LoudEcho Privacy Policy

Last Updated: August 6, 2025

LoudEcho (operated by Teza Ltd.) ("LoudEcho", "we", "our" or "us") respects your privacy and is committed to protecting it. This Privacy Policy explains how we collect, use, share, and safeguard personal data in connection with our websites, platform, and related services (collectively, the "Services").

This Privacy Policy is designed in line with prominent global privacy and data protection regulations, including but not limited to those in the European Union, United Kingdom, and United States, and is intended to meet high standards of transparency and user control.

We also follow the IAB Transparency and Consent Framework (TCF) v2.2 and other recognised industry standards to provide clear information and meaningful choices in digital advertising.

This Privacy Policy forms an integral part of our Terms of Service and any applicable license agreements governing your use of our Services. By interacting with our Services, you acknowledge that you have read and understood this Privacy Policy.

Orientation:

About
Scope and Applicability
Controller Information & Data Protection Officer
Self-Regulatory Programs
Categories of Personal Data We Collect
Sources of Personal Data
Purposes of Processing
Sharing of Personal Data
International Data Transfers
Security
Your Privacy Rights
Exercising Your Rights
Children's Privacy, Minors, and Special Regional Rules
Special Regional Rules
Changes to This Policy
Contact

About

LoudEcho is a demand‑side platform (DSP) that enables advertisers to programmatically buy and deliver digital ads across a variety of publishers and supply‑side platforms (SSPs). Our platform supports AI‑generated creatives and uses a combination of contextual signals, consent management frameworks, and privacy‑compliant data to select and serve ads in real‑time.

When ads are delivered through our technology, we may work with multiple partners, including publishers, advertisers, ad exchanges, and measurement providers, to make the ad delivery process relevant, efficient, and measurable. Our technology also respects user preferences as expressed via consent management tools and privacy signals, such as Global Privacy Platform (GPP) strings and Do Not Sell/Share requests.

Scope and Applicability

This Privacy Policy applies to:

Visitors to our websites and online properties.
Representatives of publishers and advertisers who use our platform or interact with us in a business context.
Internet users who view or interact with ads delivered via our platform on third‑party sites, apps, or other digital environments.
Potential candidates, contractors, and employees whose data we process during recruitment or employment.

This Privacy Policy does not cover:

The privacy practices of third‑party publishers, advertisers, SSPs, or data providers who may collect information independently of LoudEcho. We encourage you to review their privacy policies to understand their practices.
Processing activities governed by a business‑to‑business contract between LoudEcho and another party that includes a Data Processing Agreement (DPA) or equivalent contractual terms, which take precedence over this Privacy Policy for the scope of that engagement.

Controller Information & Data Protection Officer

Data Controller: Teza Tech Ltd. HaArbaa 2, Tel Aviv, Israel, 6473926
Contact for Privacy Matters: privacy@loudecho.ai
Data Protection Officer (DPO): We have appointed a Data Protection Officer to oversee compliance with this Privacy Policy and applicable privacy laws. Our DPO may be contacted at privacy@loudecho.ai.

Self-Regulatory Programs

LoudEcho participates in the IAB Europe Transparency & Consent Framework and complies with its Specifications and Policies. LoudEcho's identification number within the framework is 1467.

Categories of Personal Data We Collect

Category	Items	Collected From	Retention Period
Data Subject Category: Visitors of our Websites
Online Identifiers	IP address, cookie ID, device ID, user agent string	Automatically via cookies, tags, pixels, and server logs	Up to 13 months (EU/UK) or 24 months (US), unless the user opts out earlier
Internet or Network Activity (analytics)	Pages visited, referring/exit pages, time spent, interaction logs	Automatically via cookies, analytics scripts, and server logs (using third party tags such as Google Analytics)	Up to 13 months (EU/UK) or 24 months (US), unless the user opts out earlier
Contact Information	Name, email address, phone number (if provided)	Directly from you via contact forms, waiting list registrations, event sign‑up, or newsletter subscriptions	For active subscription period + up to 24 months after last interaction, unless unsubscribed earlier
User Provided Content	Free‑text messages, questions, or other input provided via forms or other contact channels we make available	Directly from you	Up to 24 months, unless deleted upon request

