Privacy

GDPR & CCPA Statement

A brief overview of how Cheetah Digital aligns to the GDPR, CCPA, and other such impactful privacy laws.

Cheetah Digital provides enterprise Software-as-a-Service (“SaaS”) solutions for marketers delivering personalized experiences, email and cross-channel messaging, and loyalty strategies at scale. 

With actionable consumer data at the core of our capabilities, Cheetah Digital recognizes the vital importance of privacy and security to our business and stakeholders. We comply with European data protection and electronic communications privacy laws, and set those laws as our global standard wherever we operate. 
 

GDPR and similar laws in a nutshell:


Overarchingly, the GDPR and similar laws regulate how personal data can be collected, used, and processed. Organizations are expected to balance their needs against the privacy rights and reasonable expectations of individuals. This is accomplished by considering privacy ‘first principles’ as part of any project, business or partnership decisions. And by responding to requests and complaints from individuals wishing to exercise their legal rights over their data.

The privacy first principles are:

  • Lawfulness, fairness and transparency

  • Purpose limitation (specific uses)

  • Data minimisation (needs-based collection)

  • Accuracy (data hygiene)

  • Storage limitation (time-bound retention)

  • Integrity and confidentiality (security)

  • Accountability (demonstrable compliance -- to individuals, regulators etc)
     

Our global view:

  • As societal expectations to privacy, and the legal protections afforded individuals continue to evolve, we are committed to ensuring the safe, transparent and positive uses of our services wherever they are offered.  

  • Our global approach aligns to Europe's GDPR and is inclusive of analogous modern frameworks such as Japan’s APPI, Australia's APP,'s Canada's PIPEDA, and California's CCPA/CPRA, among others.

  • As a permission-based email and cross-channel martech provider we require our customers to use our capabilities in open, positive and productive ways.

  • We believe commercial messages should be relevant, timely and welcome by their recipients, and so our email acceptable use policies set a higher bar than the US CAN-SPAM Act.
     

As part of ongoing compliance efforts, we:

  • Evaluate our legal roles and responsibilities in relation to our customers and their legal roles and responsibilities as existing privacy rules evolve or new ones emerge. 

  • Review and update our policies and service contracts to meet changing requirements, including as concerning the cross-border flow of personal data.

  • Do not sell or otherwise monetize consumer personal data, and do not share it with third-parties unless we are instructed to do so by a customer who is the data owner and controller.  

  • Maintain third-party audits and certificates verifying our compliance with international security and information systems management standards and best practices.

  • Provide marketing acceptable use standards, Services terms of use, data management and operational tools, and industry best practices which help our customers meet their obligations under applicable privacy laws, regulations and industry codes of conduct. 

  • Continually evaluate our products and services for alignment with applicable privacy laws, regulatory guidelines, standards and industry best practices as they continue to evolve alongside technology and societal expectations.

  • Train new hires and existing personnel on relevant security, privacy and compliance topics.

  • Engage with industry groups and professional associations on issues important to us and the marketers we serve.


For more information about our values, commitments and practices, we invite you to review our Privacy NoticeGlobal Anti-Spam Policy and Terms.
 

If you have questions or feedback, please contact your Cheetah Digital representative or reach out to us at privacy@cheetahdigital.com.