oxavane Partner with us
Legal — Privacy

Privacy Policy

Last updated June 10, 2026

This Privacy Policy explains how Oxavane Inc. (“oxavane,” “we,” “us” or “our”) collects, uses, discloses and protects information. It applies to our website at oxavane.com (the “Site”) and to the oxavane programmatic advertising exchange for connected and in-venue screens (the “Exchange” and, together with the Site, the “Services”).

We have written this policy to be read, not just filed. Where the law gives you rights or choices, we describe how to use them. If anything here is unclear, email us at privacy@oxavane.com.

1. Who we are

Oxavane Inc. is a California company operating the oxavane advertising exchange, which connects advertising demand to connected TV (CTV), rideshare and transit displays, retail media, and hospitality and venue screens. For the website and for most advertising activity described below, Oxavane Inc. is the controller (or, under U.S. state laws, the business) responsible for the processing of personal information.

Our registered address is:

  • Oxavane Inc.
  • 7179 Stardust Court
  • Eastvale, CA 92880, USA

For privacy questions and to exercise your rights, contact privacy@oxavane.com. For general and partnership inquiries, contact partnerships@oxavane.com.

2. Scope of this policy

This policy covers two distinct contexts, which involve different kinds of information and different roles for oxavane:

The website

When you visit oxavane.com, contact us, or otherwise interact with our marketing site. Here we act as a controller of the limited information you provide and the basic analytics we collect.

The advertising exchange

When advertising is requested, selected, delivered or measured on screens connected to the Exchange. In this context we process technical and device signals to route and account for advertising. We do not operate the screens or own the underlying audience relationships; publishers and venue operators do. We process exchange data both on our own behalf (for example, to detect fraud and measure delivery) and on behalf of our publisher and demand partners under contract.

This policy does not govern the privacy practices of the publishers, venue operators, advertisers, demand partners or measurement providers we work with. Their own notices govern their handling of data. It also does not replace any separate written agreement that governs a partner’s use of the Exchange.

3. Information we collect on the website

Information you provide

When you email us or submit a contact or partnership request, we collect the information you choose to share — typically your name, business email address, company, and the content of your message. We use it to respond to you, evaluate a potential partnership, and keep a record of our correspondence.

Analytics and log data

Like most websites, our servers and analytics tooling automatically record limited technical information when you visit — such as your IP address, browser type and user agent, the pages you view, referring URLs, and timestamps. We keep website analytics deliberately minimal and use it to understand traffic, maintain security, and improve the Site.

Cookies and similar technologies

We use a small number of cookies and similar technologies on the Site. For full detail on what they are, how we use them, and how to control them, see our Cookie Policy.

4. Information processed in advertising

To select, deliver, cap, measure and protect advertising across connected and in-venue screens, the Exchange processes technical signals that are passed in an advertising request or generated during ad delivery. These typically include:

  • Network and device signals — IP address, device and platform type, operating system, and user-agent or app identifiers.
  • Advertising identifiers — resettable device or app advertising IDs where they are made available by the device or platform.
  • Approximate location — coarse, non-precise geographic information (such as city, region, postal area or DMA), derived from IP address or supplied by the publisher; we do not seek precise GPS coordinates for ad targeting.
  • Context — the type of screen, venue category, content or app context, and inventory characteristics of the placement.
  • Ad interaction and delivery events — impressions, completions, viewability and similar measurement signals generated when an ad is served.

We design the Exchange around context and device signals rather than identity. We do not collect names, email addresses, account credentials, precise location, or special-category (“sensitive”) personal information through ad serving, and we do not build individual-level identity profiles for ad targeting. Many of the signals we process are not, on their own, tied to a known individual; where a signal such as an IP address or advertising identifier can be considered personal information under applicable law, we treat it accordingly.

We do not sell personal information for money. Sharing of advertising signals with partners for the purposes described below may be considered a “sale” or “sharing” for cross-context behavioral advertising under certain U.S. state privacy laws; see Your privacy rights and choices for how to opt out, and note that we honor recognized opt-out preference signals.

5. How we use information

We use website information to operate and secure the Site, respond to inquiries, evaluate partnerships, and improve our content. We use advertising information to operate the Exchange, specifically to:

  • Serve advertising — select and deliver appropriate ads to a given screen and placement.
  • Frequency capping and pacing — limit how often the same ad is shown and pace delivery across a campaign.
  • Measurement and reporting — count impressions and completions, report performance, and reconcile delivery and settlement with partners.
  • Fraud prevention and quality — detect and prevent invalid traffic, spoofing and abuse, and maintain inventory quality and brand safety.
  • Audience validation — confirm, at an aggregate and non-identifying level, that inventory reaches the audiences it represents.
  • Compliance and security — meet legal obligations, enforce our terms, and protect the integrity of the Services.

6. Programmatic partners and data sharing

Operating an exchange necessarily involves passing certain advertising signals between the parties in the supply chain. We share information only as needed for the purposes above, and we do not sell personal information for money.

