Privacy Policy

Last updated: 02/03/2026

ABOUT US

In this policy, the terms “we,” “our,” or “us” refer to PUBSTACK, a simplified joint-stock company with a share capital of €26,581.44, registered with the Trade and Companies Register of Tours under number 833 735 103, with its registered office located at 86 rue de la Chanterie, 37540 Saint-Cyr-sur-Loire, France.

We specialize in advertising performance measurement and support website and app publishers in optimizing the sale of their advertising inventories through our range of products: Monetization Manager and Spark.

PUBSTACK is designed for professional use and is therefore exclusively intended for business users acting within the scope of their commercial activity.

ABOUT THIS POLICY 

This privacy policy aims to outline PUBSTACK’s commitments regarding the protection of the personal data of Data Subjects as visitors of our website (hereinafter “Users”) as well as our end-users’ clients who have subscribed to the PUBSTACK Monetization Manager and Spark services (hereinafter “End-Users”). 

To provide clear and easily accessible information about all personal data processing activities carried out by PUBSTACK, we have established:

This policy should be distinguished from our General Terms and Conditions of Sale.

It reflects our current practices regarding data collection and processing and may be updated over time to align with regulatory or technical developments.

Any changes will be published on this page as soon as they come into effect.

OUR COMMITMENT TO DATA PROTECTION 

PUBSTACK places great importance on the protection of Data and Privacy of users visiting its website, whether they are prospects or clients. PUBSTACK is committed to respecting the privacy of Users and to protecting their personal data that is, information allowing them to be identified, directly or indirectly, as an individual.

PUBSTACK undertakes to comply with applicable data protection laws, including the General Data Protection Regulation (GDPR), as well as industry standards, notably the Transparency and Consent Framework (TCF) developed by the Interactive Advertising Bureau (IAB). PUBSTACK is listed as a vendor (Vendor ID: 1408) on the IAB Global Vendor List (GVL) under the TCF. 

Our Data Protection Officer (DPO)

PUBSTACK has appointed a Data Protection Officer responsible for ensuring compliance with applicable data protection legislation. For any questions regarding data protection or this privacy policy, or to exercise your rights as a data subject, you may contact PUBSTACK’s DPO at the following address: dpo@pubstack.io .

Privacy policy for website Users

Privacy Policy

We know you care about how your information is being used and shared. This Privacy Policy explains Pubstack.io’s policies concerning information we collect via our website, app, social media pages and email.

Upon navigating our website, cookies will be collected. When you register to use one of our services, you will be requested to fill in identity information such as your name, company name, email and password. By registering, you agree to the retention of this information. Cookies and personal information is not shared with any third party and is solely used to improve your experience (more details in the following part). We could disclose personal information to respond to court orders, to exercise our rights or defend against legal claims. Such information will only be shared if it can help investigating and preventing any type of illegal activities. See more under Privacy Policy.

1. What type of information do we collect about our users ?

a. Personal information : Name, title, company name, job function, expertise, postal address, telephone number or email address.

b. Other information : Information not related to your identity, such as browser or device use, data collected by cookies and demographic information. We use this information to optimise our services.

c. IP addresses : Showing the pages you visited on the site or app and the time when you did so. This is a standard practice and is done automatically to improve operations and diagnose technical issues.

2. How do we collect information ?

a. Through the website : We could collect information from you if you request a live demo, contact us, subscribe to our newsletter or download content from our website. We use cookies on our website to collect navigation information.

Cookies are files installed on your computer by the administrator of a site. They retain relevant information related to the user’s connection to this site. We use cookies solely to collect information that can facilitate your navigation. Under no circumstances do cookies collect personal information about you. It is also possible for you to disable the installation of cookies or delete them. In that case, we will make sure your navigation is not hindered.

b. Offline : We may collect personal information from you on events (such as business cards and email addresses) or during phone calls with sales representatives.

c. Emails : We may collect personal information from you from email exchanges.

d. Information from other sources : We may collect information from third parties (event organisers, social media pages, publicly available emails).

e. Web analytics : We may collect information from website aggregated analytics, A/B testing or heatmap tools :

– Google Analytics : Uses cookies and aggregates website navigation data on our domain. Information is automatically ingested by Google and collected in the US.

– A/B Tasty : Gathers information on the use of our domain and specific pages. It allows for improved user experience on our website. The information is also transferred to A/B Tasty.

– HotJar : Provides heatmaps to understand user experience.

