Sourceflare LTD. (the “Company” or “MegaDSP”) is a Israeli-based company, operating the MegaDSP website and Platform. MegaDSP offers specialized, innovative solutions and concepts for modern advertising and the execution of empowered marketing campaigns. Sourceflare LTD. is committed to protecting and safeguarding the privacy and personal data related to individual visitors to our corporate Website as well as any prospective and/or existing clients. This privacy policy covers all information, including your personally identifiable information (the “Personal Information,” and together with other information – the “Information”) collected from individual visitors of our corporate Website as well as from our prospective and/or existing clients. MegaDSP is in active co-operation with legally and economically independent external service partners. All partners and suppliers of MegaDSP acknowledge our privacy policy and follow its content. Please refer to their privacy policies for further information on Data Protection with regards to the personal information they collected, collect, and will collect on our behalf.


We have created this privacy policy (the “Privacy Policy”) in order to inform you about the information we or our external, legally and independent service partners acting on behalf of MegaDSP, collect during the use of the MegaDSP’s Website and/or service and/or Platform in relation to any of the aforementioned. How this information is collected and how it is used and processed. How we collect, store, and use the information is continually assessed against new technologies, business practices, and your evolving needs.


When you use the Platform and/or Services and/or MegaDSP Website, you agree that we may collect, use, and disclose your information in accordance with the terms of this Privacy Policy. This Privacy Policy is a part of our Terms and Conditions and should be read in conjunction with them.


MegaDSP is firmly committed to protecting the privacy of Internet users and fostering users’ confidence in online advertising and marketing. Accordingly, we are committed to observing applicable industry guidelines, including those established by the Interactive Advertising Bureau and the General Data Protection Regulation by the European Union as well as any other relevant guidelines. We continue to evaluate enhanced ways to protect Internet users’ privacy while seeking to deliver relevant advertising and custom online experiences to those users on behalf of our customers.

MegaDSP has appointed a Data Protection Officer (DPO) to ensure compliance with the requirements as per data Protection Regulation 679/2016/EU. The DPO at MegaDSP has direct and immediate contact with the top-level management of MegaDSP and remains in an independent position within the corporate structure of MegaDSP. Visitors of the corporate Website of MegaDSP, as well as our prospective and/or existing clients, can get in touch with our DPO by e-mail at:

  1. Glossary
  • Applicable laws: All laws and regulations relevant to the collection, processing, and storage of data, (especially data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the California Consumer Privacy Act (“CCPA”; California Civil Code Section 1798.100 et seq.).
  • Ad exchange: This is a platform where people who can offer unsold ad placements meet people who wish to buy those placements for their online advertisements. This works similarly to a digital marketplace concept with a type of auction called “real-time bidding.” However, a buyer can be anybody (including other ad exchanges or platforms) that sells advertisements to other companies/buyers.
  • Ad server: An ad server is, by and large, a server where advertisements are stored and managed, and delivered to you as a website End-user. It could also provide a reporting module to check how advertisements perform.
  • Customer: The party who submits an application on one of the registration pages:
  • Domain name: This is a character string that enables people to easily go to a website without the need for remembering IP addresses. A domain name must be unique for all domain names available on the Internet. It allows you to navigate to a website and discover an online advertisement.
  • End-user (visitor): This is the user of an Internet-connected device, such as a visitor to a website, a user of a mobile app, or a user of an IoT device, or a visitor to an advertisement, landing page, or campaign.
  • Geographic location: This is a piece of information noting where you are located based on an IP address. Precisely, this is the location of the device that is connected to the Internet and based on that we are able to define the country, region, city, and Internet Service Provider (ISP) that your device is connected to.
  • HTTP request header: The request header of HyperText Transfer Protocol. The HTTP protocol is used all around the world. Almost all content that shows up in a browser you see is transmitted to your computer (or other device connected to the Internet) over HTTP. For example, when you opened this policy in the browser, many HTTP requests were also sent. Each request contains an HTTP header in which there is information about the browser you use, the requested page, the server and much more.
  • IP address: An Internet Protocol (IP) address is a set of numbers that each device has assigned to connect with other devices over the Internet network. The IP address allows for the delivery of information to the right receiver. Every time a piece of information is sent, a device needs to communicate with other devices on a computer network to be able to deliver the message. Sending information in that context refers to any kind of activity such as surfing, exchanging e-mails, or downloading an application. The IP address is used to identify the device to which the message is supposed to be sent and find the best way to deliver it.
  • Personal information/personal data: Any information relating to an identified or identifiable natural person as defined in Applicable laws, particularly in article 4.1 of GDPR and Section 1798.140 of CCPA.
  • Processing: Any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction (process, processesand processed shall have the same meaning), as defined in Applicable laws, especially in article 4.2 of GDPR and Section 1798.140 of CCPA.
  • Real-time bidding: MegaDSP’s customers can bid in real-time to provide the opportunity of showing an online advertisement offered by a particular ad exchange. The winner of the auction is treated as the best candidate to display the advertisement on a website.
  • Referrer domain: In simple terms, this is the address of a website that led you, as a visitor, to another page.
  • Targeting: A strategy of online advertising when information is gathered to address visitor’s preferences based on the collected data. When you, as a visitor goes to websites in one particular language, the advertisement is displayed in front of you in the same language you were browsing and relates to the region where you are located.
  • User agent: Information about a device, operating system, a web browser is used to access a website.
  • You (visitor): A person who can visit digital advertising campaigns on the Internet.
  1. What is MegaDSP?

