Privacy Commitment
At Radoss Agency, we are committed to protecting your privacy and ensuring transparency in how we collect, use, and safeguard your personal information. This Privacy Policy explains our data practices in connection with the Radoss DSP Platform and related services.
1. Introduction
1.1 About This Policy
This Privacy Policy ("Policy") describes how Radoss Agency Limited ("Radoss", "we", "us", or "our") collects, uses, shares, and protects information in connection with our Demand-Side Platform ("DSP Platform" or "Platform") and related advertising services.
1.2 Scope
This Policy applies to:
- Platform Users: Advertisers, agencies, and businesses that use our DSP Platform
- Website Visitors: Individuals who visit radoss.agency and related websites
- End Users: Consumers who view or interact with advertisements delivered through our Platform
- Publishers: Website and app owners who provide advertising inventory
1.3 Controller Information
Radoss Agency Limited is the data controller for personal information processed under this Policy. Our contact details are:
- Company: Radoss Agency Limited
- Address: Lagos, Nigeria
- Email: privacy@radoss.agency
- Phone: +234 703 382 7657
2. Definitions
2.1 Key Terms
- "Personal Data" means any information relating to an identified or identifiable natural person, including but not limited to device identifiers, IP addresses, and behavioral data.
- "Processing" means any operation performed on Personal Data, including collection, storage, use, disclosure, and deletion.
- "Data Subject" means the individual to whom Personal Data relates.
- "Consent" means freely given, specific, informed, and unambiguous indication of the data subject's wishes.
- "Pseudonymization" means processing Personal Data so that it can no longer be attributed to a specific individual without additional information.
- "Device Identifier" means a unique identifier assigned to a device, including IDFA, GAID, cookie IDs, and fingerprints.
- "Interest-Based Advertising" means advertising targeted based on inferred interests derived from user behavior.
3. Data We Collect
3.1 Information from Platform Users (Advertisers)
When you register for and use our Platform, we collect:
Account Information
- Business name and registration details
- Contact information (name, email, phone, address)
- Billing and payment information
- Account credentials and access logs
- Industry vertical and business category
Campaign Data
- Targeting parameters and audience segments
- Creative assets (images, videos, text)
- Budget and bidding information
- Performance metrics and analytics
- Conversion and attribution data
Usage Data
- Platform access logs and activity
- Feature usage patterns
- API calls and integration data
- Support inquiries and communications
3.2 Information About End Users (Advertising Data)
Through our programmatic advertising services, we may collect or process:
Device and Technical Data
- Device Identifiers: Advertising IDs (IDFA, GAID), cookie IDs, device fingerprints
- Device Information: Device type, model, manufacturer, operating system, browser type and version
- Network Information: IP address (truncated/anonymized), carrier, connection type (WiFi, 4G, 3G)
- Location Data: Approximate location derived from IP address, GPS coordinates (with consent), country, region, city
Behavioral and Interest Data
- Browsing Behavior: Pages visited, content viewed, search queries (hashed)
- App Usage: Apps installed, app categories, in-app behavior
- Ad Interactions: Impressions, clicks, conversions, viewability metrics
- Interest Categories: Inferred interests based on behavior (e.g., Finance, Gaming, Sports)
Demographic Data (Inferred)
- Age range (e.g., 18-24, 25-34)
- Gender (probabilistic)
- Income bracket (modeled)
- Household composition (inferred)
Important: We Do NOT Collect
- Direct personal identifiers (names, email addresses, phone numbers) from end users
- Precise real-time location without explicit consent
- Sensitive personal data (health, religion, political views, sexual orientation)
- Financial account details or government IDs from end users
- Data from children under 13 (or applicable age in jurisdiction)
3.3 Information from Publishers
- Publisher account and business information
- Inventory details and placement specifications
- Content categorization and brand safety signals
- Revenue and payment information
4. How We Collect Data
4.1 Direct Collection
- Registration: When you create a Platform account
- Forms: When you submit inquiries or contact requests
- Campaigns: When you create and manage advertising campaigns
- Communications: When you contact our support team
4.2 Automated Collection
- Cookies: First-party and third-party cookies for tracking and personalization
- Pixels/Beacons: Tracking pixels embedded in ads and landing pages
- SDKs: Mobile software development kits integrated in apps
- Server Logs: Automatic logging of ad requests and responses
- JavaScript Tags: Code snippets for conversion tracking
4.3 Third-Party Sources
- Data Partners: Licensed data from data management platforms (DMPs)
- Ad Exchanges: Bid request data from programmatic exchanges
- Verification Services: Fraud detection and viewability data
- Attribution Partners: Conversion and install attribution data
- Public Sources: Publicly available business information
5. Legal Basis for Processing
5.1 Consent
Where required by law, we obtain consent before:
- Placing non-essential cookies on devices
- Processing precise location data
- Creating detailed behavioral profiles
