Product & services privacy policy

Last updated: April 30, 2020

Exposebox Ltd. (collectively with its affiliates and subsidiaries shall be referred to as “Exposebox”, “we”, “us”, or “our”) is committed to protect your privacy. Protecting privacy is a core value of Exposebox, and we take precautions to ensure the protection of your Personal Data (as defined below) as well as to comply with applicable privacy and data protection legislation.

This privacy policy (“Privacy Policy” or “Policy”) which is incorporated by reference in our Terms of Service (“Terms”), governs the processing and transfer of data processed in connection with our software, products, platforms, technologies and services being provided to our clients (respectively the “Clients” and “Services”).

When we use the term Services, we may refer to one or more of the following platforms and services provided by us:

  • Marketing and Managing & services: plug-in, extension, SDK or similar technologies embedded in the Clients designated pages or app, as applicable, in order to customize and improve the marketing of such Client including customized and general banner, marketing segmentation and optimization, analytic services and dashboards; or
  • Smart Direct Marketing: composing and sending an email or text message to the users of our Clients; or
  • Ad Bidding and Serving management and related services.

In order to provide the Services to our Clients, we process and use personal information of certain of the Client’s users (“You” or “End Users“). This Privacy Policy explains how we process your Personal Data in connection with the provision of the Service to our Clients, how such data may be used or shared with others, how we safeguard it and how you may exercise your rights related to your Personal Data, among others, and where applicable, as required according to the EU General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”).

In the event you are a California resident and the CCPA apply to you – please review our CCPA Privacy Noticein order to be provided with the information you are entitled to under the CCPA.

Exposebox is the processor of information collected through our Client’s websites or applications when using our Services, and this Privacy Policy does not govern the information we collect through our website: or provided by you for engaging our Services. You may find additional information regarding the information collect and process as a controller here.


  • We act as a Processor of the Personal Data we process in order to provide the Services to our Clients, as defined under the GDPR. As a Processor we are not responsible to collect directly form you, your explicit consent for processing your Personal Data. Your consent, if you choose to provide it and in the event required under applicable laws, shall be collected by our Clients and the Clients shall have the sole responsibility to collect such consents and provide us with any information relating to the change in the status of the consent.
  • We have included below information about which Personal Data is being processed and how we process and use your Personal Data, but before we would like to explain the lawful basis on which we do so: (1) when you access our Client’s website or application we may collect certain online identifiers which we have a legitimate interest in processing (for example for security purposes and fraud detection), some of this data is processed by our third party partners; (2) we may process Personal Data subject to your consent provided to us by our Clients for the preform our contract with them; or (3) where there is a legal obligation imposed on us or to protect our legal rights.
  • Children (as defined under applicable law) are not permitted to use the Services or provide us with any Personal Data. It is our Clients sole responsible to ensure that no personal data of children is being transferred to us.
  • You may be entitled under applicable law to request to have access, amend, erase or restrict the processing of your Personal Data. In addition execution of certain of your rights shall be subject to the approval or receipt of additional information from our Client.
  • We will share Personal Data with third parties in connection with the provision of the Services, or other limited circumstances as specified herein.

If you have any questions or requests regarding the processing of your Personal Data, or would otherwise like to contact us in connection with this Privacy Policy, please send us an email to:


We reserve the right to amend this Policy from time to time, at our sole discretion. The most recent version of the Policy will always be posted on our website. The updated date of the Policy will be reflected in the “Last updated” heading. In the event of material amendments, that will substantially affect our privacy practices or your rights, we will make best efforts to provide an applicable notification. Any amendments to the Policy will become effective immediately upon the display of the modified Policy. We recommend you to review this Policy periodically to ensure that you understand our most updated privacy practices.

Note to California Residents: Notwithstanding the above, this Policy will be reviewed and updated every 12 months, as required under the CCPA.


Non-Personal Data

During your interaction with our Client’s website or app, we will process aggregated, non-personal non-identifiable information which may be made available or provided to us by our Clients (“Non-Personal Data“). We are not aware of the identity of the user from which the Non-Personal Data is collected. The Non-Personal Data which is being collected may include your aggregated usage information and technical information transferred to us by our clients.

