Privacy Policy
Updated: 1st October, 2025
Factori (“we”/ “us”/ “our”) provides consumer intelligence services using disparate data elements (such as location data, offline and digital identifiers, device metadata etc.) that we collect and infer for anonymized individuals (“individuals”/ “you”/ “your”). In this Privacy Policy (the “Policy”), we describe our data collection and use practices for the information that we collect and the data we receive from our data partners (such as mobile app publishers and developers) about individuals. This Policy also describes the choices available to you regarding the use of that information and data. This Policy doesn’t apply to the data collection and use practices of our clients, and business partners and the websites, services, and applications that they operate.
Categories of Information we collect:
We receive data from a variety of business partners, clients, and other companies that license data to us, or provide us data to facilitate our services. This information includes the following:
1.1 Data You Give Us
When you ask to be contacted or have questions about our services, you provide us with your contact information (like your name and email address).
1.2 Data We Collect
When you visit our website or when our services are used (by you or by our customers), certain information and data is automatically collected. Our servers collect technical information about your browser or device that it sends when you visit a website or when an advertisement is displayed or measured through our services. These server logs collect information such as the web request, internet protocol (IP) address or device identifier, browser type, referring / exit pages and URLs, number of clicks, impressions served, domain names, landing pages, pages viewed, and other such information. We (and/or our customers and partners) use cookies and web beacons to collect this data (over time and across websites, mobile apps, and devices). These tools (among other things) help us to count impressions, recognize visitors, and provide analytics about the effectiveness of an advertisement. We also use Google Analytics (or other analytics providers) to help us understand the use of our website.
1.3 Data We Receive from others
We receive data that was initially collected (over time and across websites, mobile apps, and devices) by our data partners (such as mobile app publishers and developers, advertising networks and exchanges and other websites and services), which includes:
1.3.1 Ad Data
We receive advertisement requests (to display an advertisement on a website, mobile app or device) along with its associated data, such as a device identifier (like a browser ID or an advertising ID (the operating system-supplied ID meant for advertising use, such as the Apple’s Identifier for Advertisers or a Google Advertising ID(IDFA or AAID, respectively), or another similar identifier, the browser or device type, IP address, app publisher, operating system, location, and other similar device-specific information.
1.3.2 Movement Data
We receive data about the places people go and visit with their mobile devices (if the mobile or other location-aware device is configured to share its location data when the device or a mobile application on the device is in use or when operating in the background). In addition to location, we receive a device identifier and other information about that device (such as the browser or device type, IP address or app publisher, operating system, carrier provider, and other similar device-specific information). We do not receive the phone number or the unique hardware device ID of a mobile device through this channel. We identify devices using the advertising ID or a randomly assigned unique identifier (that is created through our own system).
1.3.3 Personal Data
We receive Personal Data during your registration, when you choose to provide it, such as your name and email address. The decision to provide such data is optional. In addition, we may also receive certain personal data from third parties that includes hashed email addresses and hashed phone numbers. We make our best endeavor to ensure that all such data is explicitly opted-in with clearly defined permitted use cases that the data subject consents to including sharing it with non-affiliated third parties.
Data We Receive from Other Sources
We receive data and information from other data sources about places that individuals use to verify their location, to classify those locations (such as a business, residential parcel, or other point of interest), and to identify the location’s boundaries.
Note about children. We do not knowingly collect personal information from children. If we learn that we have collected personal information of a child under 18, we will take steps to delete such information from our files as soon as possible.
2. How We Use the Data We Collect
We associate the data and information that we collect with the data and information we receive from others. Our technology contextualizes and aggregates this data. The consumer intelligence we derive (and infer) from the data and the information we amass is the basis of the services we provide:
- for measurement and reporting services,
- for capturing and understanding the interests, activities, and trends of consumers in the physical world,
- for data analytics and data services (such as for marketing and advertising, trend analysis, or market research), and
- for providing, maintaining, and improving the services we offer (and to develop new services).
We may use (and store) the data and information we collect and receive on servers that may be located outside the country where you live.