MegaDSP is a real-time bidding pop and domain traffic network. This means that MegaDSP connects one group of customers (publishers looking to monetize their websites) with other parties (advertisers). The latter want to sell items or services to the visitors of these websites. MegaDSP enables advertisers to obtain traffic from publishers’ parked domain redirects to advertisers’ landing pages or via new browser windows popping-up on publishers’ websites and displaying an advertisement.

Several advertisers are willing to score each display of an advertisement. To determine whose ad gets displayed, an auction is held. It takes place as a visitor loads the page, so it usually takes only milliseconds. In that time, all interested advertisers automatically put their predetermined bids, the highest of which wins the bidding, resulting in displaying an ad.

In the following section, you can find out what information is stored in MegaDSP and how it relates to your activities as a visitor.

III. MegaDSP’s Role in Processing Personal Information

While our customers use MegaDSP, we act as a customer’s data processor meaning that we process End user’s personal data on behalf of our customers.

  1. What Kind of Data Do We Collect and For What Purposes?

In order to perform our services, we collect and process certain information about you and your device. Some of this information, for example, your IP addresses, may identify a particular computer or device and be considered as “personal data” in some jurisdictions (including the European Union and the State of California). This kind of data enables us to provide aggregated reporting and analysis of the performance of our customer’s advertising campaigns.

The MegaDSP Platform does not collect any data which by itself identifies an individual by name, address, phone number, e-mail address.

We also do not collect any “sensitive” or “special categories of personal data” as defined under European data protection laws as well as personal data of children as defined in Applicable laws.

IP Address

An IP address is used to identify the device’s location as well as, to some extent, the user’s location. Based on the IP address visitor’s country, region, or city can be characterized and stored in the MegaDSP Platform. Moreover, some more technical specifications are processed, such as Internet Service Provider (ISP). This data is stored to adjust the online advertisements that are displayed on websites and identify automatic computer programs that might affect our customers’ reporting procedures.

In addition, the IP address is used to limit the number of times a visitor is exposed to a single advertisement.

User Agent

A user agent helps us to identify what kind of a device a visitor uses (TV, desktop, tablet, mobile phone) and which model it is. This information is stored in order to establish a device’s parameters such as browser and browser version, operating system, and operating system version. It also allows us to detect automatic computer programs and fraud attempts.

Additionally, the user agent is used to limit the number of times a visitor is exposed to a single advertisement.

