PRIVACY POLICY

Effective date: 01.02.2026

1. Introduction

This Privacy Policy explains how SmartCascade (“we”, “us”, “our”) collects, uses, processes, stores, transfers, and protects personal data in connection with:

• The SmartCascade SaaS platform
• Our websites
• APIs and integrations
• Communications with clients and partners

SmartCascade is a traffic management and monetization infrastructure platform that enables media buyers, traffic owners, performance networks, affiliates, publishers, and advertisers to manage, route, optimize, and analyze traffic flows.

We process personal data in accordance with applicable data protection and privacy laws.

2. Our Role in Data Processing

Depending on context, SmartCascade acts as either a Data Controller or a Data Processor.

2.1 When We Act as Controller

We act as Controller when processing:

• Client account registration data
• Billing and payment information
• Website visitor data
• Platform usage and security logs
• Business communications

In these cases, we determine the purposes and means of processing.

2.2 When We Act as Processor

We act as Processor when our clients use SmartCascade to:

• Track clicks, conversions, and events
• Manage affiliates, publishers, and advertisers
• Route and cascade traffic via APIs
• Store performance and attribution data

In such cases:

• Our clients determine the purposes and legal basis of processing.
• We process personal data solely under documented instructions.
• Processing is governed by a Data Processing Agreement (DPA).

3. Categories of Data We Process

3.1 Client Account Data

• Name
• Business email
• Company details
• Phone number
• Login credentials (encrypted/hashed)
• IP addresses used to access the platform
• Account activity logs
• Billing and transaction data

3.2 Affiliate / Publisher Data (Processed on Behalf of Clients)

• Name
• Email address
• Username
• Payment information
• IP address
• Traffic source identifiers
• Device and browser information
• Performance metrics

3.3 Advertiser Data (Processed on Behalf of Clients)

• Company name
• Contact details
• Campaign configuration data
• Tracking parameters
• API credentials
• Billing information

3.4 End-User Traffic Data (Infrastructure-Level Processing)

SmartCascade processes traffic-level data as part of its routing, optimization, and tracking functionality. This may include:

• IP address
• Device type
• Operating system
• Browser type
• User agent
• Referrer URL
• Click identifiers
• Conversion identifiers
• Timestamp
• Approximate geolocation derived from IP
• Cookie identifiers (where enabled by client)
• Event and postback data
• API metadata (in some cases including email, age, sex of the user)

SmartCascade does not determine the purpose of this processing. Clients are responsible for providing appropriate disclosures and obtaining required consents.

3.5 Website Visitor Data

• IP address
• Device/browser information
• Cookies and analytics data
• Contact form submissions

4. Legal Basis for Processing

Where we act as Controller, we process personal data based on:

• Performance of a contract
• Compliance with legal obligations
• Legitimate business interests
• Consent where required

Legitimate interests include:

• Platform security
• Fraud prevention
• Service improvement
• Analytics
• Enforcement of contractual rights

5. Purposes of Processing

We process personal data to:

• Provide and maintain SmartCascade services
• Route and optimize traffic flows
• Enable API cascading
• Generate reporting and analytics
• Manage user accounts
• Process payments
• Detect and prevent fraud or abuse
• Maintain infrastructure security
• Comply with legal obligations
• Communicate with clients

We do not sell personal data.

6. Data Sharing and Subprocessors

We may share data with:

• Cloud hosting providers
• Infrastructure and CDN providers
• Payment processors
• Security and monitoring providers
• Professional advisors
• Authorities where legally required

All subprocessors are contractually bound by confidentiality and data protection obligations.

A list of subprocessors is available upon request.

7. International Data Transfers

Due to the global nature of our services, personal data may be processed in multiple jurisdictions.

Where required, we implement appropriate safeguards, including:

• Contractual data transfer mechanisms
• Adequacy-based transfers
• Technical and organizational security controls

8. Data Retention

We retain personal data only as long as necessary to:

• Fulfill contractual obligations
• Comply with legal requirements
• Resolve disputes
• Enforce agreements
• Prevent fraud

Upon termination of services, data is deleted or anonymized within a reasonable timeframe unless legally required otherwise.

9. Security Measures

We implement industry-standard technical and organizational safeguards, including:

• Encryption in transit (TLS)
• Encryption at rest where applicable
• Role-based access control
• Multi-factor authentication
• Secure API authentication
• System monitoring and logging
• Network segmentation
• Regular security updates
• Data minimization

Access is restricted to authorized personnel under confidentiality obligations.

10. Cookies and Tracking Technologies

We use cookies and similar technologies for:

• Authentication
• Session management
• Security
• Analytics

Clients are responsible for implementing legally compliant consent mechanisms for their own tracking activities.

11. Data Subject Rights

Individuals may have rights under applicable data protection laws, including:

• Access
• Correction
• Deletion
• Restriction
• Portability
• Objection to processing
• Withdrawal of consent

Where we act as Processor, we assist clients in responding to such requests.

Requests may be submitted to the contact details listed below.

12. Automated Processing

SmartCascade provides automated traffic routing, optimization, and cascading based on rule-based or algorithmic logic.

We do not engage in automated decision-making that produces legal or similarly significant effects on individuals.

13. Data Breach Procedures

In the event of a personal data breach, we:

• Investigate without undue delay
• Notify affected clients where required
• Cooperate with regulatory authorities where applicable

14. Changes to This Policy

We may update this Privacy Policy periodically. Updates will be published with a revised effective date.

15. Contact Information

SmartCascade is operated by:

Private Social AG
Vorderlinden 2
6374 Buochs
Switzerland

Data Protection Contact: contact@smartcascade.com