3. How do we use Personal Information ?

We may use Personal Information to :

a. Improve our digital communication and services.

b. Contact you to share relevant information on business services and offers.

c. Answer to your requests (send you requested materials, newsletters, etc).

d. Send you relevant administrative information (regarding our policies, contracts, etc).

e. Provide you with customer service and guide you in using our product.

f. Send you marketing communications that can be of interest to you. They always have an opt-out option.

g. Keep you updated on our service and product.
h. Conduct data analysis (website or app feedback) to improve our services.

i. Launch remarketing campaigns via the use of cookies you consent to by visiting our website.

Access to your Personal Data

In conformity with the French law N°78-17 dated 6th January 1978 on Information Technology, Data Files and Civil Liberties, you have the right to access and modify personal data. You can contact us at hello@pubstack.io if you want to exercise this right.

You can oppose the processing of your personal information for legitimate reasons.

Security

We implement the best measures and standards to protect and maintain security of your personal and professional information on our website.

However, just like any other web provider, we cannot guarantee the hackers could not gain access to your personal information in spite of our measures.

If you have any questions about security of our website, please email hello@pubstack.io.

Privacy policy for End-Users of PUBSTACK Solutions

  1. What data do we process?

As part of its Monetization Manager and Spark Solutions, Pubstack processes the following data:

Collected data:

  • IP addresses and Device characteristics (Technical characteristics about the device you are using such as the number of times you have seen specific content or a specific ad or whether you clicked on it).
  • Advertising identifiers (pseudonymous IDs or device IDs).
  • Browsing and interaction data (Your online activity such as the websites you visit, apps you are using, your interactions with ads, such as the number of times you have seen specific content or a specific ad or whether you clicked on it).
  • Non-precise location data (expressed under the TCF as an area with a radius of at least 500 meters) and if specific consent, more precise location data
  • Privacy choices (Information about your privacy choices regarding the processing of your personal data which we receive from our Publishers through their Consent management platforms “CMP”)

Measured technical data (calculated within Pubstack environments):

  • Advertising performance data (clicks, views, …)
  • Optional technical identifier (UUID): a Pubstack session identifier used to count the number of pages viewed during a session, the connection date and time, and the page URL.

Inferred data by third parties used in the bid requests:

  • Where applicable, user profiles (cohorts sharing socio-demographic or behavioral characteristics such as purchase intent or interests)

Pubstack does not collect any information that could directly identify you such as your name or contact details.

Pubstack does not process sensitive information as defined under the GDPR, such as religious beliefs, political opinions, or health-related details. Pubstack does not create user segments and does not specifically target minors, as defined by the applicable legal age in each jurisdiction.

  1. Why and how will we use your data?

Pubstack processes Personal Data for the following purposes: 

  • Management of publishers’ advertising stacks (Monetisation Manager)
  • Measurement of publishers’ advertising performance (Monetisation Manager)
  • When activated by The Publisher, access to Pubstack’s proprietary Marketplace through its bidder technology (Spark)
  • Improve Pubstack’s technologies 

Within the TCF, the aforementioned purposes correspond to: 

  • Store and/or access information on a device (IAB Purpose 1)
  • Use limited data to select advertising (IAB Purpose 2)
  • Create profiles for personalised advertising (IAB Purpose 3)
  • Use profiles to select personalised advertising (IAB Purpose 4)
  • Measure advertising performance (IAB Purpose 7)
  • Understand audiences through statistics or combinations of data from different sources (IAB Purpose 9)
  • Develop and improve services (IAB Purpose 10)
  • Ensure security, prevent and detect fraud, and fix errors (IAB Special Purpose 1)
  • Save and communicate privacy choices (IAB Special Purpose 3)

Pubstack commits to using End-User behavioral data solely on behalf of the Client, or for compatible purposes subject to the Client’s explicit authorization.

From ePrivacy perspective, Pubstack performs read/write operations on the user’s device (client-side processing) as well as server-side operations, depending on the module activated by the Publisher.

Pubstack uses technologies such as cookies and trackers to collect data and store it on a user’s device.

Pubstack Monetisation Manager (Pubstack One, Pubstack Core or Pubstack Node), Pubstack Spark and Pubstack Analytics Tag are pieces of code inserted or called from a Publisher’s website source code or mobile SDK to activate, access and manage Pubstack’s services on their digital properties.