HTTP Request Header

The HTTP request header is used for troubleshooting purposes to fix customer’s issues with campaign settings.

Device ID

A device ID is a unique identifier used to measure actions taken by a specific device accurately. It plays a role in personalization, distribution, and performance of the traffic sent to a visitor.


Information about a domain is stored in order to determine whether a domain is fake or not. Moreover, it helps to find a specific category of a website that is related to a customer’s advertisement. This allows displaying advertisements where their topics are very close to the topic of the website visitors see in front of them. The domain information is also used for reporting and troubleshooting purposes.

Referrer Domain

The referrer domain data is stored for troubleshooting purposes as well as used to define whether a website is addressed to an adult audience. This helps to display the advertisement consistently to a proper audience.


Defining keywords and targeting by using them is a popular form of online advertising when customers want to address their advertisements to people who are looking for such keywords on the Internet. MegaDSP helps them to define those keywords and, once defined, store them in the Platform. Keywords are also used when it comes to troubleshooting to sort out issues with campaign settings.

Please note that our publisher partners may share with us additional demographic information, such as age or gender, in order to enable more accurate targeting. We do not use this information to maintain any kind of persistent user profile database.

  1. How Do We Collect Data?

The MegaDSP Platform uses non-cookie technologies to collect data associated with particular web browsers or devices that you as a visitor use. The MegaDSP Platform does not use cookies to collect data about visitors to advertisements.

MegaDSP collects End user’s data being sent either by a publisher or through third-party partners. This data consists of an IP Address, User Agent, Referrer, Accept Language, all HTTP Headers, and Keywords.

Whenever MegaDSP wins an auction and customers display an ad from MegaDSP, the IP Address, User Agent, Referrer, Accept Language, all HTTP Headers are also retrieved from End user’s browser request sent to MegaDSP.

  1. What Do We Use End User Data For?

The data collected and stored in the MegaDSP Platform is used by MegaDSP’s customers to increase ad relevance and target different kinds of audiences. Notably, our customers use MegaDSP for:

Adult Visit Detection

To check the type of audience (adult or non-adult) and display an advertisement only to the relevant ones.

Fake and Duplicated Traffic Detection

To monitor the quality of traffic for our customers and blacklist those sources that generate fake or duplicated visits or clicks.

Fake Domain Detection

To detect domains that might look like an original domain of the customer and abuse the domain’s reputation for different sorts of benefits.

Frequency Capping

To limit the number of times a visitor is exposed to a single advertisement.


To allow MegaDSP’s customers to address visitor’s preferences that refer to a geographic location. The targeting is mainly based on a country, Internet Service Provider, or demographic data.


To measure the effectiveness of online ad campaigns, helping to direct the advertisements to the right audiences and, based on the collected data, improve the performance of the campaigns. Briefly, to determine how visitors respond to advertisements they see on the Internet. The goal of optimization is to help advertisers to predict the cost of a particular campaign in order to create optimal value.


Reporting aggregates data for troubleshooting, analysis, and to improve our customers’ experience, also providing custom reporting for both publishers and advertisers.

Targeting by Keywords

To choose words that are relevant or important to a displayed advertisement to be able to target end-users searching for the same terms.


To fix technical issues that MegaDSP’s customer experience while running their online campaigns and identify incorrect settings in configuration.

VII. Legal Basis for Processing User Information

For our customers, meaning both advertisers and publishers, we collect and process End-users’ personal data.

If you are a European Union End user or GDPR applies to you under the Applicable Law, our customers need to have a legal basis for collecting and using the End-user information described above. The kind of legal basis used by our customers will depend on specific user information and the particular context in which we collect it. Mainly, this legal basis is the End users’ consent, in particular, when End-users’ personal data is collected and processed in order to deliver targeted advertising to them.

Sometimes, End user’s data can also be processed under legitimate the interests of our customers, in particular when it comes to:

  • Operating and improving our technology
  • Enabling standard advertising controls
  • Preparing reports that summarize visitor’s activity
  • Analyzing and reporting on the advertisement’s performance (such as tracking views as well as click-through rates on ads), campaign reporting, and campaign forecasting
  • Protect, investigate, and deter against fraudulent, unauthorized, or illegal activity.

