Privacy Policy

Effective Date: 29 April 2025
Last updated: 29 April 2025

1 Introduction

predicto.ai (“predicto.ai“, “we“, “us“, or “our“) respects your privacy. This Privacy Policy explains how we collect, use, disclose and safeguard the personal data of visitors and users (“you“, “your“) of any website, mobile site, product, service or application operated by predicto.ai that links to this Policy (collectively, the “Services“).

If you have questions or concerns, please contact us at privacy@predicto.ai or via the Contact Form on our website.

Age limitation – Our Services are not directed to children under 16 years of age (or 13 in the United States). We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us so we can delete it.

2 Who is Responsible for Your Data?

For the purposes of the EU General Data Protection Regulation (“GDPR“), the UK GDPR, and other applicable privacy laws, predicto.ai is the “data controller” of personal data collected via the Services unless otherwise stated. Where we process data solely on behalf of a publisher or advertiser client, we act as their data processor in accordance with our Data Processing Addendum.

3 The Data We Collect

Category	Examples	Source
Device & Usage Data	IP address (truncated or hashed where feasible), browser type & version, user‑agent string, operating system, device identifiers (IDFA/GAID/AAID), screen resolution, language settings, referring URL, time‑stamp, pages visited, queries entered, pixel or server‑side event IDs.	Collected automatically via cookies, SDKs, pixels and server logs.
Approximate Location	Country, region, city (derived from IP address); time zone.	Automatic.
Contact Data	Name, company, email address, phone, any information you include in free‑text fields.	Provided voluntarily via contact forms, support tickets, partnerships or career applications.
Preference & Consent Signals	CMP transparency & consent strings (IAB TCF v2.2), “Do Not Sell/Share” requests, cookie choices.	Automatic via CMP, browser or device settings.

We do not intentionally collect special‑category or sensitive personal data, nor do we build prolonged behaviour‑based profiles.

4 Cookies & Similar Technologies

We use first‑party and third‑party cookies, SDKs, pixels, beacons and local‑storage objects to:

enable core site functionality (strictly necessary cookies);
perform aggregated analytics and measure ad performance;
deliver contextual or interest‑based advertising only where you have provided the required consent.

You can manage your preferences at any time via our Cookie Settings link or through your browser/device controls. Further details are provided in our separate [Cookie Notice].

5 How We Use Personal Data

Purpose	Legal Basis (EEA/UK)
Provide and operate the Services (e.g., return search results, serve non‑personalised and, where permitted, personalised ads).	Contract (Art 6 (1) b GDPR) & legitimate interests (Art 6 (1) f).
Improve, debug and secure our Services (e.g., prevent fraud, perform analytics, develop new features).	Legitimate interests.
Comply with legal obligations (e.g., tax, accounting, consumer‑protection, data‑protection law).	Legal obligation (Art 6 (1) c).
Communicate with you, respond to enquiries, send service‑related notices.	Contract; legitimate interests.
Display contextual or consent‑based interest‑based advertising via partners such as Meta (Facebook/Instagram), Google Ads, Pinterest, TikTok and Snap.	Consent (Art 6 (1) a) where required; otherwise legitimate interests.
Exercise or defend legal claims, enforce terms, prevent fraud.	Legitimate interests.

Where we rely on consent, you may withdraw it at any time via Cookie Settings or by contacting us.

6 Sharing & Disclosure

We disclose personal data only as described below:

Advertising & Analytics Partners – We share limited pseudonymous data (e.g., event IDs, hashed IP, consent strings) with demand‑side platforms, ad exchanges, and analytics providers (e.g., Google Analytics, Mixpanel) to deliver and measure ads or gain usage insights. These partners act as independent controllers and provide their own privacy notices.
Service Providers (Sub‑processors) – Companies that host our infrastructure (AWS, Google Cloud), provide security, storage, customer‑support or data‑processing services. They may only process data pursuant to our instructions.
Affiliates & Group Companies – For internal administration and consolidated reporting, subject to this Policy and intra‑group agreements.
Legal & Compliance – Competent courts, regulators, law‑enforcement or auditors when legally required or to protect rights, privacy, safety or property.
Corporate Transactions – To prospective or actual purchasers, investors or transferees in the event of a merger, acquisition or asset sale, provided such party agrees to data‑protection obligations consistent with this Policy.

We do not sell or share personal data for cross‑context behavioural advertising where prohibited by the California Consumer Privacy Act (CCPA/CPRA) without your prior opt‑out.

7 International Data Transfers

We are headquartered in Israel and may store or process personal data in the European Economic Area (EEA), the United Kingdom, the United States and other countries. Where we transfer personal data outside the EEA/UK to a country without an adequacy decision, we rely on Standard Contractual Clauses (SCCs) or UK Addendum and supplementary safeguards.

8 Retention

We retain personal data only as long as necessary for the purposes described above, generally:

Event‑level advertising logs: 90 days, then aggregated or pseudonymised.
Analytics records: up to 25 months.
Contact data: duration of the relationship plus 3 years for legal limitation periods, unless you request earlier deletion.

9 Security

predicto.ai maintains an information‑security programme aligned with ISO 27001 and SOC 2 Type II standards, including encryption in transit and at rest, access controls, vulnerability management, intrusion detection, and incident‑response procedures.

10 Your Rights

Where provided under applicable law, you have the right to:

Access the personal data we hold about you;
Rectify inaccurate or incomplete data;
Erase (“right to be forgotten”) or restrict processing in certain circumstances;
Object to processing based on legitimate interests or direct marketing;
Data portability – receive your data in a machine‑readable format;
Withdraw consent at any time where processing is based on consent;
Lodge a complaint with a supervisory authority (e.g., your local DPA or the Israeli Privacy Protection Authority).

To exercise any of these rights, please email privacy@predicto.ai or submit a request via our Contact Form. We may ask for proof of identity to protect your data.

11 Third‑Party Links & Services

The Services may contain links to third‑party sites or integrate third‑party SDKs/pixels. We are not responsible for the privacy practices of such parties. Please review their policies (e.g., Meta Privacy Policy, Google Privacy & Terms, Pinterest Privacy Policy, TikTok Privacy Policy, Snap Privacy Policy).

12 Changes to This Policy

We may update this Policy periodically. If material changes are made, we will provide an in‑service notice or email where feasible. The effective date at the top indicates when the latest changes were made.

13 Contact Us

If you have questions, requests or concerns about this Privacy Policy or predicto.ai privacy practices, contact our Data Protection Officer:

Email: privacy@predicto.ai