- Entity
- TrustX Digital Advertising Services, Inc. PBC
- Framework
- IAB Europe Transparency and Consent Framework (TCF)
- Privacy Policy
- https://trustx.org/privacy
- Device Storage
- https://trustx.org/devicestorage.json
1. Introduction and Scope of Processing
TRUSTX operates a premium, cooperative programmatic advertising exchange. As a privacy-first technology provider, we strictly adhere to the General Data Protection Regulation (GDPR) and the IAB Europe Transparency and Consent Framework (TCF) Specifications and Policies.
To facilitate a secure and transparent digital advertising ecosystem, TRUSTX processes pseudonymized data. Under Article 6(1)(f) of the GDPR, processing is lawful if it is necessary for the purposes of the legitimate interests pursued by the controller or a third party, provided those interests are not overridden by the fundamental rights and freedoms of the data subject.
While TRUSTX relies exclusively on explicit Consent as the sole legal basis for storing and/or accessing information on a device (Purpose 1), as well as creating and using profiles for personalized advertising (Purposes 3 and 4), we formally establish Legitimate Interest for specific operational and analytical purposes outlined below.
Note: TRUSTX explicitly excludes and does not process data for Purposes 5, 6, 8, and 11.
2. Standard Purposes Pursued Under Legitimate Interest
TRUSTX has conducted and documented rigorous Legitimate Interest Assessments (LIAs) for the following standard TCF Purposes. We ensure data minimization, pseudonymization, and strict adherence to the following automated data retention limits:
Purpose 2: Use limited data to select advertising
Legal Basis Declaration: Flexible (Consent as the default basis, supported by Legitimate Interest where applicable by publisher configuration).
Commercial Interest: Utilizing non-precise data (e.g., general location, device characteristics) to select contextual or non-personalized advertisements ensures that digital publishers can sustainably monetize their content without relying on invasive behavioral profiling.
Maximum Data Retention: 90 Days.
Purpose 7: Measure advertising performance
Legal Basis Declaration: Legitimate Interest as sole legal basis.
Commercial Interest: Advertisers and publishers require empirical verification that media transactions were executed accurately. Our processing verifies ad viewability, successful payload delivery, and interaction metrics to facilitate accurate financial reconciliation and billing integrity.
Maximum Data Retention: 90 Days.
Purpose 9: Understand audiences through statistics
Legal Basis Declaration: Legitimate Interest as sole legal basis.
Commercial Interest: Aggregating macro-level, non-identifiable engagement statistics provides the supply chain with market intelligence necessary to optimize generalized content distribution and campaign strategy.
Maximum Data Retention: 90 Days.
Purpose 10: Develop and improve services
Legal Basis Declaration: Legitimate Interest as sole legal basis.
Commercial Interest: Continuous analysis of bid stream trends is required to iterate upon marketplace algorithms, enhance routing efficiencies, reduce network latency, and develop future privacy-safe advertising technologies.
Maximum Data Retention: 90 Days.
3. Special Purposes Under Legitimate Interest
To maintain the functional operability and security of the open web, TRUSTX processes data for the following Special Purposes. Consistent with IAB TCF policy, the right to object (opt-out) is not applicable to these critical security and delivery functions.
Special Purpose 1: Ensure security, prevent and detect fraud, and fix errors
Security Interest: Real-time monitoring of the bid stream is mandatory to defend our infrastructure and our partners against invalid traffic (IVT), non-human bot farms, malicious activity, and system-level failures.
Maximum Data Retention: 87 Days.
Special Purpose 2: Deliver and present advertising and content
Operational Interest:The foundational technical transmission of the requested creative payload across the network to a user’s browser or mobile application.
Maximum Data Retention: 90 Days.
Special Purpose 3: Save and communicate privacy choices
Compliance Interest: Ingesting, parsing, and communicating the IAB TCF TC String ensures that user privacy preferences and consent signals are strictly honored and passed accurately through the programmatic supply chain.
Maximum Data Retention: 90 Days.
4. Processed Data Categories and Technical Safeguards
To fulfill the purposes listed above, TRUSTX engineers its systems around strict data minimization principles.
Authorized Data Categories
Our systems are authorized to process only the following specific data categories: IP addresses, Device identifiers, Authentication-derived identifiers, Privacy choices, Device characteristics, Browsing and interaction data, Non-precise location data, and User profiles (strictly limited to instances where prior Consent is secured under Purposes 3 and 4).
Excluded Data Practices
TRUSTX explicitly prohibits the ingestion or processing of user-provided data, precise geolocation data, and probabilistic identifiers. Furthermore, we do not utilize cross-device linking, automated device identification matching, or precise geolocation Special Features.
Device Storage and Network Transmission Controls
When storing or accessing authorized identifiers on a user’s device, TRUSTX enforces stringent technical limitations to protect user privacy:
- Cookie Expiration: The maximum age for any cookie set by our exchange is strictly capped at 15,778,476 seconds (approximately 6 months). Our systems support cookie refresh protocols within this authorized window.
- Non-Cookie Storage: We utilize secondary secure storage methods, such as localStorage and mobile advertising IDs, fully detailed in our publicly accessible device storage disclosure (https://trustx.org/devicestorage.json).
- Payload Minimization: To limit the volume of data transmitted across the network, TRUSTX restricts HTTP GET request limits to a strict 128k threshold.
5. Exercising Your Right to Object
In compliance with the GDPR, users possess the fundamental right to object to the processing of their personal data under Legitimate Interest for standard TCF Purposes (Purposes 2, 7, 9, and 10).
Users may exercise this right seamlessly without needing to contact TRUSTX directly. To object:
- Access the Privacy Settings, Cookie Preferences, or Consent Banner on the publisher website or application you are visiting.
- Navigate to the Vendor List or Partners section.
- Locate TRUSTX.
- Switch the Legitimate Interest toggle to the OFF position.
The Consent Management Platform (CMP) will immediately encode this objection into the TCF TC String. The TRUSTX marketplace evaluates this string in real-time on every transaction and will instantly halt the processing of your data for the objected purpose.
For inquiries concerning our Legitimate Interest Assessments, retention protocols, or broader privacy framework, please direct communications to the TRUSTX Privacy Office at [email protected].