where required by law. Support content: messages, tickets, feedback, and metadata.
• Usage & device data: IP address, approximate location (country/region/city), user‑agent, device type, language, referrer/UTM, pages viewed, time‑on‑page, and interactions. Cookies and similar tech: see Cookies & similar technologies below.

2) From End Users through our ad technology

• Online identifiers: cookie IDs; mobile advertising IDs (e.g., IDFA/GAID); pseudonymous IDs associated with clicks, impressions, installs or conversions; hashed emails or other identifiers when provided by partners under contract.
• Internet activity & device info: IP address; approximate geolocation derived from IP; user‑agent; device type and OS; browser characteristics; screen resolution; language; network; connection speed; timestamps; page URLs and referrers; app bundle/package name; event logs (impression, click, conversion).
• Ad‑tech signals: bid requests/responses, auction metadata, frequency‑cap tokens, viewability and performance metrics, attribution and post‑back data, supply path identifiers, and parameters such as subID , clickID , or campaignID.
• Fraud & security signals: invalid‑traffic indicators, sandbox/automation markers, coarse fingerprinting for security (e.g., IP, UA, time zone); we do not use fingerprinting for ad targeting. Push notifications: where enabled, subscription tokens/keys tied to a browser/device (no access to the device address book or SMS).
• Smartlink flows: redirect/click paths, referring source or placement ID, offer selection and performance metrics.

We do not intentionally collect information that directly identifies End Users (such as full names or precise GPS). We do not knowingly collect or solicit data from children; see Children’s privacy.

How we use the information

For Site Visitors & Business Contacts (Controller)

• Provide, operate, and secure the Site and dashboards.
• Create and manage accounts; verify identity and eligibility; process payments; provide support.
• Send service messages, updates, and—where permitted—marketing communications.
• Analyze usage to improve features, quality, and security; debug issues; prevent fraud and abuse.
• Comply with legal obligations (tax, accounting, AML/KYC, sanctions screening).

For End Users via our ad tech (Processor/Joint Controller)

• Ad delivery & optimization: select, serve, cap, sequence, and measure ads; tailor content to context and/or consented preferences.
• Attribution & analytics: measure performance of campaigns and placements; prevent duplicate counting; improve traffic quality.
• Fraud prevention & security: detect invalid traffic, bots, domain/app spoofing, and policy violations; enforce network rules.
• Programmatic trading: evaluate bid requests, conduct auctions, route traffic, and sync identifiers with contracted partners subject to applicable law and consent signals.

Cookies & similar technologies

We and our partners use cookies, local storage, SDKs, pixels, and similar technologies to: - remember settings and authenticate sessions;

• - measure Site and campaign performance;
• - deliver, cap, and sequence ads;
• - detect fraud and ensure security.

You can manage preferences via our Cookie Settings (link in footer) and through your browser or device controls. In the EEA/UK/CH we respect consent choices signaled by a TCF‑compliant CMP where present.

Sharing and disclosure

We share data only as described below: - Service providers / processors: hosting, analytics, anti‑fraud/ brand‑safety, security, customer support, email/SMS, payment/KYC, and cloud infrastructure.

- Ad‑tech partners: SSPs, DSPs, exchanges, measurement and attribution providers, programmatic bidders, and supply/path partners—limited to what’s needed for auctions, delivery, measurement, and fraud prevention, and honoring consent/legal bases.
- Corporate transactions: mergers, acquisitions, financing, or asset sales, subject to confidentiality and, where required, notice.
- Legal compliance: to courts, regulators, or law‑enforcement where we believe disclosure is required by applicable law or to protect rights, safety, or the integrity of the network.
- With your direction: for example, when you link a wallet, request a payout, or connect a third‑party account.

We do not sell customer contact data. In some jurisdictions, certain ad‑tech disclosures of End User identifiers may be considered a “sale” or “sharing” for cross‑context behavioral advertising; see Your privacy rights.

International data transfers

We operate globally and may transfer data to countries other than your own, including outside the EEA/ UK/Switzerland. Where we do, we use appropriate safeguards such as EU Standard Contractual Clauses (SCCs) or the UK IDTA/Addendum, and additional measures where necessary. Copies of relevant safeguards are available upon request.

Data retention

• Site accounts & business records: for the life of the account and up to 7–10 years thereafter as required for tax/accounting and fraud‑prevention.
• Ad‑tech event logs (impressions/clicks/conversions, bid requests): typically retained for up to 24 months unless a shorter/longer period is required by law, security, or contractual obligations.
• Security & fraud logs: up to 36 months where needed to protect the network.
• Cookies/IDs: per their expiry or your settings; aggregated analytics may be kept without time limit.

We delete or anonymize data when retention is no longer necessary.

Your privacy rights

Your rights depend on your location. Subject to legal limitations, you may have the right to access, correct, delete, restrict or object to processing, and to data portability. You can exercise rights by emailing [email protected]. We will verify your request and respond within the time required by law.

Marketing communications

You can unsubscribe from marketing emails at any time via the link in the email or by contacting us. Service and transactional messages will still be sent as needed.

Security

We implement administrative, technical, and physical safeguards designed to protect personal data— including encryption in transit, access controls, network segmentation, and logging. No system is 100% secure; please notify us immediately at [email protected] if you believe your account or data has been compromised.

Children’s privacy

Our Services are not directed to children, and we do not knowingly collect personal data from children under the age required by local law (13 in the US; 16 in the EEA/UK unless lower age of consent applies). Publishers must not send us traffic from child‑directed properties under COPPA or similar laws.

Publisher & Advertiser responsibilities

• Provide clear privacy disclosures to End Users and obtain all legally required consents for cookies/identifiers and personalized advertising.
• Pass consent strings and signals in accordance with applicable frameworks (e.g., IAB Europe TCF 2.2).
• Avoid transmitting sensitive data or data from child‑directed properties.
• Comply with all applicable laws, network policies, and your agreements with GTaro.

Third‑party links and services

The Site and dashboards may link to third‑party websites, SDKs, or services. Their privacy practices are governed by their own policies, not ours.

Changes to this policy

We may update this policy from time to time. The “Last updated” date shows the latest revision. Material changes will be signposted on the Site and, where appropriate, notified to account holders.

Contact us

If you have questions or wish to exercise your rights, contact us at:
Email: [email protected].