VIII. How Long Do We Store Data?

Collected data is stored using generally accepted security standards. The data retention of visitor’s activities in the MegaDSP Platform is three months starting from the day of the customer’s account registration. This data is used for reporting and analysis. After three months, all collected data regarding visitors is removed.

  1. Your Choices and the Opt-Out Option

The opt-out option is applicable for End users who see an online advertisement set by a customer.

Opting out of being tracked with desktop and mobile website environments from the MegaDSP Platform is valid for ten years for a web browser where the opt-out option has been set. The option can be enabled only for a particular web browser meaning that if you switch and start using other web browsers, make an update for the current version of the web browser, clear cookies, or use a browser’s incognito mode, and you need to go through the opt-out procedure once more. When the opt-out option expires, you need to repeat the same process to turn it on again.

  1. European Data Subject Rights

If you are a European Union End user or GDPR applies to you under the Applicable Law, you have certain rights and protections under the law regarding the collection, processing, and use of information about you. In particular, you have the right:

  • To request access and obtain a copy of your data.
  • To request rectification (correct or complete information about you) or erasure (it is sometimes called ‘the right to be forgotten’ that applies in some circumstances).
  • To restrict the processing of End-user information.
  • If applicable, to the data portability.

In certain circumstances, you may also have the right to object to the processing of End user’s information when personal data is processed based on legitimate interests, and there is no overriding legitimate interest for us to continue to process your personal data, or if your data is being processed for direct marketing purposes.

If you have given us your consent to process your data, you have the right to withdraw your consent. The withdrawal of consent does not affect the compliance of the processing, which was made on its basis before the withdrawal of consent.

You also have the right to lodge a complaint with the Supervisory Authority in particular if you feel that MegaDSP has not responded to your requests to solve a problem.

As we act as a processor of End-users’ personal data on behalf of our customers, according to GDPR, taking into account the nature of the processing, we are obliged to assist the controller by appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of the controller’s obligation to respond to requests for exercising the data subject’s rights laid down in GDPR.

In the matters mentioned above, please contact our Data Protection Officer:

Please include information that will enable us to verify your identity for your request.

  1. Transfer of Personal Data Outside EEA

We work with customers and partners throughout the world, including in the European Economic Area (EEA) as well as countries outside of the European Economic Area (EEA).

In order to ensure that your personal data is adequately protected when transferred outside of the EEA, MegaDSP:

  • relies on EU-U.S. Privacy Shield Program – Privacy Shield is a “partial” adequacy decision, as, in the absence of a general data protection law in the US, only the companies committing to abiding by the binding Privacy Shield principles benefit from more effortless data transfer. In such cases, your personal data will be transferred to the territory of USA in accordance with Applicable laws, with appropriate safeguards in place, only to Privacy Shield certified vendors (according to the EU Commission Decision 2016/1250), or by using standard contractual clauses adopted by the European Commission (EU Commission Decision on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC (the “Model Contract Clauses”), or based on other applicable transborder data transfer mechanisms,


  • has entered into inter-company EU “model clause” agreements.

You may contact us if you require a copy of the safeguards which we have put in place to protect your data transferred outside of the EEA and your privacy rights in these circumstances.

XII. Additional Notice for California End users

If you are a California End-user special other provisions of this section apply to you in accordance with the California Consumer Privacy Act effective from January 1, 2020 (“CCPA”). In matters not covered in this section, the remaining provisions of this End User Privacy Policy apply.

If you have any questions regarding this section XII. Additional Notice for California End users, including its content and scope of application, you can contact our Data Protection Officer via e-mail:

California End-users’ rights

  • CCPA provides additional privacy protections for California data subjects including the right to request access to your Personal Information and request additional details about our practices regarding the processing of your Personal information (right to access),
  • the right to request deletion of your Personal information (right to deletion),
  • the right to opt-out of the “sale” of your Personal information (right to opt-out), and
  • the right to not be discriminated against for exercising any of your rights granted under the CCPA (right not to be discriminated against).

