RevOptimal, LLC ("RevOptimal," "we," "our," or "us") is committed to protecting the privacy of individuals whose information we collect and share — both visitors to our website ("Site") and individuals whose data we process through the services we provide to our enterprise customers ("Services").

This Global Privacy Policy ("Privacy Policy") applies globally to our Site and Services. Jurisdiction-specific notices (including our US States Privacy Notice, EEA & UK Privacy Notice, and Cookie & Tracking Technologies Policy) supplement this policy where applicable. Enterprise customers should read this policy alongside their applicable contract and data protection addendum ("DPA").

This Privacy Policy Includes:

• Who We Are and Our Role
• What Personal Information We Collect
• Where We Get Personal Information
• How and Why We Use Personal Information
• How We Share Personal Information
• International Data Transfers
• Security and Safety
• Third-Party Resources
• Data Retention
• Your Rights and Choices
• Children's Privacy
• Changes to This Policy
• How to Contact Us

Who We Are

RevOptimal, LLC is a marketing technology company that provides data-driven audience intelligence, deterministic audience segments for advertisers and marketers across B2B, B2C, healthcare, and political verticals, and omni-channel targeting, attribution and measurement solutions to help advertisers and marketers optimize campaign performance.

Depending on the context, we may act as either:

• A controller (or equivalent concept) when we decide how and why personal information is used, for example when we operate our own Site or run our own analytics.
• A processor or service provider under instruction of our customers when we handle personal information on their behalf (for example when we build or activate audience segments using data they provide). When required by law, we may also appoint local representatives in certain regions.
• A data broker in certain US states, which is outlined in the Data Broker sections of our US States Privacy Notice.

What Personal Information We Collect

In operating the Site and providing Services to our customers, we collect and use data that includes details that personally identify individuals ("Personal Information"). Examples include:

• Identifiers: Name, email address, mailing address, phone number, IP address, device identifiers, cookie identifiers, mobile advertising IDs.
• Demographic information: Age, gender, date of birth, marital status, household composition.
• Internet or electronic network activity: Browsing history, search history, interaction data, pages visited.
• Geolocation data: Precise location data, inferred location from IP address or device signals.
• Professional and employment information: Employer, job title, industry.
• Inferred and derived information: Audience segment assignments, interest profiles and behavioral characteristics derived from, for example:
  • Television viewership data, such as the programs audiences watch and the devices on which they watch those programs.
  • Individuals' interests such as travel interests, purchasing interests, and other preferences.
  • Elections information, such as party registration (in states where available), and what elections individuals voted in (including general elections and primary elections).
  • Data about predicted views on issues and purchases. We use either our own surveys or survey data from third parties to make predictions about how likely individuals are to take an action, such as support a candidate or cause.
• Sensitive personal information: Where applicable, certain categories of sensitive data as defined by your state's law.
• Communications and support information: Messages, support tickets, and feedback sent to us.

Where We Get Personal Information

We receive Personal Information from several sources, including:

• Directly from individuals: when they visit our Site or contact us.
• From our enterprise customers: when they share data (such as hashed emails, customer IDs, or event logs) so we can help them build or activate audience segments.
• From our partners and service providers: such as publishers, analytics providers, and identity partners who help us link or enrich identifiers and, where permitted, data brokers in some jurisdictions.
• From publicly available sources: such as the National Provider Registry (NPI) and states' election divisions or secretaries of state.

We also automatically collect certain information and data through use of our Site and our use of cookies and other tracking technologies. Data collected is primarily needed to maintain the security and operation of the Site, and for our internal analytics and reporting. To learn more about how we use cookies and other tracking technologies on the Site and to manage your cookie settings, please see our Cookie & Tracking Technologies Policy.

How and Why We Use Personal Information

We use personal information for several purposes, including:

• Audience segment creation and activation: Building, enriching, and delivering audience segments to enterprise customers for advertising and marketing purposes — this is our core business.
• Identity resolution: Linking identifiers across devices and environments to support accurate audience targeting.
• Measurement and analytics: Measuring campaign performance, segment accuracy, and audience reach on behalf of customers.
• Service operations: Hosting, maintaining, and improving our Services.
• Security and fraud prevention: Detecting and preventing unauthorized access, fraud, and security incidents.
• Legal compliance: Complying with applicable laws, regulations, and legal process.
• Marketing: Communicating with prospective enterprise customers about our services.
• Customer support: Responding to inquiries and requests.

Where required by law, we rely on legal bases such as performing a contract, our legitimate interests (balanced against individual rights), compliance with law, or consent (for example, for certain types of cookies or targeted advertising in Europe).

How We Share Personal Information

We share Personal Information to the following types of recipients within the contexts described:

• Our Business Customers: audience segments, scores, and measurement reports so customers can conduct their own advertising and analytics. Customers are responsible for how they use this information.
• Service Providers: information with companies that help us operate our platform — such as cloud providers, analytics vendors, security providers, and professional advisors. These providers cannot use your information for their own purposes and must protect it per our contracts.
• Ecosystem Partners: information as needed with publishing partners, identity resolution providers, demand-side platforms, and measurement companies.
• Corporate Transactions: information with our affiliated companies and in connection with mergers, acquisitions, reorganizations, or other business transactions.
• Legal Requirements: information disclosed when legally required to comply with applicable law, governmental requests, judicial proceedings, court orders, or legal processes.
• Protection of Rights and Safety: information when we believe it is necessary to defend our legal rights (including intellectual property), address violations of our policies, investigate fraud, protect safety, or respond to suspected illegal activities.
• Your Consent: information for any other purpose with your explicit consent.
• Business Operations: to fulfill legal obligations and for purposes compatible with the original reason for collection.