Specifically: 

  • The Pubstack Analytics Tag helps Publishers understand how visitors and demand partners interact with their websites. 
  • Pubstack Monetisation Manager helps Publishers monitor, analyse and optimise the monetisation of their websites.
  • Pubstack Spark uses machine learning to help publishers improve the monetisation of their websites.
  1. On what legal ground do we process your data?

In the European Union, Pubstack primarily relies on the legal basis of consent for its advertising processing activities (including ad activation and measurement), collected in accordance with industry practices and TCF policies. Certain processing operations, particularly those related to security prevention and service improvement, rely on the legal basis of legitimate interest. 

Beyond the European Union, Pubstack may rely on an opt-out signal to perform its advertising activities when instructed to do so by its Clients, to comply with applicable local regulations (e.g., in the United-states).

  1. How long do we store your data?

We retain personal data only for the duration necessary to fulfill the purposes for which it was collected, or as long as we have an ongoing legitimate business need to use the data to provide our Services or we have a legal or compliance reason to do so.  

Data retention depends on the type of data and the corresponding purpose. The Data processed is generally retained for 2 years.

Some specific durations are used for:

  • IP address: stored for 30 minutes for analytics purposes and 2 years for Spark, then truncated. 
  • Session UUID: kept in local storage only for the duration of the session and deleted once the session ends. Note: This identifier is generated to link impressions to the same session in a strictly anonymous way and is never cross-referenced with other directly identifiable personal data.
  1. Who has access to your data?

We share information, including Personal Data, with our affiliates and trusted third parties that provide services to Pubstack such as hosting and internet connectivity providers (Cloudflare and AWS), Supply Side Platforms (SSPs), Demand-Side Partners (DSPs), third-party data providers or advertisers, and anti-fraud service providers. Where permitted, we may also share data with trusted business partners to perform, improve, or enhance our products and services.

We may also disclose information in the following circumstances:

  • When required to do so by national or international law or regulation.
  • When necessary to comply with an authorized request or legal demand.
  • When necessary to protect or defend our own rights or legitimate interests.

Finally, we may transfer your data to a successor entity in connection with a merger, acquisition, sale of assets, bankruptcy, or other corporate transactions or restructuring.

  1. International data transfers

To provide our Services, your personal data may be transferred to our clients, partners, or service providers. We store personal data in European Economic Area (EEA) using servers located in Ireland (AWS Ireland).

Should your data be transferred outside the EEA, we undertake to take all necessary precautions to ensure their security and to frame such transfers with appropriate safeguards, as required by the applicable regulations.

To ensure that each data transfer outside the EU complies with the relevant legal framework, we rely on the following mechanisms:

  • Adequacy decisions: we transfer personal data to countries outside the EU that have been recognized by the European Commission as providing an adequate level of protection for personal data.
  • Standard Contractual Clauses: these clauses require the other party to protect your data and to grant you rights and safeguards equivalent to those provided within the EU. They are available on the European Commission’s website.
  1. Your data protection rights

Depending on where you reside, you may have different legal rights with respect to your personal data and how we may process it. In accordance with the applicable regulations, you may exercise your rights of access, deletion, objection, rectification, portability, or restriction. You also have the right to opt-out or withdraw your consent from advertising. 

Please note that within Monetization Manager and Spark solutions, Pubstack does not typically store directly identifiable information such as names or email addresses nor maintain any direct relationship with the publishers’ end users. Consequently, data subjects’ requests should be addressed to the relevant publisher who has activated Pubstack’s solutions. Pubstack will collaborate with the latter, when necessary, to answer your request promptly.

For any questions regarding data protection or this privacy policy, or to exercise your rights as a data subject, you may contact PUBSTACK’s DPO at the following address: dpo@pubstack.io .

 You can file a complaint with the relevant supervisory authority based on your rights, in particular the Member State of your residence if you are located in the EU/EEA. A list of the European data protection authorities can be found here: https://edpb.europa.eu/about-edpb/about-edpb/members_en. Pubstack's lead supervisory authority under Article 56 of the GDPR is the Commission Nationale de l'Informatique et des Libertés (CNIL) in France. 

  1. Data security

Pubstack implements appropriate technical and organizational measures to ensure the confidentiality and integrity of data during its temporary processing. Pubstack holds a SOC 2 Type 2 certification and is committed to maintaining state-of-the-art security practices. More information about data security can be found here: www.pubstack.io/security

PAGES
FOLLOW US
Copyright © Pubstack 2026
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist us in our marketing efforts. See our Privacy Policy for more information.
PreferencesTo refuseI accept