Taking privacy and web data protection seriously

Krux provides a technology platform designed to help website operators manage and protect consumer data. Our overarching goal is to make digital media less creepy and more productive for consumers, publishers, and advertisers. That's why we take data privacy and data piracy very seriously. This privacy policy governs the Krux website located at www.krux.com (the “Krux Site”) as well as our technology platform (the “Platform”).

Krux is not in the business of setting industry standards, but we do all that we can to advance industry dialogue and improve standards of practice. To that end, we will enable our clients to manage their data in a responsible way and we will empower consumers to better understand what data is collected via the Platform and how it is used.

We are members of the Network Advertising Initiative (“NAI”) and adhere to the 2013 NAI self regulatory code of conduct. We also adhere to the Digital Advertising Alliance (“DAA”) Code of Conduct in the U.S. and EU. In our work, we will seek to maintain alignment with standards established by groups such as the IAB, NAI, DAA, and OPA, and we are members in good standing of the IAB, NAI, and OPA.

Krux Website

The Krux Site is primarily directed to our clients and prospective clients; which are generally businesses. We don’t collect personally identifiable information (“PII”) such as email addresses or telephone numbers from the Krux Site unless it is provided to us. For example, a user may choose to send us an email that contains their PII, or download a white paper in which case we’ll ask for PII such as their name, company name, email and telephone number. Our clients typically provide PII in order to setup an account with us, including their name, home or business address, email address, and/or telephone number.   We use the PII we’re provided to answer questions, send requested information and/or to service our Clients’ accounts. We also collect the same non-personally identifiable information (“Non-PII”) from the Krux Site as we obtain from our Clients via our technology Platform. Non-PII is information that cannot by itself be used to identify a particular person or entity, and may include an IP host address, pages viewed, browser type, Internet browsing and usage habits, Internet Service Provider, domain name, the time/date of a visit to a website, the referring URL and a computer or device’s operating system. We do not enable our technology Platform on the sections of the Krux Site that enables our Clients to login and manage their accounts.

Krux Technology Platform

Krux is an agent working under the direction of our clients (“Clients”), which are generally website owners or operators that use our Platform. We offer a data management Platform that collects Non-PII from Internet users when they visit the website of one of our Clients (the "Client Site"). We may set rules for our Clients regarding how information is collected and used on the Platform, but such data is collected and used subject to the individual privacy policy for each Client.

HTTP Cookies

Krux uses cookies in connection with the Platform, including on the Krux Site and Client Sites. Cookies are small, often encrypted text files, located in browser directories.  All Krux cookies other than the Krux Opt-Out cookie expire automatically if inactive for six (6) months. When a user visits one of our Client Sites, the user is assigned a Krux user ID that is placed into an HTTP cookie which is then placed on that user’s computer or device. 

HTML5 Cookies

Krux uses HTML5 cookies in Connection with the Platform, including on the Krux Site and most Client Sites. An HTML5 cookie is also known as HTML5 Web storage and is an alternative to the commonly used HTTP browser cookie. Krux uses HTML5 cookies as a backup storage mechanism to HTTP cookies; storing both ad targeting data as well as user opt-outs in both HTTP and HTML5 cookies (collectively, our “Cookies”).

Pixel Tags

We also use pixel tags in connection with the Platform, including on the Krux Site and Client Sites. Pixel tags (also known as web beacons) are small strings of html or JavaScript code that provide a method for delivering a graphic image on a Web page or other document. Pixel tags may be used to obtain information about the computer or device being used to view a particular Web page such as the IP address of the computer or device to which the pixel tag is sent, the time it was sent, the computer or device’s operating system and browser type, and similar information.

How we Collect and use Non-PII via our Technology Platform

Krux offers a technology Platform for website operators, and we utilize the Platform when users visit the Krux Site. When a user visits the website of one of our Clients (the "Client Site"), the Client collects and transfers to Krux and/or enables Krux to collect Non-PII related to that user’s visits to their website (our Client’s "Session Data"). This Session Data may include information about how the user came to the Client Site, which search engines they use, the search terms used to find the Client Site, their experience on the Client Site, information about how they interact with the Client Site, demographic information that the Client has collected from that user and other visitors, data from third-party data providers, and information regarding how users interact with advertisements on the Client Site.  Additionally, browsers send certain standard information to every website a user visits, such as an IP address, browser type and language settings, access times, and referring website addresses. This information is collected during visits to each Client Site, including the Krux Site.
We make Session Data accessible only to each individual Client. The Client typically uses this data on our Platform to deliver targeted advertising campaigns both on the Client Site and off their sites. For example, Clients may use the Platform help them to find interested users and deliver ads that attempt bring those users back to the Client’s Site.  The data stored on our Platform may be combined with other third party data in order to better target advertisements and for ad delivery and reporting purposes.

Krux does not directly share Non-PII with either partners or third parties.  Clients may choose to share Non-PII data collected on their site with others at their discretion, and Krux may assist them to share user data collected on those Client Sites. Reporting is done at the aggregate level, with no user level information accessible.

How we use PII, Onward Transfer

We aim to keep PII data off of our Platform whenever possible and do not intentionally collect PII via the Platform. As described above, we may obtain PII when visitors to the Krux Site choose to provide it. For Clients who have setup an account with Krux, we use the PII we have to administer their account. When Clients terminate their accounts, Krux removes their PII from our systems within a reasonable time following such termination, subject to our right to retain (i) copies of transactions between the client and Krux and related payment information, (ii) information relating to any dispute or potential fraud, (iii) any additional information that in Krux discretion, needs to keep to protect our legal rights or the rights of others.