Category	Items	Collected From	Purpose(s) of Processing (IAB TCF 2.2 Reference)	Retention Period
Data Subject Category: Web Users, Publisher Users
Online Identifiers	IP address, cookie ID, mobile ad ID, device ID	Automatically via cookies, pixels; from business partners	(1) Store/access device info; (2) Select basic ads; (3) Create personalized ads profile; (4) Select personalized ads	Up to 13 months (EU/UK) or 24 months (US), unless the user opts out earlier
Internet or Network Activity	Pages viewed, ad impressions, clicks, interactions, browser type	Automatically via our tags in ads/websites	(4) Select personalized ads; (5) Measure ad performance; (7) Develop and improve products	Up to 13 months (EU/UK) or 24 months (US)
Geolocation Data	Approximate location (from IP);	Automatically via device/browser; from partners	(4) Select personalized ads; (5) Measure ad performance; (9) Apply market research	Approximate: up to 13 months; Precise: 30 days unless aggregated
Technical Data	Device type, OS version, screen resolution, language settings	Automatically via cookies, SDKs, server logs	(7) Develop/improve products; (8) Ensure security, prevent fraud, debug	Up to 13 months
Inferences	Audience segments, interest profiles, contextual categories	Derived from activity, contextual signals, and partner data	(3) Create a personalized ads profile; (4) Select personalized ads; (9) Apply market research	Up to 13 months, refreshed upon new interaction
Data Subject Category: business contacts, partners
Business Contact Information	Name, job title, email, company name, phone	Directly from you (forms, contracts); from partners	Business relationship management; platform access	Duration of business relationship + 2 years
Data Subject Category: Candidates, employees
Recruitment Data	CV, employment history, qualifications, references	Directly from candidates, from recruitment platforms	Recruitment and hiring processes	Up to 12 months after application, unless legally required to keep longer

Sources of Personal Data

We collect personal data from the following sources:

Directly from you: When you visit our websites, contact us, create an account, or submit information via forms. When you apply for a role with LoudEcho and provide recruitment data.
Automatically through our technology and Services: Via cookies, pixels, tags, server logs, and other tracking technologies embedded in our websites, ads, or integrated into third‑party digital environments where our ads appear.
From our business partners: Publishers, advertisers, and agencies who use our platform. Supply‑side platforms (SSPs), demand‑side platforms (DSPs), data management platforms (DMPs), and analytics or measurement providers.
From data providers and matching services: Compliant third‑party data suppliers who provide identifiers, audience segments, or contextual information to improve ad targeting, measurement, and delivery.

Purposes of Processing

Purpose of Processing	Description	Legal Basis (GDPR)	Sell/Share under CCPA/CPRA	IAB TCF 2.2 Purpose(s)
Storing and/or accessing information on a device	Setting cookies, reading device identifiers, or storing technical data for ad delivery	Consent (Art. 6(1)(a))	Yes (if for cross‑context advertising)	1
Selecting basic ads	Serving non‑personalized ads based on general context	Consent (Art. 6(1)(a)) or Legitimate Interests (Art. 6(1)(f))	No	2
Creating a personalized ads profile	Building user profiles based on behaviour, context, or preferences	Consent (Art. 6(1)(a))	Yes	3
Selecting personalized ads	Serving ads tailored to a user's interests/profile	Consent (Art. 6(1)(a))	Yes	4
Measuring ad performance	Analysing impressions, clicks, and conversions to assess campaign results	Consent (Art. 6(1)(a)) or Legitimate Interests (Art. 6(1)(f))	No	7
Applying market research to generate audience insights	Using aggregated data to understand audiences and market trends	Legitimate Interests (Art. 6(1)(f))	No	9
Developing and improving products	Enhancing our DSP, AI creative tools, and measurement systems	Legitimate Interests (Art. 6(1)(f))	No	10
Ensuring security, preventing fraud, and debugging	Detecting and preventing malicious activity, ensuring systems function properly	Legitimate Interests (Art. 6(1)(f))	No	Special Purpose 1
Complying with legal obligations	Responding to lawful requests, record‑keeping, tax compliance	Legal Obligation (Art. 6(1)(c))	No	N/A
Business relationship management	Communicating with publishers, advertisers, agencies, and partners	Contract (Art. 6(1)(b)) or Legitimate Interests (Art. 6(1)(f))	No	N/A
Recruitment and hiring	Processing applications, assessing candidates, and onboarding hires	Contract (Art. 6(1)(b)), Legal Obligation (Art. 6(1)(c)), Legitimate Interests (Art. 6(1)(f))	No	N/A