To submit an access or deletion request as well as non-discrimination request, please contact our Data Protection Officer via e-mail:

Your request must provide sufficient information that allows us to reasonably verify that you are the person whom we collected the Personal information of or an authorized representative and describe your request with sufficient detail that will enable us to understand, evaluate, and respond to it appropriately.

Please note that if you wish to exercise your rights with any of MegaDSP customers, you must make your request directly to them, based on information and procedures that they individually supply.


Categories of Personal Information. We may collect the following categories of Personal information about you or your device: IP Address, User-Agent, HTTP Request Header, Device ID, Domain, Referrer Domain, Keywords (for a detailed description of the above-listed categories of Personal Information and purposes for their collection, please see section IV. What Kind of Data Do We Collect and For What Purposes?). The MegaDSP Platform does not collect any data which by itself identifies an individual such as name, address, phone number, e-mail address.

We may collect all of the above-listed categories of your Personal Information during the 12-month period prior to the last update of this End User Privacy Policy.

Purposes of use of Personal Information: The data collected and stored in the MegaDSP Platform is used by MegaDSP’s customers to increase ad relevance and target different kinds of audiences. Particularly, we may use the categories of Personal information listed above for the purposes of Adult Visit Detection, Fake and Duplicated Traffic Detection, Fake Domain Detection, Frequency Capping, Geo-Targeting, Optimization, Reporting, Targeting by Keywords, Troubleshooting (for a detailed description of the above-listed purposes of use of your Personal Information, please see section VI. For What Purposes We Use End User Data?).

In addition, we may use the categories of Personal information for specific business purposes, as specified in the CCPA, in particular as described in this table:

Categories of Personal Information Business purposes of use of Personal Information
IP Address, User Agent, HTTP Request Header, Device ID, Domain, Referrer Domain, Keywords Auditing related to a current interaction with you and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance
IP Address, User Agent, HTTP Request Header, Device ID, Domain, Referrer Domain, Keywords Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity
IP Address, User Agent, HTTP Request Header, Device ID, Domain, Referrer Domain, Keywords Debugging to identify and repair errors that impair existing intended functionality
IP Address, User Agent, HTTP Request Header, Device ID, Domain, Referrer Domain, Keywords Short-term, transient use, including, but not limited to, the contextual customization of ads shown as part of the same interaction
IP Address, User Agent, HTTP Request Header, Device ID, Domain, Referrer Domain, Keywords Performing services, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing advertising or marketing services, providing analytics services, or providing similar services
IP Address, User Agent, HTTP Request Header, Device ID, Domain, Referrer Domain, Keywords Undertaking internal research for technological development and demonstration
IP Address, User Agent, HTTP Request Header, Device ID, Domain, Referrer Domain, Keywords Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by us

We may have used your Personal Information for the above-listed purposes during the 12-month period prior to the last update of this End User Privacy Policy.

Sale of Personal Information

As explained in section III. MegaDSP’s Role in Processing Personal Information, with regard to the processing of End-users’ Personal information MegaDSP acts as a service provider for our customers (meaning that we process End user’s personal data on behalf of our customers in order to facilitate customer’s business purposes). Nevertheless, our customers (publishers or advertisers) may use our technology to buy or sell Personal information (as defined by CCPA and since the definition of “sale” in CCPA is very broad: for example, it includes making available a wide variety of information in exchange for “valuable consideration”), in particular in order to show interest-based advertising in apps or websites.

During the 12-month period prior to the last update of this End User Privacy Policy the following categories of Personal information may have been “sold” by our customers using MegaDSP technology: IP Address, User Agent, HTTP Request Headers, Device ID, Domain, Referrer Domain, Keywords.

As explained in section XIV. Children, we do not sell the Personal information of minors we know to be under 18 years of age.

