Taking privacy and web data protection seriously

Krux delivers technology to help website operators and users manage and protect consumer data. Our overarching goal is to make digital media less creepy and more productive for consumers, publishers, and advertisers. That's why we take data privacy and data piracy very seriously.

There are many practices on the web today that, while not illegal, are unethical and inappropriate. Two of the more egregious examples include the distribution of spyware or malware, and the emerging practice of reaching into a user's browser during a website visit to read and record past web surfing habits. Serious questions can also be raised about the increasing number of third parties who are skimming or stealing audience data from a website through rogue cookie and pixel activities.

We make Publishers (defined below) and other website operators aware of uninvited, unauthorized entities who are skimming data from their sites, and we give them tools to mitigate and control such data flow within the technical limitations induced by existing internet protocols and standards.
We use data collected via our technology to enhance our products, improve the performance and security of our systems and our customer’s systems, and support our customers' business needs within the bounds established by this privacy framework.

Krux is not in the business of setting industry standards, but we do all that we can to advance industry dialogue and improve standards of practice. To that end we will enable our clients to manage their data in a responsible way; we will empower consumers to determine what data is collected and how it is used; and we will expose inappropriate or unethical practices in data collection and ad targeting whenever we discover them. Through our technology, we will expose bad actors and their actions, educating the industry and consumers on the impact of any unethical, inappropriate, or illegal activities we discover.

In all of our work, we will seek to maintain alignment with standards established by groups such as the IAB, NAI, DAA, and OPA, and we are members in good standing of the IAB, NAI, and OPA.  When we feel industry standards fall short, we will take all reasonable steps to ensure that our customers and consumers receive greater protection. Above all, our priorities are to advance the interests of publishers and consumers and to expose and correct bad data practices. By doing so, we will enable the industry to become a more responsible steward of audience data.

How data is collected on the Internet

Cookies: Most websites use a small computer file known as a "cookie" to help provide many services and improve the user experience.  A cookie is a small unique randomly generated text file sent by a website's server to be stored on the user's web-enabled device that is returned unchanged by the user's device to the server on subsequent interactions. The cookie enables the website domain to associate data with that device and distinguish requests from different devices.  Examples of the use of cookies would be to associate a set of website viewer preferences with a device or user (without identifying the user), such as a language preference or other user configurable options.

Should I disable or delete cookies?

Users have the ability to accept or decline cookies.  Currently, there are five ways to disable or delete the cookies stored by your Internet browser.  Each browser is different in its user interface and may handle cookies slightly differently, so you may need to refer to your help or FAQ file to determine how to delete or disable cookies in your browser. You may set the browser to (i) delete all cookies manually; (ii) refuse all cookies for all website visits; (iii) refuse all third party cookies (all cookies from other than the website being visited); (iv) use an "Opt-Out" mechanism; or (v) require your approval to accept cookies (please note that refusing all third party cookies is not the same as using an Opt-Out mechanism).  If you delete or refuse cookies you will find that many websites do not function as well as they did when using cookies. For example, websites where you have an account may not recognize your browser and it may take additional steps to login and reach the desired portion of the website. If you require permission to accept cookies, you may find the number of requests is so high as to make this impractical. If you accept cookies, you will be able to later delete the cookies. Please refer to information provided by your browser and follow the instructions regarding deleting cookies.

Current web browsers that conform with industry standards contain a mechanism, known as a "Do Not Track" ("DNT"), that allows a user to elect to opt-out of the collection of certain browsing data by websites.  As a user, you may elect to employ the DNT option if it is supported by your browser.  The Krux platform recognizes these DNT signals from consumer browsers.  Further, Krux offers a one click opt-out solution here for users who have not made a DNT election but who wish to opt-out of any tracking and targeting by Krux.  When you out-out or activate the DNT, Krux deletes any user data it may have for you, and will no longer target you using our technology.  You will likely still receive advertisements, but Krux will have no input or impact on those ads.  You must repeat the opt-out or DNT on all browsers on all computers, or if you delete cookies.  To find out more about third-party online advertising and to opt out of this type of advertising, visit the Network Advertising Initiative website or http://www.aboutads.info

About pixel tags: Pixel tags (also known as beacons) are small strings of html or JavaScript code that provide a method for delivering a graphic image on a Web page or other document. Pixel tags allow the operator of the Web page or other document, or a third party who serves the pixel tag, to set, read, and modify the Krux Digital targeting cookies. Pixel tags may also be used to obtain information about the computer being used to view that Web page such as the IP address of the computer to which the pixel tag is sent, the time it was sent, the user's operating system and browser type, and similar information.  No personally identifiable information is collected through the use of pixel tags.