Personal Data

We may also process individually identifiable information, namely information that identifies an individual or may with reasonable effort be used to identify an individual (“Personal Data” or “Personal Information”). The types of Personal Data that we process, as well as the purpose for processing such data, are specified in the table below.

Type of Data

Purpose of Processing

Lawful Basis under the GDPR

Online Identifiers & Technical Data 

Certain types of online identifiers will be processed by us or by our service providers when you interact with our Client’s website or app using our Services such as IP address, Advertising ID, IDFA. We will also process usage information such as your user agent, clickstream, actions and directing URLs.
When you are browsing our Client’s website or application, we will generate a unique ID, such as cookie ID, to each of the Client’s users in order to provide the Clients with our Services.
In addition, we will process technical Non-Personal Data, such as type of operating system, type of browser, language preference, access time and date, type of device, internet service provider, Nav type, screen and browser dimensions, browsing history, approximate geographical location, etc.

We will process this information to provide our Services to our Clients and subject to the restrictions and obligations of our contract with such Client  

Performance of our contract with our Clients. 
Necessity of processing for the purposes of our legitimate interests. Where required under applicable law, our Clients are responsible to obtain your consent

Contact Information In Order to provide some of our Services, we may process your contact information that you have provided to our Clients. Such information may include your e-mail address, name and phone number.
We may use third-party services such as MailGun in order to provide with that certain service to our Clients. For more information see Mailgun privacy policy

We will process this information to provide our Services to our Clients and subject to the restrictions and obligations of our contract with such Client.  

Performance of our contract with our Clients.  Our Clients are responsible to obtain your consent as required under applicable legislation before sharing your Contact information with us and using it within our Services    

Commercial Information When you browse our Client’s website or application we collect certain commercial information which includes the products and services purchased and shopping history.

We will process this information to provide our Services to our Clients and subject to the restrictions and obligations of our contract with such Client.  

Performance of our contract with our Clients.  Where required under applicable law, our Clients are responsible to obtain your consent

Please note that we may process different categories of your Personal Data and Non-Personal Data, depending on the nature of your interaction with our Services, as detailed above. If we combine Personal Data with Non-Personal Data, the combined information will be treated as Personal Data or for as long as it remains combined.


When you interact with our Client’s website, we will generate and collect a unique ID “cookie ID” (or similar technologies), which store certain information on your device (i.e., locally stored) and which will allow us to provide our Services as well as enhance your experience of the Client’s website. The use of cookies is standard industry-wide practice. A “cookie” is a small text file that may be used, for example, to collect information about activity on a website. The cookies that we use with our Client’s website will collect your IP address, user agent description string other Online Identifiers and Commercial Information, which we will be stored.  Certain cookies and other technologies can be linked to information, such as an IP address, and serve to recognise you when you return to the Client’s website and tell us how long you spend on our Client’s website.

Cookies Opt-Out

Most browsers will allow you to erase cookies from your computer’s hard drive, block acceptance of cookies, or receive a warning before a cookie is stored. By following the instructions of your device preferences, and by adjusting the privacy and security settings of your web browser, you may remove cookies, however, if you block or erase cookies some features of the Services may not operate properly and your online experience may be limited.

Please refer to the support page of the browser you are using.

Other tracking Technologies options to opt-out:

Android – or


You can opt-out from tracking and our unique cookie identifiers by clicking here and we will take all necessary measures to ensure that no tracking is being applied. However, please note that: 1.  We need to set an anonymous “opt-out” cookie to indicate your decision not to be tracked; 2. Your opt-out will remain in effect only as long as this cookie is present in your browser and accessible to us. 3. Cookies are browser and device-specific – opting out of tracking on this browser and device does not affect your settings on a secondary device and/or browser.

You may also contact us at, and we will make efforts to assist.


We will not share any of your Personal Data with third parties or any of our partners except in the following events:

(i) Clients. As the Clients are the controller and owner of the Personal Data we may disclose to the applicable Client all the Personal Data processed and collected by us including any derived Personal Data created by performing our Services.