In some US states, certain disclosures, especially in connection with cross-context behavioral advertising or audience-segment services, may be considered a "sale," "sharing," or use of personal information for "targeted advertising." Our US States Privacy Notice explains these concepts and your options in more detail.

International Data Transfers

We provide Services to customers in multiple countries and may transfer Personal Information internationally where required or requested. This means Personal Information may be processed outside the country where it was collected, including in countries that may not provide the same level of data protection as your home country. When we transfer personal information from the European Economic Area (EEA) or the United Kingdom to other countries, we use appropriate safeguards, such as:

• Standard contractual clauses approved by the European Commission or UK authorities.
• Other mechanisms recognized under the GDPR and UK GDPR.

Details about our use of data outside the US and our safeguards for international data transfers is available in our EEA & UK Privacy Notice.

Security and Safety

Our Practices

We maintain commercially reasonable security measures to protect the Personal Information we collect and store from loss, misuse, destruction and unauthorized access. However, we cannot guarantee absolute security because no security measure or modality of data transmission over the internet is 100% secure. You should only access the Services within a secure environment.

Retention of Personal Information

We will only keep your Personal Information for as long as necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law. Once we no longer have an ongoing, legitimate business interest in storing, using or otherwise processing your Personal Information, or where you have requested to opt out of use of your Personal Information, we will either delete or anonymize it. If deletion or anonymization is not possible, such as when your Personal Information has been stored in our backup archives, we will securely store your Personal Information and isolate it from any further usage or processing until deletion is possible.

More information about our safety and security practices can be found at our Trust Center.

Third-Party Resources

The Services may link to other websites and internet resources, or incorporate third-party tools, services, APIs, SDKs, and widgets that are not owned, operated or controlled by us. Any data collected or used by third parties is not covered by this Privacy Policy. We are not responsible for the content or privacy and security practices and policies of any third parties, including other websites, services or applications that may be linked to or from our Site or Services. You should review the policies of such third parties and contact them directly to respond to your questions.

Data Retention

We keep personal information for as long as we reasonably need it for the purposes described in this Privacy Policy, including:

• For as long as we provide Services to our customers.
• For a period afterwards, to comply with legal obligations, resolve disputes, enforce agreements, and maintain business records.

We apply different retention periods for different categories of information and use cases and we de-identify or aggregate data so it is no longer reasonably linked to identifiable individuals, where possible.

Your Rights and Choices

Additional rights may apply to you depending on your location. For more information, please review our US States Privacy Notice (for U.S. residents) and our EEA and UK Privacy Notice (for individuals in the European Economic Area and the United Kingdom), which describe rights available under applicable laws.

Depending on the laws that apply, your rights may include the ability to:

• Confirm whether we process your personal information and access it;
• Receive a copy of your personal information in a portable format;
• Learn about the categories of personal information disclosed and the categories (or, in some cases, specific) third parties receiving it;
• Request deletion of personal information, subject to legal exceptions;
• Request correction of inaccurate personal information;
• Opt out of targeted advertising or the "sale" of personal information, where applicable; and
• Withdraw consent where required by law.

In some jurisdictions, you may also have the right to object to certain profiling or targeted advertising activities. To exercise your rights, submit a request at www.revoptimal.com/dsar. We may need to verify your identity and, if applicable, your authority to act on behalf of another person. In some cases, we may retain information as required by law, even after a request is fulfilled.

Children's Privacy

We do not knowingly collect data from or market to children under age 16. By using the Site and/or our Services, you represent that you are at least 18. If we learn that Personal Information from users less than 16 years of age has been collected by us, we will take reasonable measures to promptly delete such data from our records. If you become aware of any Personal Information that we have collected from children under age 16, please contact us at privacy@revoptimal.com.

Changes to This Policy

We review and update this Privacy Policy periodically to reflect changes in our practices, applicable law, and regulatory guidance. We will notify you of material changes by posting the updated Privacy Policy on our website and updating the effective date above. Where required by law, we will seek renewed consent or provide additional notice of material changes. Your continued use of our Site and/or Services following notification of changes constitutes your acknowledgment of the updated Privacy Policy.

We encourage you to review this Privacy Policy frequently to be informed of how we are protecting your information.

How to Contact Us

If you have questions about this Privacy Policy, your privacy rights, or how we handle your personal information, please contact us at:

• Email: privacy@revoptimal.com
• Mail: RevOptimal, LLC, 612 Andrew Higgins Blvd, Ste 2000, New Orleans, LA 70130 USA

We have also appointed Superset as our representative in the European Union and United Kingdom for data protection matters. Superset can be contacted at:

• Email: revoptimal.com@supersetreps.com
• EU Mail: Superset Representatives SASUEEA, 12 Rue Pierre Fontaine, 75009 Paris, France
• UK Mail: Superset Representatives Limited, Lytchett House, 13 Freeland Park, Wareham Road, Poole, Dorset, BH16 6FA, United Kingdom