From time to time, Krux engages with partners to perform services on behalf of Krux or other Clients who use our services. For example, we use third parties under contract with Krux ("Contracted Parties") to provide services such as credit card verification and processing, fraud detection and prevention.  In all cases, Contracted Partners are contractually required to maintain the confidentiality of PII and may not use it for purposes other than performing the specific services on Krux's behalf.  Other than such disclosure to Contracted Parties, Krux may also disclose PII is if such disclosure is required for Krux to comply with valid and binding legal requirements, to protect Krux's rights or property (or that of Krux customers), and/or where needed to protect personal safety.  In the event we are required to disclose information in response to legal process or a government request, we will notify affected users to the extent we are legally permitted to do so. Finally, Krux may transfer information, including any PII, to a successor entity in connection with a corporate merger, consolidation, sale of assets, bankruptcy, or other corporate change. If Krux is involved in a merger, acquisition, or sale of all or a portion of its assets, users will be notified via email and/or a prominent notice on the Krux Site of any change in ownership or uses of PII, as well as any choices users may have regarding their PII.

Children, Sensitive Data

In accordance with industry standards and law (e.g., the COPPA regulations in the U.S.), we do not knowingly collect, administer, or enable the commercial use of PII relating to children less than 13 years of age.

Krux does not knowingly collect, use, or store sensitive information on our technology Platform.  Sensitive information ("Sensitive Data") includes certain types of information associated with a specific individual, such as Social Security Numbers or other Government-issued identifiers, financial account numbers, sexual orientation, precise information about an individual's past, present, or potential future health or medical conditions or treatments (such as diabetes, heart attacks, etc.), including genetic, genomic, and family medical history. Sensitive Data also includes information deemed sensitive by a particular jurisdiction. For example, laws of the European Union, Australia and Canada have additional restrictions on the use of Sensitive Data as defined by those jurisdictions. Krux imposes rules around delivering targeted advertisements via our Platform based upon knowledge of precise medical conditions or other Sensitive Data.  Clients may request that Krux collect non-sensitive data for items such as skin care products, diet pills, allergies medications, and cold and flu treatments in order to target advertisements and as otherwise specified by each Client’s privacy policy.

Our Opt-out Choice Mechanisms

Opt-out - Krux offers a one click opt-out solution here for users who wish to opt-out of targeting via the Krux technology Platform.  If you choose to opt-out, Krux deletes any targeting data it may have for your computer or browser, and we will no longer target you using our technology Platform.  You will likely still receive advertisements, but Krux will have no input or impact on those ads.  Please note that if you delete, block, or otherwise restrict cookies, or if you use a different computer or Internet browser, you will need to renew your opt-out choice. Also, because we utilize HTML5 cookies to record your opt-out choice, it may take an additional visit to one of our Clients’ websites for your opt-out choice to go into effect.

Do Not Track - Some web browsers offer a mechanism, known as a "Do Not Track" ("DNT"), that allows a user to elect to stop the collection of certain browsing data by websites and technology companies. Currently, the standards regarding the DNT signals and appropriate responses are not defined.  As a result, Krux is experimenting with DNT and may place an opt-out cookie on computers or other devices when we see a valid DNT signal.

Delete PII – While we don’t knowingly obtain PII via our technology Platform, if you’ve provided Krux with PII via the Website (e.g., by sending us an email or by registering with Krux as a Client), Krux provides the ability for users to obtain and correct or request destruction of any PII relating to them maintained by Krux by sending an email to privacy@krux.com or by contacting us at the address noted below. We will answer these requests in a reasonable time. We will also allow users to control the delivery of promotional emails from Krux.

Data Retention

We do not use any Session Data that is more than six (6) months old for user profiling or targeting.  The source data used to inform user profiling or targeting is stored by Krux for six (6) months, after which time we remove any user identifiers and store the data for up to 5 years.

Security / Integrity

We take commercially reasonable efforts to maintain security protections in accordance with industry "best practices" to protect data we collect from loss, alteration, destruction, misuse and unauthorized access or disclosure. We maintain strict control and physical security of the facilities used to store data and only allow access to authorized personnel.  We restrict access to data to those employees, contractors and agents that have a need to know the information in order to provide and support our services. All Krux employees are bound by confidentiality obligations and may be subject to disciplinary or legal action if they fail to meet these responsibilities.

We process information in a way that is compatible with and relevant for the purpose for which it was collected. To the extent necessary for those purposes, we take reasonable steps to ensure that any information in our care is accurate, complete, current and reliable for its intended use.

Residents of the European Union or Switzerland

Krux complies with the US-EU Safe Harbor Framework and US-Swiss Safe Harbor Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland.  Krux has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement.  To learn more about the Safe Harbor program, and to view our certification page, please visit http://www.export.gov/safeharbor/

In compliance with the US-EU and US-Swiss Safe Harbor Principles, Krux commits to resolve complaints about your privacy and our collection or use of your personal information.  European Union or Swiss citizens with inquiries or complaints regarding this privacy policy should first contact Krux via: email at: privacy@kruxdigital.com or postal mail at 181 South Park, #2, San Francisco, CA 94107.

Krux has further committed to refer unresolved privacy complaints under the US-EU and US-Swiss Safe Harbor Principles to an independent dispute resolution mechanism, the BBB EU SAFE HARBOR, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by Krux, please visit the BBB EU SAFE HARBOR web site here for more information and to file a complaint.

Changes and questions

From time to time, we may update this privacy policy to reflect changes in industry standards or evolving legal requirements when necessary and all changes will comply with regulatory, legal, and industry standards. Please review this privacy policy from time to time to remain informed regarding how Krux is protecting your information.

If you have any questions regarding this privacy policy, or if you would like additional information, please contact us at privacy@krux.com, or via mail to 181 South Park, #2, San Francisco, CA 94107.

Last Updated: October 2, 2014