(ii) Compelled Disclosures. We will share your information, solely to the extent needed to comply with any applicable law or permitted by it, regulation, legal process or governmental request (e.g., pursuant to law enforcement inquiries, subpoenas or court orders), or when we believe, in good faith, it is required in order to enforce our policies (including our policies and agreements) including investigations of potential violations thereof or to detect, prevent, or take action regarding illegal activities or other wrongdoing, suspected fraud or security issues. In addition, we will share your information, solely to the extent needed to establish or exercise our rights to defend against legal claims or to prevent harm to the rights, property or safety of us, our users, yourself or any third party or for the purpose of collaborating with law enforcement agencies or in case we find it necessary in order to enforce intellectual property or other legal rights. 

(iii) Service Providers. We may disclose Personal Data to our trusted agents and service providers so that they can perform requested services on our behalf. For example, we use third-party cloud and storage services to store and retain your data. Thus, we share your data with third party entities, for the purpose of storing such information on our behalf, or for other processing needs. Such entities include Google Cloud Services (which privacy policy is available at, Amazon Web Services (which privacy policy is available at, Mailgun (which privacy policy is available at These entities are prohibited from using your Personal Information for any purposes other than providing us with requested services.

(iv) Business Transfers. We may share Personal Data, in the event of a corporate transaction (e.g. sale of a substantial part of our business, merger, consolidation or asset sale). In the event of the above, our affiliated companies or acquiring company will assume the rights and obligations as described in this Policy.

We may share aggregate or Non-Personal Data with our Clients, affiliated companies and additional third parties in accordance with the terms of this Policy. We may store any type of information on our servers or our cloud servers, use or share aggregate or Non-Personal Data in any of the above circumstances, as well as for the purpose of providing and improving our Services, aggregate statistics, marketing and conduct business and marketing analysis, and to enhance your experience.


You may have certain rights in relation to the Personal Information processed by us. These may include the right to request access to the data we hold about you, or to obtain a copy of the Personal Information in a machine-readable format, to request that it is erased or that any inaccurate Personal Information is rectified. You may also have the right to ask us to restrict how we process your Personal Information or to withdraw your consent to how we process your Personal Information.  Please contact if you would like to make a request. For more information regarding individuals’ rights under the applicable Data Protection Law, please review our Data Subject Rights Overview.

As we are not the controller of the information we may not be able to execute your request and may need the approval of our Client which is the controller of such Personal Information. In addition, it is the sole responsibility of the Client to provide us with any request to exercise your rights submitted to it with regards to the processing of Personal Information performed by us. 

You also have the right to complain about the use of your personal data to the supervisory authority of your habitual residence or place of work.


We retain the information we process solely for as long as required to fulfil the purposes of providing our Services for our Clients The period for which we will retain your Personal Information will vary depending on the purposes it was collected for, as well as the requirements of any applicable law or regulation or contract between us and our Clients.


We use security techniques to prevent your information from being accessed without authorization, improperly used or disclosed, unlawfully destructed or accidental loss, as detailed in our Information Security policy. If you believe that your privacy was treated not in accordance with this privacy policy, or you have a reasonable concern with that any person attempted to abuse our Services, please contact us at


We may store or process your Personal Data in Israel, the United States or in other countries. If you are a resident of the European Economic Area (“EEA“) we will take appropriate measures to ensure that your Personal Data receives an adequate level of data protection upon its transfer outside of the EEA. If you are a resident of a jurisdiction where transfer of your Personal Data requires your consent, then your consent to this Policy includes your express consent for such transfer of your data.


Our Services are not directed nor is it intended for use by children under the age of 16 and we do not knowingly process a children’s information. We will discard any information that we receive from a Client with regards to its users that is considered a “child” immediately upon our discovery that such a Client shared information with us. Please contact us at if you have reason to believe that a child has shared any information with us. It is our Clients sole responsibility to ensure that no personal data of children is being transferred to us.


The Service does not respond to Do Not Track signals. For more information about Do Not Track signals, please see


If you have any questions or comments about this Policy, or any concerns with respect to how your privacy any information are handled, please contact us at:

Exposebox Ltd.

121 Begin Rd., Tel Aviv, Israel