Sharing of Personal Data

7.1. General

We share personal data only as described in this Privacy Policy and in compliance with applicable law. Depending on your relationship with us and how you interact with our Services, we may share your personal data with:

Publishers and Advertisers: To deliver, measure, and optimise advertising campaigns purchased through our platform. This may include providing aggregated campaign reports or anonymised interaction metrics.
Programmatic Advertising Partners: Including supply‑side platforms (SSPs), demand‑side platforms (DSPs), ad exchanges, ad networks, data management platforms (DMPs), and measurement/verification providers. These partners may receive identifiers, contextual data, and performance metrics to enable programmatic ad delivery and measurement.
AI Creative Generation Services: Our platform includes an AI engine capable of generating or customising ad creatives on the fly. To do this, the AI engine may process contextual signals (such as page content, device information, or non‑identifying audience segments) and, where permitted by law and user consent, relevant personal data (such as location or inferred interests) to produce creatives in real time. This processing occurs either within LoudEcho's own infrastructure or via third‑party AI service providers under contract.
Service Providers: Companies that process data on our behalf to support our business operations, for example, hosting providers, analytics services, fraud prevention tools, IT support, and AI infrastructure providers. These providers are bound by contractual obligations to keep your data secure and process it only as instructed by us.
Legal and Regulatory Authorities: When required to comply with legal obligations, respond to lawful requests, protect our rights, or ensure the safety of individuals.
Business Transfers: In the event of a merger, acquisition, reorganisation, or sale of assets, your personal data may be transferred as part of that transaction, in accordance with applicable laws.

7.2. Sale/Share Disclosures under CCPA/CPRA:

Some sharing of data with advertising, analytics, and AI‑powered creative generation partners may constitute a "sale" or "sharing" of personal information under California law, particularly when it is used for cross‑context behavioural advertising. California residents have the right to opt out of such sale or sharing at any time. See the "Your Privacy Rights" section for details.

International Data Transfers

8.1. General

LoudEcho operates globally and may transfer personal data to countries outside of your country of residence, including to countries that may not provide the same level of data protection as your home jurisdiction. LoudEcho's primary platform infrastructure, including systems supporting the AI creative generation engine, is currently hosted in data centers located in the United States, operated by trusted third‑party hosting providers under contract. Transfer of personal data takes place in one or more of the following circumstances:

Programmatic Advertising Transactions: Delivery of ads via our platform often involves partners, exchanges, or measurement providers located in multiple regions.
AI Creative Generation Infrastructure: Our AI engine for real‑time creative generation may be hosted in, or process data through, servers located outside your jurisdiction. This may include processing by contracted AI service providers in the United States, the European Union, or other regions.
Operational Services: Our hosting, cloud storage, analytics, security, and IT support providers may operate in various jurisdictions.

8.2. Safeguards for International Transfers

When transferring personal data from the European Economic Area (EEA), United Kingdom, or Switzerland to countries that do not have an adequacy decision from the relevant regulator, we implement appropriate safeguards such as:

Standard Contractual Clauses (SCCs) adopted by the European Commission.
UK International Data Transfer Addendum (UK IDTA).
Swiss Addendum to the SCCs, where applicable.

These contractual measures require recipients to protect your personal data to a standard equivalent to that under applicable data protection laws.

8.3. Onward Transfers

If our partners or service providers transfer your personal data to a further country, they are required to implement equivalent safeguards and only process such data in accordance with our instructions and applicable law.

Security

We take appropriate technical and organisational measures to protect personal data against unauthorized access, loss, misuse, alteration, or destruction. These measures include:

Encryption of data in transit and, where appropriate, at rest.
Access controls to ensure only authorised personnel can access personal data.
Network and system monitoring to detect and respond to security threats.
Regular audits and penetration testing to identify and remediate vulnerabilities.
Data minimization and secure deletion practices to limit retention to what is necessary.