- Sending marketing communications
5.2 Contractual Necessity
We process data as necessary to:
- Provide Platform services to Advertisers
- Execute advertising campaigns
- Process payments and billing
- Provide customer support
5.3 Legitimate Interests
We process data based on legitimate interests for:
- Fraud detection and prevention
- Platform security and integrity
- Analytics and service improvement
- Aggregated reporting and insights
5.4 Legal Obligations
We process data to comply with:
- Tax and accounting requirements
- Regulatory reporting obligations
- Court orders and legal processes
- Industry self-regulatory requirements
6. How We Use Your Data
6.1 Platform Operations
| Purpose |
Data Used |
| Account Management |
Account info, credentials, contact details |
| Campaign Execution |
Targeting data, creatives, budget settings |
| Real-Time Bidding |
Device data, location, user segments |
| Billing & Payments |
Payment info, transaction records |
| Customer Support |
Account info, communication history |
6.2 Advertising Services
| Purpose |
Data Used |
| Ad Targeting |
Demographics, interests, behavior, location |
| Frequency Capping |
Device IDs, ad exposure history |
| Retargeting |
Site/app visit data, conversion events |
| Attribution |
Click data, conversion events, install data |
| Optimization |
Performance metrics, engagement signals |
6.3 Analytics and Improvement
- Analyzing Platform usage patterns
- Developing new features and services
- Generating aggregated market insights
- Benchmarking and industry reporting
- Machine learning model training (using pseudonymized data)
6.4 Security and Compliance
- Detecting and preventing fraud
- Identifying invalid traffic (IVT)
- Enforcing Terms of Service
- Meeting regulatory requirements
- Responding to legal requests
7. Data Sharing and Disclosure
7.1 Categories of Recipients
Service Providers
- Cloud hosting and infrastructure providers
- Payment processors and financial institutions
- Analytics and data processing vendors
- Customer support tools
- Email and communication services
Advertising Ecosystem Partners
- Ad Exchanges: SSPs and ad networks for inventory access
- Publishers: For ad delivery and reporting
- Data Partners: For audience enrichment (with consent)
- Verification Services: For brand safety and fraud detection
- Attribution Providers: For conversion tracking
Corporate Affiliates
We may share data with parent companies, subsidiaries, or affiliates for:
- Centralized operations and support
- Cross-product integration
- Combined analytics and reporting
7.2 Legal Disclosures
We may disclose data when required by law or to:
- Comply with legal processes (subpoenas, court orders)
- Protect our rights, property, or safety
- Prevent fraud or illegal activity
- Assist law enforcement investigations
7.3 Business Transfers
In the event of a merger, acquisition, or asset sale, user data may be transferred to the acquiring entity, subject to the same privacy protections.
7.4 Aggregated and Anonymized Data
We may share aggregated, anonymized data that cannot identify individuals for:
- Industry research and reports
- Market analysis and trends
- Academic research partnerships
8. Programmatic Advertising Practices
8.1 Interest-Based Advertising
We deliver interest-based advertising by:
- Analyzing browsing and app usage patterns
- Creating audience segments based on inferred interests
- Matching ads to relevant audience profiles
- Optimizing delivery based on engagement signals
8.2 Cross-Device Tracking
We may link devices belonging to the same user through:
- Probabilistic matching (IP, location patterns)
- Deterministic matching (logged-in data from partners)
- Device graphs from licensed data providers
This enables consistent frequency capping and attribution across devices.
8.3 Real-Time Bidding (RTB)
During RTB auctions, we transmit limited data to facilitate bidding:
- Pseudonymized user identifiers
- Device and technical parameters
- Approximate location (city/region level)
- Content category and context signals
RTB Data Minimization
We implement data minimization principles in RTB by truncating IP addresses, using hashed identifiers, and transmitting only data necessary for the bidding decision.
8.4 Opt-Out Options
End users can opt out of interest-based advertising through:
- Mobile Devices: iOS Settings > Privacy > Tracking; Android Settings > Google > Ads
- Web Browsers: NAI opt-out at networkadvertising.org/choices
- DAA: Digital Advertising Alliance at youradchoices.com
- Direct Request: Contact privacy@radoss.agency
9. Cookies and Tracking Technologies
9.1 Types of Cookies We Use
| Cookie Type |
Purpose |
Duration |
| Essential |
Platform authentication, security, load balancing |
Session |
| Functional |
User preferences, settings, language |
1 year |
| Analytics |
Usage statistics, performance monitoring |
2 years |
| Advertising |
Ad delivery, targeting, frequency capping |
90 days |
| Attribution |
Conversion tracking, campaign measurement |
30 days |
9.2 Third-Party Cookies
Our Platform may include cookies from:
- Google Analytics (analytics)
- Ad verification partners (fraud detection)
- Attribution providers (measurement)
- Partner exchanges (ad delivery)
9.3 Managing Cookies
You can manage cookies through:
- Browser Settings: Most browsers allow you to block or delete cookies
- Cookie Consent Tool: Use our cookie preference center (where available)
- Mobile Settings: Limit ad tracking in device settings
Note: Blocking essential cookies may affect Platform functionality.
