Privacy Policy
Last Update: 29 December 2025
At Blasto, we believe that clear, transparent, and comprehensive privacy policies are the foundation of responsible business operations.
We are committed to providing a safe and secure experience for our users and partners. When personal data is collected, processed, or stored, we apply appropriate safeguards to ensure confidentiality and compliance with the GDPR and other applicable privacy laws.
Blasto is a registered participant in the IAB Transparency & Consent Framework (TCF) under Vendor ID 1381.
We invite you to review these Privacy Policies to better understand how your personal data is handled and how your privacy rights are respected.
Segment I. General Information
Blasto provides advertising technology designed to give advertisers access to high-quality digital inventory, a range of ad formats, and seamless control over how campaigns are delivered online.
Our business
We intend to use "us", "we", and "our" in these policies in relation to Blasto, the full-stack platform for programmatic advertising that provides highly technological services to its customers through OpenRTB protocol.
Blasto is continuously developing and expanding its capabilities and currently successfully implements the most cutting-edge solutions for CPM Advertising, Media, Publishing, Consulting, and Business Services.
Blasto treats your customer rights with respect and ensures that we deal with your personal data with due attention, striving to provide you with transparency considering your personal data usage.
Contact Us
Questions regarding these Privacy Policies or the processing of personal data may be directed to privacy@blasto.ai or to the contact details set out below.
Blasto Sp. z o. o.
Address: ul. Ostrobramska, 101
Warsaw, 04-041, Poland
Attn: Privacy Officer
Our Privacy Policies and GDPR compliance
Blasto acknowledges its obligation to process and protect personal data in accordance with the EU General Data Protection Regulation (GDPR), which has been applicable since 25 May 2018. These Privacy Policies are divided into two separate scopes. One scope applies to the processing of personal data in connection with Blasto’s Website and marketing communications. The second scope applies to the processing of personal data in connection with Blasto’s Services. Each scope explains how personal data is handled in the relevant context.
These Privacy Policies describe the framework we use to safeguard personal data, including specific provisions relating to children.
Dealing with personal data
Personal data may be collected when you interact with Blasto’s Website, including automatically through technical means and when you voluntarily provide information, such as by subscribing to newsletters or submitting a contact form. We collect only the data necessary to operate the Website and to communicate with you.
In connection with Blasto’s Services, Blasto does not collect personal data directly from end users. Instead, personal data is collected by the websites, applications, or other first parties that you interact with and that use Blasto’s technology to deliver advertising. We therefore recommend that you review the privacy policies of each website or application you use, as those policies explain how your personal data is collected and shared in those environments.
Segment II. Collected user data: types of information
Website Data
When you contact us via the Website
When you reach out to Blasto through the contact forms, subscription forms, or email addresses provided on the Website, we may collect and process the following personal data:
Data | Why we collect it | Legal basis | Retention period |
Full name | To address you properly and respond to your inquiry | Legitimate interest in communicating with website users | Up to 1 year |
Email address | To reply to your request or send the information you asked for | Legitimate interest in communicating with website users | Up to 1 year |
Country | To understand your location and route your request to the appropriate regional team | Legitimate interest in providing relevant assistance | Up to 1 year |
Company name | To understand the business context of your inquiry | Legitimate interest in providing relevant information | Up to 1 year |
Job role / industry | To better understand your needs and provide relevant responses | Legitimate interest in assisting you | Up to 1 year |
Message or inquiry content | To review and respond accurately to your request | Legitimate interest in handling your inquiry | Up to 1 year |
Email address (newsletter subscription) | To send you marketing updates, insights, and industry news | Your consent | Until you unsubscribe or withdraw consent |
Without this information, we may not be able to respond to your request, provide the information you are seeking, or communicate with you effectively.
Data Collected Automatically via the Website
When you visit Blasto’s Website, certain information may be collected automatically through cookies and similar technologies. Cookies are small text files placed on your device that allow the Website to function properly, support analytics, and help improve performance and user experience.
