Last
Updated: January 15, 2026
This
Privacy Policy describes how Carty Nexus Inc ("Carty",
"we", "us", or "our") collects, uses, and shares
information when you interact with our advertising services (the
"Services").
l Applicability: This
policy applies to (i) our business partners and Developers who integrate our
SDK into their mobile applications ("Apps") ; and (ii) the end-users
of such Apps ("End-Users").
l Our
Role:
For the purposes of global data protection laws (such as GDPR), Carty generally
acts as an Independent Data Controller. This means we determine the
purposes and means of processing personal data to deliver, optimize, and secure
our advertising network.
l Developer
Responsibility: Developers are responsible for providing clear
notice and obtaining valid consent from End-Users before transmitting data to
Carty.
l Device and Technical Information: We
collect hardware specifications including device manufacturer, brand, model, OS
type/version, kernel version, screen resolution, orientation, DPI, memory size,
CPU model, system settings (e.g., language, country and timezone), and User
Agent (UA).
l Identifiers: We collect IDFA, IFDV, GAID,
User IDs, and Limit Ad Tracking (LAT) status.
l Application Environment: We
collect App package name, version, installation time, installation channel and
sub-channel, App foreground/background status, crash data, and running process
information (Android only, for anti-fraud purposes).
l Network and Connectivity: We
collect IP addresses (for city/country level location), Wi-Fi status, network
type and mobile carrier information.
l Consent Signals: We collect IAB TCF strings,
which encode your privacy choices and consent status as defined by the IAB
Europe Transparency and Consent Framework.
l Event and Interaction Data (Optional): Depending
on the specific Services integrated by the Developer, we may receive certain
event data shared by the Developer at its discretion. This includes: demographic
indicators (such as age and gender), and in-app purchase telemetry (such as
amount, currency, and frequency). This information is used solely for ad
targeting, conversion attribution, and performance analytics; we do not collect
or store any sensitive financial credentials or real-world identities.. Please refer
to the applicable Publisher’s privacy policy for more information about their
usage of the above data.
l Ad
Targeting and Profiling: We use demographic and in-app purchase
data to create audience segments and deliver personalized advertisements based
on user interests.
l Traffic
Segmentation: We analyze App-level data (e.g., package names and
versions) to categorize traffic and assist advertisers in reaching specific App
categories.
l Security
and Stability: We use network and device information to monitor the
stability of our Services and detect/prevent Invalid Traffic (IVT)
through running process analysis and IP filtering.
l Service
Integrity and Ad Quality: We use interaction data to monitor the
quality of ad creatives and ensure they do not contain malware, offensive
content, or violate our advertising standards.
l Research
and Analytics: We create aggregated, anonymous data sets for
industry benchmarking, market trend analysis, and improving our predictive
machine-learning models. Once anonymized, this data does not identify you and
is no longer subject to this Policy.
We do
not sell End-User personal data. We share information only with the following
categories of recipients for the purposes described in Section 3:
l Upstream
Advertising Partners: We disclose necessary device identifiers and interaction
data to Demand Side Platforms (DSPs), Ad Exchanges, and Advertisers to enable
them to bid on ad inventory and serve ads.
l Service
Providers: We share data with trusted third-party vendors who provide services
such as anti-fraud detection, cloud hosting, and data analytics. These
providers are contractually obligated to protect your data.
l Affiliates:
We may share information with our corporate affiliates to improve our global
service delivery.
l Legal
Requirements and Safety: We may disclose information if required by law (e.g.,
a court order or subpoena) or to protect the rights, property, and safety of
Carty, our Developers, or End-Users.
Carty
Nexus Inc is headquartered in the United States. Information collected
through our Services will be transferred to and processed in the U.S. and other
countries where our servers or service providers are located.
Legal
Safeguards:
For data transfers from the European Economic Area (EEA), UK, or Switzerland to
countries not deemed to provide an adequate level of data protection, we rely
on the Standard Contractual Clauses (SCCs) approved by the European
Commission.
Developer
Obligation:
By using our Services, Developers agree to ensure that their data transfer to
Carty complies with applicable laws, typically by incorporating our Data
Processing Addendum (DPA) which includes these SCCs.
We
retain personal data for as long as necessary to fulfill the purposes outlined
in this Privacy Policy, unless a longer retention period is required or
permitted by law.
l Operational
Data:
Information used for ad delivery and attribution is typically retained in an
identifiable form for up to 12 to 24 months to facilitate billing and
reconciliation.
l Anti-Fraud
Data:
Data processed for security and fraud prevention may be retained for longer
periods to identify historical fraud patterns and protect our network.
l Anonymization: After
the retention period expires, we either delete the data or permanently anonymize
it so that it can no longer be associated with a specific device or individual.
Depending
on your jurisdiction (e.g., European Economic Area, United Kingdom, or
California), you may have the following rights regarding your personal data:
l Access
and Portability: The right to request a copy of the personal data we
hold about you.
l Deletion
(Right to be Forgotten): The right to request that we delete your
personal data, subject to certain legal exceptions (e.g., fraud prevention or
billing reconciliation).
l Opt-out
of Targeted Advertising: You can limit or opt-out of personalized
advertising through your device settings:
iOS: Enable "Limit Ad Tracking" or "Ask App Not to Track."
Android: Enable "Opt out of Ads Personalization" or "Reset
Advertising ID."
l California
Privacy Rights (CCPA/CPRA): If you are a California resident, you
have the right to opt-out of the "sharing" of your personal
information for cross-context behavioral advertising. Carty does not
"sell" your personal information in exchange for monetary
compensation.
l Exercise
of Rights:
To exercise any of these rights, please contact us at ssp_support@carty.io.
Carty
is committed to protecting the privacy of children.
l COPPA
Compliance:
We do not knowingly collect "personal information" (as defined by the
U.S. Children’s Online Privacy Protection Act) from children under the age of
13 without verifiable parental consent.
l Child-Directed
Apps:
For Apps designated by the Developer as "Child-Directed," the Carty
SDK will automatically:
Disable the collection of persistent identifiers for behavioral targeting.
Serve only non-personalized, contextual advertisements.
l Developer
Duty:
It is the Developer's sole responsibility to accurately flag Apps directed to
children via the Carty SDK or Dashboard.
To
ensure the lawful operation of our Services, Developers must:
l Privacy
Policy Disclosure: Maintain a privacy policy that
accurately describes the collection and sharing of data with third-party
advertising partners like Carty.
l Consent
Signals:
For users in regions requiring opt-in consent (e.g., GDPR/TCF), Developers must
accurately transmit the user's consent status to the Carty SDK. Carty relies on
these signals to process data.
For any
privacy-related inquiries or to report a data breach, please contact us at
ssp_support@carty.io.