Data Products and Audience Technology Privacy Policy

Effective Date: Feb 2024

Goldfish Ads, LLC
Goldfish Ads, LLC (“Goldfish Ads,” “we,” “our,” or “us”) is committed to protecting user privacy. This Platform Privacy Policy describes our data collection, usage, and disclosure practices related to all of our data products and audience technology platforms — including AMAP. It applies to data processed through Goldfish Ads’ audience technology in connection with our services, which provide simple, safe, and scalable global audience activations and insights.

1. How Our Technology Works

The Goldfish Ads Platform is a privacy-first advertising technology that uses spatial intelligence to optimize ad targeting. Our system ingests aggregated location and time-based signals, performs spatial proximity analysis, and identifies high-density audience cohorts—never individuals. By focusing on group-level insights, the platform delivers effective, scalable campaigns without collecting or storing any Personally Identifiable Information (PII) or using cookies.

Audience outputs are available as aggregated geodata (e.g., ZIP codes with associated scores) or can be activated directly through leading media buying platforms like The Trade Desk, Xandr, Adform, and DV360 for automated, privacy-safe audience targeting.

How Do We Collect Information?

The Goldfish Ads Platform processes aggregated, anonymized data from a variety of trusted sources to power privacy-safe audience targeting. These sources include:

Goldfish Proprietary and Partner Data Sources:

Search and social listening: Geo-aggregated behavioral trends from digital platforms
Public sector data: Government datasets such as Census, CDC, NHS, and others
General geo-aggregated data: Datasets aggregated at spatial levels like postal codes, census blocks, or H3 indexes, only when they meet minimum density thresholds to prevent re-identification. While we believe the risk of identifying individuals is low, we act in good faith to safeguard privacy and are actively enhancing our aggregation methods to further reduce that risk.
Client 1st-party data: CRMs, data warehouses (e.g., S3, BigQuery, Snowflake)

Types of Signals We Process:

Geo-contextual signals: Aggregated scores within public administrative boundaries (e.g., census blocks)
Temporal patterns: Anonymous popularity indexes that reflect non-individualized cohort behavior in and around specific locations

Note: We do not use cookies, beacons, tags, mobile SDKs, or any user-tracking technologies.

Data Anonymization and Aggregation Safeguards

Although Goldfish Ads does not collect or process Personally Identifiable Information (PII), we recognize that certain forms of geo-aggregated data—especially at high resolution—can carry a theoretical risk of re-identification when combined with other datasets.

To mitigate this risk, we apply strict data anonymization and aggregation safeguards:

Spatial Smoothing: In some cases, adjacent spatial units may be blended or generalized to reduce data granularity.
Temporal Binning: Time-based data is grouped into broader intervals to prevent pinpointing of individual activity patterns.
No Cross-Linking: We do not combine geo-aggregated signals with device identifiers, IP addresses, or other user-level attributes.

We continuously evaluate our privacy techniques in line with industry best practices and regulatory guidance, including frameworks related to differential privacy and k-anonymity.

Information Our Clients and Partners Collect

Our clients, partners, and vendors may collect data independently through their own platforms and media properties. Goldfish Ads does not control or govern their data collection practices, which are subject to their respective privacy policies.

Sharing the Geo Information

We may share aggregated, anonymized data with:

Service Providers: Partners who assist in operating our Platform and providing services.
Clients: Advertisers and publishers utilizing our Platform for ad targeting.

All shared data remains non-identifiable and is used solely for the purposes outlined in this policy.

Data Retention

We retain aggregated, anonymized data only for as long as it is necessary to fulfill the purposes outlined in this Privacy Policy, such as generating audience insights and improving targeting performance. Data is periodically reviewed and purged based on relevance, utility, and contractual obligations. Since we do not collect or store any Personally Identifiable Information (PII), our retention practices focus solely on maintaining group-level, non-identifiable data.

Security Measures

Goldfish Ads implements industry-standard security measures to protect data within our platform. These include but are not limited to:

Encryption of data in transit and at rest
Secure access controls and role-based permissions
Network segmentation and firewall protection
Regular audits and vulnerability assessments

While no system can be guaranteed 100% secure, we take appropriate steps to safeguard the data we handle against unauthorized access, disclosure, or misuse.

User Rights

Because the Goldfish Ads Platform does not collect or process personal data (as defined by laws such as the GDPR and CCPA), individual data access, deletion, or correction rights typically do not apply.

However, if you believe data associated with you or your device has been included in a way that violates your rights, please contact us at data@goldfishads.com, and we will promptly investigate and address the concern.

Compliance with Privacy Laws

Goldfish Ads is committed to maintaining compliance with applicable data protection and privacy regulations, including the General Data Protection Regulation (GDPR) in the European Union and the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) in the United States.

Because our platform processes aggregated, non-personal data, we are not considered a data controller or data processor of personal information under these laws in most circumstances. However, we remain vigilant in maintaining a privacy-first approach and work closely with partners and clients to ensure proper data governance.

International Data Transfers

Goldfish Ads is based in the United States, and our infrastructure may involve processing data in other jurisdictions. However, all data remains aggregated and non-identifiable. If data is transferred across borders, we ensure it is handled in accordance with applicable privacy and security standards.

Children’s Privacy

The Goldfish Ads Platform is not intended for use by children under the age of 13, and we do not knowingly collect or process data related to children. If we become aware that we have received data from a child, we will take appropriate steps to delete it.

Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we do, we will revise the “Effective Date” at the top of this page. We encourage you to review this policy periodically to stay informed about how we are protecting your data.

If you have any questions or concerns about this Privacy Policy or our data practices, please don’t hesitate to contact us at data@goldfishads.com. We’re committed to transparency and protecting user privacy.