Because we are firmly committed to protecting your privacy, we provide a ‘DO NOT SELL MY PERSONAL INFORMATION’ solution for you. For detailed information concerning the right to opt-out, including information on how to exercise this right, please visit the page “Do Not Sell My Personal Information” or e-mail us at

Sharing of Personal Information for Business Purposes

If it is necessary to perform our business purposes we may share Personal information, however, that does not constitute “sell” under CCPA, for example with third parties such as service providers operating on our behalf – in particular our host providers, if those third parties are authorized service providers or business partners who have agreed to our contractual limitations as to their retention, use, and disclosure of such Personal information we may have disclosed (shared) the following categories of your Personal information during the 12-month period prior to the last update of this Privacy Policy: IP Address, User-Agent, HTTP Request Header, Device ID, Domain, Referrer Domain, Keywords.

XIII. Security

MegaDSP uses various security technologies and procedures that help protect your personal information from unauthorized access, use, disclosure, alteration, or destruction.

For example:

  • Personnel: Only qualified and authorized employees are permitted to access personal information, and they may do so only for permitted business functions.
  • Data Protection Officer: We appointed a Data Protection Officer who, in particular watches over the security of your data, monitors our compliance with Applicable laws, and is a point of contact for you in all matters regarding data protection; you can contact our Data Protection Officer via e-mail:
  • Security Measures: We use encryption in the transmission of your personal information between your system and ours, and we use firewalls to help prevent unauthorized persons from gaining access to your personal information.
  • Payments: All supplied sensitive / credit information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our payment gateway providers database only to be accessible by those authorized with exclusive access rights to such systems, and are required to keep the information confidential. After a transaction, your private information (credit cards, social security numbers, financials, etc.) will not be stored on our servers.
  • Additional Safeguards: We maintain physical, electronic, and procedural safeguards in connection with the collection, storage, and disclosure of your information. Our security procedures mean that we may request proof of your identity before we disclose personal information to you.
  • Trusted Vendors: We rely only on vendors who ensure an appropriate level of security of your data. In this context, we use only secure cloud servers, including AWS cloud – a secure, private cloud platform. AWS participates in the EU-US Privacy Shield framework. Amazon Web Services is our processor. AWS Amazon cloud platform uses various security technologies and procedures to protect personal data. It is compliant with third-party assurance frameworks such as ISO 27017 for cloud security, ISO 27018 for cloud privacy, PCI DSS Level 1, and SOC 1, SOC 2, and SOC 3. For more details, please see AWS Amazon security and privacy policy at

XIV. Children

Protecting children’s privacy is very important to MegaDSP. Our Platform is not intended for, designed to be used by, or targeted towards children as defined in Applicable laws. We do not allow our partners and customers to send us personal data of children.


XV. Cookies


We use a browser feature known as cookies, which are small text files that are placed on your computer or equipment when you visit certain online pages to collect certain information about your use of our Website, internet log information, IP address, and visitor behavior. The information collected through the cookies is then statistically analyzed by us or on our behalf to compile statistical analysis of our Website and to make the interaction with our Website more convenient. This information does not identify you personally, and you remain anonymous, even if you have previously submitted personal information via the Software and/or Marketplace and/or Platform and/or Services and/or our Website. You may prevent your browser from saving cookies by adjusting the settings in your browser software, however, some websites may not function properly if you disable cookies.


XVI. Security


We have implemented suitable security policies, rules, and technical measures to protect and safeguard the Personal Information under our control from unauthorized access, improper use or disclosure, unauthorized modification, unlawful destruction or accidental loss. However, we are not responsible for the security policies, rules, and technical measures used by third parties that received the information, and you hereby absolve us of any and all liability in connection with such use.

XVII. Disclaimer

We are not responsible for events beyond our direct control. We cannot guarantee nor do we represent that there will be error-free performance regarding the privacy of the information, and we will not be liable for any direct, indirect, incidental, consequential or punitive damages relating to the use or release of the information.

If you feel MegaDSP has infringed the rights to personal data related to you, please get in touch with our DPO at