9.4 Other Tracking Technologies
- Web Beacons: 1x1 pixel images for tracking page views and email opens
- Local Storage: HTML5 storage for persistent data
- Fingerprinting: Device fingerprints for fraud detection (not for ad targeting)
- SDK Tracking: Mobile SDKs for in-app measurement
10. Data Retention
10.1 Retention Periods
| Data Category |
Retention Period |
Basis |
| Account Data |
Duration of relationship + 7 years |
Legal/tax requirements |
| Campaign Data |
3 years after campaign end |
Reporting and disputes |
| Billing Records |
7 years |
Tax compliance |
| Ad Delivery Logs |
90 days (detailed) / 2 years (aggregated) |
Operations/analytics |
| User Segments |
90 days without refresh |
Accuracy maintenance |
| Cookie Data |
Per cookie type (see above) |
Functional necessity |
| Fraud Detection Data |
3 years |
Pattern analysis |
10.2 Data Deletion
Upon expiration of retention periods or valid deletion request:
- Data is permanently deleted or anonymized
- Backup copies are purged within 30 days
- Third parties are instructed to delete shared data
11. Your Privacy Rights
11.1 Rights Under GDPR (EEA/UK)
- Access: Request copies of your personal data
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your data ("right to be forgotten")
- Restriction: Limit processing of your data
- Portability: Receive your data in a machine-readable format
- Objection: Object to processing based on legitimate interests
- Withdraw Consent: Revoke previously given consent
- Automated Decision-Making: Request human review of automated decisions
11.2 Rights Under NDPR (Nigeria)
- Right to be informed about data processing
- Right to access personal data
- Right to rectification of inaccurate data
- Right to deletion of personal data
- Right to data portability
- Right to object to processing
- Right to withdraw consent
11.3 Rights Under POPIA (South Africa)
- Right to access personal information
- Right to correction of personal information
- Right to deletion or destruction
- Right to object to processing for direct marketing
- Right not to be subject to automated decision-making
- Right to complain to the Information Regulator
11.4 Exercising Your Rights
To exercise any privacy rights:
- Email: privacy@radoss.agency
- Include your full name, account details (if applicable), and specific request
- We will respond within 30 days (or applicable legal timeframe)
- Verification may be required to protect against fraudulent requests
11.5 Complaints
If you are not satisfied with our response, you may file a complaint with:
- Nigeria: National Information Technology Development Agency (NITDA)
- South Africa: Information Regulator
- Kenya: Office of the Data Protection Commissioner
- EU/UK: Your local Data Protection Authority
12. Data Security
12.1 Security Measures
We implement comprehensive security controls including:
Technical Measures
- Encryption in transit (TLS 1.2+) and at rest (AES-256)
- Web Application Firewall (WAF) protection
- DDoS mitigation and intrusion detection
- Regular vulnerability assessments and penetration testing
- Secure development practices (OWASP guidelines)
Organizational Measures
- Access controls and role-based permissions
- Employee security training and background checks
- Incident response procedures
- Vendor security assessments
- Business continuity planning
12.2 Data Breach Response
In the event of a data breach:
- We will investigate and contain the breach promptly
- Affected individuals will be notified within 72 hours (or as required by law)
- Relevant regulatory authorities will be notified
- Remediation steps will be implemented
13. International Data Transfers
13.1 Transfer Mechanisms
When transferring data internationally, we use:
- Standard Contractual Clauses (SCCs): EU-approved data transfer agreements
- Binding Corporate Rules: For intra-group transfers
- Adequacy Decisions: Transfers to countries with adequate protection
- Consent: Explicit consent for specific transfers
13.2 Data Localization
Where required by law, we maintain local data storage in:
- Nigeria (for Nigerian user data)
- South Africa (for South African user data)
- EU (for EEA user data)
14. Children's Privacy
14.1 Age Restrictions
Our Platform is not directed to children under 13 (or the applicable age of consent in your jurisdiction). We do not knowingly:
- Collect personal data from children
- Target advertising to children
- Create advertising profiles for children
14.2 COPPA Compliance
We comply with the Children's Online Privacy Protection Act (COPPA) by:
- Excluding child-directed inventory from targeting
- Honoring COPPA flags from Publishers
- Not processing persistent identifiers from child-directed sites/apps
14.3 Parental Rights
If you believe we have inadvertently collected data from a child, contact us immediately at privacy@radoss.agency for deletion.
15. Changes to This Policy
15.1 Updates
We may update this Privacy Policy periodically. Changes will be:
- Posted on this page with a new "Last Updated" date
- Communicated via email for material changes
- Effective 30 days after posting (unless urgent)
15.2 Notification
We will notify you of significant changes through:
- Email to registered account holders
- Platform dashboard notifications
- Website banner announcements
16.1 Response Times
- General inquiries: 5 business days
- Data subject requests: 30 days (as required by law)
- Urgent privacy concerns: 48 hours
By using the Radoss DSP Platform, you acknowledge that you have read and understood this Privacy Policy.