Security

We take commercially reasonable efforts to maintain security protections in accordance with industry "best practices" to protect data we collect from loss, alteration, destruction, misuse and unauthorized access or disclosure. We maintain strict control and physical security of the facilities used to store data and only allow access to authorized personnel.  We restrict access to data to those employees, contractors and agents that have a need to know the information in order to provide and support our services. All Krux employees are bound by confidentiality obligations and may be subject to disciplinary or legal action if they fail to meet these responsibilities.

We process information in data centers located in the United States and the European Union, and to facilitate our operations, we may transfer data between locations and across international boundaries. You understand and agree to this transfer and our compliance with the laws of the country(ies) in which the data center(s) is/are located.

Krux Privacy Policy

Krux is an agent on behalf of our clients.  We will not, and will not enable website owners or operators that use our technology ("Publishers") to, use our technology to associate or link any personally identifiable information (defined below) ("PII") to any cookies or non-personally identifiable information ("non-PII").  We will actively work to prevent our Publishers from engaging in any activity that results in linking PII to non-PII.  Krux shares data in the aggregate only. 

Cookies

We do not use cookies on our own site for any other purpose than to enable consumers to opt in or out of our privacy framework and to collect Krux Session Data (defined below).  All Krux cookies other than the Krux Opt-Out cookie expire automatically if inactive for six (6) months. We may store user level data for up to six (6) months, after which the data is aggregated and may be used for analytics purposes. Collected user data is saved on our servers, not the cookies themselves, and when a cookie expires the user data is deleted from our servers. On subsequent visits to the site, the user is treated as a new user.  If the user visits one of our Publisher's pages they will be assigned an internal user ID and we will begin collecting Krux Session Data on them again.  Users who Opt-Out of Krux data collection receive an Opt-Out cookie which prevents Krux from collecting any data for fives years, at which point the cookie will expire. When the Opt-Out cookie expires, the user will then be treated as a new user. 

When you visit the Krux website (the "Krux Site"), you may be explicitly asked to provide some information about yourself in order for us to provide you services that you request ("Account Data"). This may include your name, home or business address, e-mail address, and/or telephone number, all of which is considered PII.   You can choose to provide this information to us by entering it into the Krux Site when requested.  We can only obtain this information from you if you choose to enter it into the Krux Site, and we will only use it to communicate with you and provide you, directly and through third parties, the services you requested.  However, if you do not provide such information, we will be unable to provide some or all of the services you requested.

When you navigate to the Krux website, we will also collect non-PII related to your visit to the Krux Site ("Krux Session Data").   When you navigate to a Publisher website (the "Publisher Site"), the Publisher may also collect and transfer to Krux certain non-PII related to your visit to their website ("Publisher Session Data"). This Session Data may include information about how you came to the Publisher Site, which search engines you use, the search terms used to find the Publisher Site, your experience on the Publisher Krux Site, information about how you interact with the Publisher's Site, and information with how you interact with advertisements on the page.  We make this data is accessible only for the Publisher. The Publisher may use this data to enhance their advertising campaigns to ensure better ads are served to the user or to find interested users and bring them back to the site.  The Publisher may improve user experience by using the data to personalize the site's content.  This is done through user segments which made be made accessible outside the Publisher.  Additionally, your browser sends certain standard information to every website you visit, such as your IP address, browser type and language, access times, and referring Web site addresses is collected by Krux during visits to the Krux Site and by the Publisher during visits to the Publisher Site.  The data Krux collects may be combined with other 3rd party data in order to better target advertisements.

Krux does not collect, use, or store highly sensitive information ("Sensitive Data") or PII.  Highly sensitive information ("Sensitive Data") includes certain types of information associated with a specific individual, such as Social Security Numbers or other Government-issued identifiers, financial account numbers, sexual orientation, precise information about an individual's past, present, or potential future health or medical conditions or treatments (such as diabetes, heart attacks, etc), including genetic, genomic, and family medical history.  Krux's clients therefore cannot target advertisements to precise medical conditions or other Sensitive Data.  Publishers may request that Krux collect non-sensitive data for items such as skin care products, diet pills, allergies medications, and cold and flu treatments, in order to target advertisements.  Krux does not make further decisions on what data to collect, and will advise clients as to what data should not be collected or used.

