Privacy Policy

Effective date: April 19, 2026

1. Introduction

Big Crunch Inc. ("Company," "we," "us," or "our") provides a platform that enables website publishers ("Publishers") to manage their monetization through header bidding, leveraging Prebid technology, and gain insights through comprehensive revenue analytics. We are committed to protecting the privacy of our users and their site visitors ("End Users"). This Privacy Policy outlines how we collect, use, disclose, and safeguard information in connection with our services.

2. Information We Collect

We collect the following types of information:

(a) Information from Publishers:

  • Account Information: Name, email address, company name, billing details, and login credentials.
  • Website Data: URLs of websites using our services, domain metadata, and configuration settings related to header bidding.

(b) Information from End Users (via Publishers' Websites):

  • Device and Browser Information: IP address, user agent, device type, operating system, browser type, and screen resolution.
  • Advertising Data: Ad impressions, clicks, bid responses, and related analytics.
  • Cookies and Tracking Technologies: We and our partners use cookies and similar technologies to facilitate header bidding and improve ad performance.

3. How We Use Information

We use collected information for the following purposes:

  • Providing and maintaining our platform and services.
  • Optimizing ad auctions and improving revenue analytics.
  • Personalizing ad experiences for End Users where applicable.
  • Ensuring compliance with applicable laws and industry standards.
  • Preventing fraud, ensuring security, and troubleshooting technical issues.
  • Communicating with Publishers regarding their accounts and services.

Legal Bases for Processing (GDPR)

Where the GDPR applies, we rely on the following legal bases under Article 6 of the GDPR:

  • Performance of a contract (Art. 6(1)(b)) — for Publisher account management, service delivery, billing, and support.
  • Legitimate interests (Art. 6(1)(f)) — for platform security, fraud prevention, debugging, aggregate analytics, and improving our services, balanced against the rights and freedoms of data subjects.
  • Consent (Art. 6(1)(a)) — for personalized advertising and for the storage of, or access to, information on End Users' devices under Article 5(3) of the ePrivacy Directive. Consent is collected by the Publisher through its Consent Management Platform (CMP) and may be withdrawn by the End User at any time; see Section 7.
  • Legal obligation (Art. 6(1)(c)) — where disclosure, preservation, or reporting of data is required by applicable law.

4. Data Sharing and Disclosure

We may share information in the following circumstances:

  • With Demand Partners: We share bid request data with demand-side platforms (DSPs), ad exchanges, and advertisers participating in the header bidding process.
  • With Service Providers: We engage third-party vendors to assist in data processing, analytics, and fraud prevention.
  • For Legal Compliance: We may disclose information if required by law, regulatory request, or to protect our legal interests.
  • In Business Transfers: In the event of a merger, acquisition, or asset sale, user information may be transferred.

5. Cookies and Tracking Technologies

Our platform and demand partners use cookies, pixels, and other tracking mechanisms to facilitate targeted advertising and measure ad performance. Publishers can configure cookie settings through their website policies, and End Users may opt out of certain tracking mechanisms through industry opt-out tools (e.g., the Network Advertising Initiative (NAI) and Digital Advertising Alliance (DAA) opt-out programs).

6. Data Retention

We retain Publisher account data for the duration of the Publisher's contractual relationship with us and for a reasonable period thereafter to satisfy legal, tax, accounting, and audit obligations. End User data collected for advertising and analytics purposes is retained only for as long as necessary to fulfil the original processing purpose, in line with applicable law and industry standards for ad-tech. Aggregated or anonymized data that cannot be used to identify an individual may be retained for longer to inform service improvements. The specific retention period applicable to a given category of data is determined by reference to the nature of the data, the purpose of processing, contractual commitments with the Publisher, and applicable legal retention requirements; further detail is available on request to the contact in Section 13.

7. End User Rights, Choices, and Automated Decision-Making

End Users can manage their advertising preferences through browser and device settings, through opt-out mechanisms provided by advertising industry bodies (e.g., NAI and DAA), and through the Consent Management Platform (CMP) on the Publisher's website.