  • Demand partners (such as advertisers, agencies, demand-side platforms and other exchanges) receive the bid-request signals necessary to decide whether and what to buy, under contractual terms restricting their use of that data.
  • Publishers and venue operators receive delivery and reporting data for inventory they make available through the Exchange.
  • Measurement and verification providers may process delivery signals to independently measure viewability, validity and audience, on our or a partner’s behalf.
  • Service providers / processors (such as hosting, security and analytics vendors) process information on our instructions under written contracts.
  • Legal and corporate — we may disclose information to comply with law, enforce agreements, protect rights and safety, or in connection with a merger, acquisition or financing.

Industry transparency and frameworks

We participate in IAB Tech Lab supply-chain transparency. We publish our authorized-seller and supply-chain identity through app-ads.txt, sellers.json and ads.txt, so buyers can verify the path from impression to seller. The Exchange is built on open standards including OpenRTB and other IAB Tech Lab specifications. Where applicable to a given placement or market, we support industry consent and preference frameworks — such as the IAB Transparency & Consent Framework (TCF) and the Global Privacy Platform (GPP) — to receive and respect the consent and opt-out signals passed in an advertising request.

7. Legal bases for processing

Where the EU or UK General Data Protection Regulation (GDPR / UK GDPR) applies, we rely on the following legal bases:

  • Legitimate interests — to operate and secure the Site, respond to business inquiries, deliver and measure advertising, prevent fraud, and run our business, balanced against your rights.
  • Consent — where required for certain cookies or advertising activities; where we rely on consent, you may withdraw it at any time.
  • Contract — to take steps at your request before entering, or to perform, an agreement with you or your organization.
  • Legal obligation — to comply with applicable laws and lawful requests.

8. Data retention

We keep information only as long as needed for the purposes described in this policy, or as required by law. Website correspondence is kept for as long as needed to manage our relationship and records. Server and analytics logs are kept for a limited period for security and operations. Advertising and measurement signals are retained for the limited period needed for delivery, reporting, billing reconciliation and fraud prevention, after which they are deleted or aggregated into non-identifying form. Retention periods may vary based on the type of data and our legal obligations.

9. Security

We maintain administrative, technical and organizational measures designed to protect information against unauthorized access, loss, misuse and alteration — including encryption in transit, access controls, network protections and contractual safeguards with the partners and vendors who process data on our behalf. No method of transmission or storage is completely secure, so we cannot guarantee absolute security, but we work to protect your information and to limit what we collect in the first place.

10. Your privacy rights and choices

Depending on where you live, you may have rights regarding your personal information. We extend the core choices below to all users where we reasonably can.

EU / UK / EEA (GDPR & UK GDPR)

Subject to applicable law, you may request access to, correction or deletion of your personal information; object to or request restriction of certain processing; withdraw consent; and request portability. You also have the right to lodge a complaint with your local data protection authority.

California and other U.S. states (CCPA / CPRA and similar)

Subject to applicable law, you may request to know the categories and specific pieces of personal information we have collected, the sources, purposes and categories of recipients; request deletion or correction; and opt out of the “sale” or “sharing” of personal information for cross-context behavioral advertising. We do not sell personal information for money, and we do not knowingly process the sensitive personal information of consumers for advertising. We will not discriminate against you for exercising your rights.

How to exercise your rights

To make a request, email privacy@oxavane.com with enough detail for us to identify the relevant information and respond. We will verify your request as required by law before acting on it, and you may use an authorized agent where the law permits. We will respond within the timeframes required by applicable law.

Opt-out preference signals (Global Privacy Control)

We honor recognized opt-out preference signals, including the Global Privacy Control (GPC). Where we detect a GPC signal from your browser on the Site, we treat it as a valid request to opt out of the sale or sharing of personal information for that browser or device. In advertising, where a recognized consent or opt-out signal (for example, via the IAB TCF or GPP) is passed with a request, we act on it for that request.

11. Children’s privacy

The Services are intended for businesses and are not directed to children. We do not knowingly collect personal information from anyone under the age of 16, and we do not target advertising to children. If you believe a child has provided us with personal information, contact privacy@oxavane.com and we will take appropriate steps to delete it.

12. International data transfers

Oxavane Inc. is based in the United States, and we and our service providers may process information in the United States and other countries. These countries may have data-protection laws that differ from those in your location. Where we transfer personal information from the EEA, the UK or other regions with transfer restrictions, we rely on appropriate safeguards, such as the European Commission’s Standard Contractual Clauses (and the UK Addendum), or another lawful transfer mechanism.

13. Changes to this policy

We may update this policy from time to time to reflect changes in our practices, technology or legal requirements. When we do, we will revise the “Last updated” date above and, where appropriate, provide additional notice. Your continued use of the Services after an update means you accept the revised policy.

14. Contact us

For any privacy question, or to exercise your rights, contact us at:

See also our Terms of Service and Cookie Policy.