How we use non-PII

Krux uses the Krux Session Data and the Publisher Session Data to operate and enhance the Krux Site, the Publisher Site (in accordance with the Publisher's request), and to facilitate Krux services.  We do not use any Krux or Publisher Session Data that is more than six (6) months for user profiling or targeting.  The source data used to inform user profiling or targeting is stored by Krux for six (6) months, after which time it is purged.  Non-PII may be stored and processed in the U.S. or any other country where Krux or its service providers, or its or their affiliates, conduct business. Krux does not share an individual's PII or non-PII with either partners or third-parties.  Publishers may choose to share non-PII data collected on their site with others at their discretion, and Krux may assist them to share user data collected on those Publisher's sites. All reporting is done at the aggregate level, with no individually discernable information accessible.

How we use PII

We aim to keep PII data off of our platform whenever possible. If we are required to host PII data, we will do so only at the specific request of the Publishers or consumers from whom it originates and will protect that data in accordance with all applicable state and federal laws and this Privacy Policy.  If you terminate your account, we will remove your PII from our systems within a reasonable time following such termination, subject to our right to retain (i) copies of transactions between you and Krux and related payment information, and (ii) information relating to any dispute or potential fraud.

Krux does not share PII without the user's permission. If we discover that a Publisher is using or sharing PII without the user's permission, or not complying with their Privacy Policy, we will immediately alert the Publisher. If the Publisher does not take aggressive, feasible steps to remedy the infraction within 15 days, we will terminate the Publishers use of our services and sever our contractual relationship. From time to time, Krux engages with partners to perform services on behalf of Krux or other publishers who use our services. For example, we use third parties under contract with Krux ("Contracted Parties") to provide services such as credit card verification and processing, fraud detection and prevention.  In all cases, Contracted Partners are contractually required to maintain the confidentiality of PII and may not use it for purposes other than performing the specific services on Krux's behalf.  Other than such disclosure to Contracted Parties, Krux may also disclose PII is if such disclosure is required for Krux to comply with valid and binding legal requirements, to protect Krux's rights or property (or that of Krux customers), and/or where needed to protect personal safety.  In the event we are required to disclose personal information in response to legal process or a government request, we will notify you to the extent we are legally permitted to do so.
In accordance with industry standards and the COPPA regulations, we do not knowingly collect, administer, or enable the commercial use of PII relating to children less than 13 years of age.

Krux will provide the ability for users to (i) obtain and correct or request destruction of any PII relating to them maintained by Krux by sending an email to privacy@krux.com or by contacting us at the address noted below, (ii) control the delivery of promotional emails from Krux, (iii) "opt out" from receiving cookies (other than an "Opt-Out" cookie) from the Krux Site through the Krux "opt-out mechanism" located here and displayed on our site, and (iv) opt-out of any behavioral targeting or tracking through the use of your browser's DNT feature.

Residents of the European Union or Switzerland
Krux complies with the US-EU Safe Harbor Framework and US-Swiss Safe Harbor Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland.  Krux has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement.  To learn more about the Safe Harbor program, and to view our certification page, please visit http://www.export.gov/safeharbor/

In compliance with the US-EU and US-Swiss Safe Harbor Principles, Krux commits to resolve complaints about your privacy and our collection or use of your personal information.  European Union or Swiss citizens with inquiries or complaints regarding this privacy policy should first contact Krux via: email at: privacy@kruxdigital.com or postal mail at 181 South Park, #2, San Francisco, CA 94107.

Krux has further committed to refer unresolved privacy complaints under the US-EU and US-Swiss Safe Harbor Principles to an independent dispute resolution mechanism, the BBB EU SAFE HARBOR, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by Krux, please visit the BBB EU SAFE HARBOR web site here for more information and to file a complaint.

Changes and questions

From time to time, we may update this privacy policy to reflect changes in industry standards or evolving legal requirements when necessary and all changes will comply with regulatory, legal, and industry standards. Please review this privacy policy from time to time to remain informed regarding how Krux is protecting your information.

If you have any questions regarding this privacy policy, or if you would like additional information, please contact us at privacy@krux.com, or via mail to 181 South Park, #2, San Francisco, CA 94107.

Last Updated: May 28, 2013