Subject to applicable law — and in particular the GDPR where it applies — End Users have the following rights in relation to their personal data:

  • Right of access to their personal data (Art. 15 GDPR).
  • Right to rectification of inaccurate data (Art. 16).
  • Right to erasure, also known as the "right to be forgotten" (Art. 17).
  • Right to restriction of processing (Art. 18).
  • Right to data portability (Art. 20).
  • Right to object to processing, including to direct marketing and to processing based on legitimate interests (Art. 21).
  • Right not to be subject to a decision based solely on automated processing, including profiling, that produces legal or similarly significant effects (Art. 22).
  • Right to withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing prior to withdrawal (Art. 7(3)).
  • Right to lodge a complaint with a supervisory authority — for End Users in the EU/EEA, typically the data protection authority in the country of residence or alleged infringement (Art. 77).

Because End User data is typically collected on, and controlled by, the Publisher's website, rights requests should generally be directed first to the Publisher whose website the End User visited. Where Big Crunch acts as a controller of End User data, requests may be sent using the contact details in Section 13, and we will respond within the timeframes required by applicable law (typically one month under the GDPR, subject to extension where permitted).

Automated decision-making and profiling. Ad selection in the header-bidding process relies on automated processing and, in some cases, profiling within the meaning of Article 4(4) of the GDPR, for the purpose of selecting and measuring advertising. These operations do not produce legal or similarly significant effects on End Users within the meaning of Article 22 of the GDPR. End Users may object to, or withdraw consent for, personalized advertising at any time through the Publisher's CMP or through the industry opt-out mechanisms described above.

8. Security Measures

We implement industry-standard security measures to protect information from unauthorized access, disclosure, or misuse. However, no system can be completely secure, and we encourage Publishers to adopt security best practices.

9. Children's Privacy

Our services are not intended for children under 18 (or other age thresholds as defined by applicable laws). We do not knowingly collect personal information from children.

10. International Data Transfers

If information is transferred outside of the European Economic Area (EEA) or other jurisdictions with data protection laws, we implement appropriate safeguards such as Standard Contractual Clauses (SCCs) or rely on Privacy Shield frameworks where applicable.

11. Privacy and Data Protection Compliance Program

Big Crunch maintains a documented privacy and data protection compliance program covering the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and the ePrivacy Directive (Directive 2002/58/EC, as amended and as implemented in national law). The program addresses internal policies and staff training, records of processing and lawful-basis assessments, data protection impact assessments, privacy by design, handling of data-subject rights requests, personal-data breach response, vendor and sub-processor oversight through written data processing agreements, international-transfer safeguards, and consent requirements for cookies and similar technologies.

Big Crunch provides Publishers with Consent Management Platform (CMP) tooling that implements the technical specifications of the IAB Europe Transparency and Consent Framework (TCF), including generation of the Transparency and Consent (TC) String, so that consent and legitimate-interest signals collected by Publishers can be transmitted to participating vendors in the advertising supply chain. Big Crunch has applied to IAB Europe for CMP registration and is currently in the certification process. Pending confirmation of registration and assignment of a CMP ID, Framework attestation obligations — including publication of a CMP ID — rest with the Publisher or other registered entity that deploys the CMP. This Privacy Policy will be updated with Big Crunch's CMP ID and a formal participation attestation once IAB Europe has confirmed registration. A designated privacy contact oversees the program and responds to inquiries; see Section 13.

12. Changes to this Privacy Policy

We may update this Privacy Policy periodically. Any changes will be posted with an updated effective date. Material changes will be communicated to Publishers through appropriate channels.

13. Contact Information

For any questions about this Privacy Policy or our data practices, please contact us at:

Big Crunch Inc.

1140 Wall St. #212, La Jolla, CA 92037

Email: advertising@bigcrunch.com

This Privacy Policy is designed to be compliant with applicable privacy laws, including the General Data Protection Regulation (GDPR), the ePrivacy Directive (Directive 2002/58/EC), the California Consumer Privacy Act (CCPA), and industry best practices for ad tech privacy compliance.