3. Information We Share with Others
We share the data and information we compile about someone using advertising IDs or another type of identifier:
- for measurement, statistics, usage reporting, and other data analytics
- To allow third parties to market to you, including through mobile devices and applications
- for industry analysis, demographic profiling, market research and other such purposes
- For lead generation, analytics, fraud prevention, credit scoring and contextual recommendations.
- For instance of us getting acquired by or merged with another company and in the event of all of our assets getting transferred to the new formed company, we may transfer the information to the new formed company.
- For legal compliances, we may disclose the information we collect if we believe that such an action is necessary in consonance to a judicial proceeding, court order, or other legal process, such as in response to a court order or a subpoena.
Note: All of the information that we collect from you shall be disclosed only with your consent.
4. Global Privacy Law & Compliance and Your rights
4.1
We are committed to handling personal data in a manner that is transparent, secure, and compliant with privacy and data protection laws in all jurisdictions where we operate. This includes (but is not limited to):
– The General Data Protection Regulation (GDPR) – European Union
– The California Consumer Privacy Act (CCPA/CPRA) – United States
– The Lei Geral de Proteção de Dados (LGPD) – Brazil
– The Personal Data Protection Act (PDPA) – Singapore & Thailand
– The Personal Information Protection and Electronic Documents Act (PIPEDA) – Canada
– The Digital Personal Data Protection Act, 2023 (DPDPA) – India
We recognize and uphold your rights as a data subject under these laws, and we provide mechanisms to help you exercise those rights in accordance with applicable legal requirements.
4.2 Your rights as a data subject
– Right to Access: You may request information about the categories of data we collect, how we process it, and request a copy of the personal data we hold about you.
– Right to Correction (Rectification): You may request corrections to inaccurate or outdated personal data.
– Right to Deletion/Erasure (“Right to be Forgotten”): You may request that we delete your personal data, subject to applicable legal exceptions (e.g., fraud prevention, compliance with legal obligations).
– Right to Data Portability: In applicable jurisdictions, you may request to receive your data in a structured, commonly used, and machine-readable format.
– Right to Object/Restrict Processing: You may object to the processing of your personal data, or request that we restrict processing in certain circumstances, such as when data is used for direct marketing or profiling.
– Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw it at any time without affecting the lawfulness of processing based on consent before its withdrawal.
– Right to Opt Out of the Sale or Sharing of Personal Data: As applicable (e.g., under CCPA/CPRA or India’s DPDPA), you have the right to opt out of the sale or disclosure of your personal data to third parties for purposes such as behavioral advertising or analytics.
– Right to Nominate a Representative (India, DPDPA): You may nominate someone to exercise your rights on your behalf in the event of incapacity or death, as provided under India’s DPDPA.
– Right Not to Be Subject to Automated Decision-Making: Where applicable, you have the right to object to decisions made solely by automated processing, including profiling, which produces legal or similarly significant effects.
4.3 How to access your Rights?
You can exercise any of the rights listed above by contacting us at privacy@factori.ai
Note: To ensure the protection of your personal data, we may request verification of your identity before processing your request. Where legally permitted, an authorized agent or representative may submit requests on your behalf.
We aim to respond to all verified requests within the timeframes required by applicable laws — typically 30 days (under GDPR and Thailand PDPA), 45 days (under CCPA), or as prescribed under India’s DPDPA, with an extension if necessary.
4.4 No discrimination for exercising your rights
We will not deny you services, charge different prices, or provide a lower level of service because you have exercised your legal privacy rights.
5. Additional Privacy Choices
If you don’t want the data that is collected about you to be used for certain purposes, you have other options:
5.1 Cookie Opt-Out
You may control how your browser responds to cookies by adjusting the privacy and security settings of your web browser. Further, Do Not Track (“DNT”) is an optional browser setting that allows you to express your preferences regarding tracking by advertisers and other third parties.
Please note that the opt-out choices you select are stored in opt-out cookies only in the browser that you use to visit the opt-out websites, so you should separately set your preferences for other browsers or Devices you may use. For more information on cookie opt-out, please visit this link.
5.2 Mobile Opt- Out
On your mobile devices, you have an option to reset the Advertising IDs (for both Android & iOS).