We also require our service providers, including those supporting our AI creative generation infrastructure, to implement and maintain equivalent security standards.

While we strive to protect personal data, no system or transmission is completely secure. If you have reason to believe your interaction with us is no longer secure, please contact us immediately using the details provided in this Privacy Policy.

Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

10.1. Under the GDPR (EU/UK and similar laws)

If you are a resident of the European Economic Area (EEA), the United Kingdom, or another jurisdiction with similar privacy laws, you may have the following rights:

Right of Access: Obtain confirmation whether we process your data and receive a copy.
Right to Rectification: Correct inaccurate or incomplete personal data.
Right to Erasure: Request deletion of your personal data, subject to legal obligations.
Right to Restrict Processing: Limit how we process your data in certain cases.
Right to Data Portability: Receive your personal data in a structured, commonly used format, where applicable.
Right to Object: Object to processing based on legitimate interests or to direct marketing.
Right to Withdraw Consent: Withdraw consent at any time without affecting prior processing.

10.2. Under the CCPA/CPRA (California)

If you are a resident of the State of California, you may have the following rights under the California Consumer Privacy Act (CCPA), as amended by the CPRA:

Right to Know: Request information about the categories and specific pieces of personal information we have collected about you.
Right to Delete: Request deletion of personal information, subject to exceptions.
Right to Correct: Request correction of inaccurate personal information.
Right to Opt Out of Sale/Sharing: Stop the sale or sharing of personal information for cross‑context behavioural advertising.
Right to Limit Use of Sensitive Personal Information: Restrict our use of sensitive personal information to certain purposes, if applicable.
Non‑Discrimination: You will not receive discriminatory treatment for exercising your rights.

Exercising Your Rights

You can submit a request by email to privacy@loudecho.ai. When submitting a request, please provide:

The country and/or state in which you reside.
The right(s) you wish to exercise.
Sufficient information for us to reasonably verify that you are the person about whom we collected personal data (or an authorized agent acting on your behalf).
Any relevant identifiers you may have provided to us or our partners (e.g., cookie ID, mobile advertising ID).

Important Notice:

We do not process uniquely identifying information for all individuals who interact with ads delivered through our platform. In many cases, we only process pseudonymous identifiers (such as cookie IDs or device IDs) that we cannot directly link to a named individual without additional information from you or our partners. As a result:

Some rights (such as access or deletion) may not be applicable to you unless you provide sufficient information for us to locate your data.
In certain cases, rights may only be exercised through online means, such as using our opt‑out tools or withdrawing consent through a publisher's consent management platform (CMP).

We aim to respond to requests within 30 days under GDPR or 45 days under CCPA/CPRA (with possible extensions where permitted by law).

For CCPA/CPRA requests, we may require additional verification steps to confirm your identity.

Children's Privacy, Minors, and Special Regional Rules

12.1. Children's Privacy (COPPA – United States)

Our Services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under this age.

If we learn that we have collected personal information from a child under 13 without verifiable parental consent, we will delete it as required by the Children's Online Privacy Protection Act (COPPA).

12.2. Minors in Other Jurisdictions

In the European Economic Area (EEA), United Kingdom, and other jurisdictions where local law sets a higher age threshold for valid consent (typically 16), we do not knowingly process personal data for targeted advertising from individuals under that age without appropriate consent from a parent or guardian.

In California, we do not knowingly sell or share personal information of individuals under 16 without affirmative authorization ("opt‑in").

Special Regional Rules

Our practices are adapted to comply with regional privacy laws, including:

GDPR in the EU/UK, with enhanced protections for children's data.
CCPA/CPRA in California, including opt‑in for minors aged 13–15 and parental consent for those under 13.
Other local regulations in jurisdictions where we operate or where our partners deliver ads, as applicable.

If you believe we may have collected information from a minor in violation of applicable law, please contact us immediately at privacy@loudecho.ai.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

Update the "Last Updated" date at the top of this Privacy Policy.
Provide a prominent notice on our website or platform.
Where required by law, seek your consent to significant changes before they take effect.

We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and share personal data.

Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, you can reach us at privacy@loudecho.ai.