We honor these “limit” or “opt out” instructions or “flags” by removing recognized Devices from our reporting solutions, on a going forward basis. (We may continue to use information from these devices for other purposes, such as market research and aggregated customer analytics, but we will not use this information for interest-based advertising purposes)
5.3 Location Settings
If you want to limit or prevent location data from your device from being collected, you can adjust this capability through your mobile device settings
5.4 Additional Opt-Out Links
Network Advertising Initiative: https://optout.networkadvertising.org/
Ad Choices (Digital Advertising Alliance): https://optout.aboutads.info/
6. Legal grounds for Processing Personal Data
We process personal data only where we have a valid legal basis to do so, as required by applicable data protection laws, including the General Data Protection Regulation (GDPR), India’s Digital Personal Data Protection Act, 2023 (DPDPA), Thailand’s Personal Data Protection Act (PDPA), and other relevant global privacy regulations.
The legal grounds for our processing of your personal data may include one or more of the following:
6.1 Consent
We may process your personal data based on your explicit and informed consent. This applies where:
– You agree to receive marketing communications;
– You allow us to use cookies or tracking technologies for analytics or advertising;
– You opt in to share specific personal information via a form or registration.
Where consent is the basis for processing, you may withdraw your consent at any time by contacting us or adjusting your privacy settings.
6.2 Performance of a contract
We process personal data where it is necessary to perform a contract with you or to take steps at your request before entering into a contract. This includes:
– Providing access to our services or platforms;
– Managing user accounts or subscriptions;
– Responding to inquiries or customer support requests.
6.3 Legitimate Interests
We may process your personal data where it is necessary for our legitimate business interests, and those interests are not overridden by your rights or interests. These purposes may include:
– Improving and personalizing our services;
– Preventing fraud, abuse, or security threats;
– Conducting analytics and market research;
– Supporting our internal operations and administration.
Where we rely on this ground, we balance our interests with your privacy rights and offer you the ability to object to certain uses.
6.4 Compliance with Legal Obligations
IWe may process your personal data where required to comply with laws or legal processes, such as:
– Responding to lawful requests from public authorities;
– Meeting obligations under financial, tax, or consumer protection laws;
– Retaining data for compliance with applicable record-keeping or audit requirements.
7. Security and Data Retention
We take steps to help ensure that the data we possess is housed and transmitted securely. We use multiple types and layers of physical and electronic security, including firewall protections, encryption of data during transfer, and strict access controls to personal information. While neither we nor any platform can guarantee 100 percent safety from hacks or illegal intrusion, we make substantial efforts to ensure that this does not occur.
We use public cloud providers (AWS and GCP) for all our data storage and processing applications. For example, we use Server-Side Encryption for protecting data at rest in Amazon S3. This encrypts objects before saving it on disks in its data centers and then decrypts it when we download the objects.
We also enforce encryption of data in transit by using https (TLS) to prevent potential attackers from eavesdropping on or manipulating network traffic using person-in-the-middle or similar attacks. We allow only encrypted connections over https (TLS) using the aws SecureTransport condition on Amazon S3 bucket policies.
We generally retain mobile advertising IDs on the following schedule:
(a) we render mobile advertising IDs inactive for interest-based advertising purposes within 120 days,
(b) we continue to use mobile advertising IDs for analytics purposes and other purposes unrelated to interest-based advertising and reporting (for instance, in aggregated form for market research) for up to 24 months (outside of EEA countries and Switzerland) or 13 months (in EEA countries and Switzerland), provided that we may retain them if we have a legal or significant operational or legal need to do so, such as for auditing, corporate record-keeping, compliance, record-keeping, accounting or security and bug-prevention purposes.
8. Changes/ Amendments
If we change our data collection and/or use practices, we will post an updated version of this Policy (and a more prominent notice if the changes are significant) with the new practices and when they go into effect. The data and information that we collect are subject to the privacy statement in effect at the time the data and information were collected by us.
9. Contacting US
If you have any questions or would like to speak with us, please email us at privacy@factori.ai. Additionally you can also opt out of Factori’s database by submitting your mobile advertising ID at the below link: https://www.factori.ai/do-not-sell-my-information