Blasto uses cookies and similar technologies to:
understand how visitors use the Website,
measure Website traffic and performance, and
improve the content and functionality of the Website.
These technologies may collect information such as pages visited, time spent on the Website, browser type, operating system, and technical identifiers. This information is processed in aggregated or pseudonymous form and is used only for Website analytics and improvement purposes.
Google Analytics
Blasto uses Google Analytics, a web analytics service provided by Google, to help analyze how the Website is used. Google Analytics may collect technical and usage information, including details about your interactions with the Website. This information is used to generate reports on Website activity and to improve the Website.
You can learn more about how Google processes data in connection with Google Analytics in Google’s privacy documentation. Google also provides tools that allow you to opt out of Google Analytics.
Your cookie choices
You can manage your cookie preferences at any time through the cookie banner or cookie settings available on the Website. The cookie banner provides detailed information about the types of cookies used, their purposes, and their retention periods.
You may also control or disable cookies through your browser settings. Please note that disabling certain cookies may affect how the Website functions.
Our Services
Blasto provides advertising technology services that support the delivery of digital advertising. In this context, Blasto does not collect personal data directly from end users. Instead, personal data is collected by the websites, applications, and publishers with which users interact (“First Parties”) and is transmitted to Blasto through advertising technology integrations in order to enable the technical delivery of advertising.
Blasto processes this data solely to operate and provide its Services and does not use it to separately identify individuals.
How personal data reaches Blasto
Personal data processed through Blasto’s Services is received from:
publishers, apps, and websites,
Supply-Side Platforms (SSPs),
Demand-Side Platforms (DSPs),
and other advertising technology partners
These parties are responsible for:
collecting user consent and/or opt outs,
providing privacy notices,
and determining whether data may be shared with Blasto.
Blasto relies on these partners to transmit consent and privacy signals in accordance with applicable law.
We strongly recommend that you review the privacy policies of every website or application you use, as those policies explain how your data is collected, shared, and used in those environments.
Categories of personal data processed
In the course of providing advertising technology services, Blasto may process the following categories of data:
Device & Technical Data
Information about the device or browser used to access content, such as:
device type (mobile, desktop, tablet),
operating system and version,
browser type,
Internet Service Provider,
IP address,
general location (e.g., country, city),
user-agent string.
Where latitude/longitude is included in a bid request by upstream parties, Blasto does not use or store it for its own purposes and processes it only as part of ad-delivery workflows.
Digital Identifiers
Identifiers used within advertising systems, such as:
device advertising IDs (e.g., IDFA, GAID),
cookie-based or platform-generated user IDs,
exchange or buyer identifiers.
Interaction & Impression Data
Information about how ads and content are delivered and interacted with, such as:
ad impressions,
ad clicks,
page or app context,
timestamps,
ad placement and format,
technical delivery logs.
This data is used to operate advertising transactions, prevent fraud, and provide reporting to business customers.
Privacy Signals
Information about consent, opt-out, or privacy preferences transmitted by publishers and platforms, including signals under frameworks such as TCF (Transparency and Consent Framework).
User profiling and targeting
Blasto does not create or maintain profiles that identify individuals. Any segmentation or inference used in advertising is derived from contextual or technical advertising signals provided by partners and is processed for the purpose of ad delivery only.
Cookies and similar technologies
Blasto does not place cookies directly on end-user devices in connection with its Services. Cookies and similar identifiers used in advertising are placed and controlled by the websites, apps, or advertising platforms you interact with.
Some advertising partners may use cookie-matching or identifier-synchronization technologies to enable ad delivery across platforms. These processes are governed by the privacy policies and consent mechanisms of those parties.
Please refer to the privacy policies and cookie notices of the sites and apps you use for details about how cookies and similar technologies are used.
Why this data is necessary
Without these technical and advertising signals, Blasto would not be able to:
deliver ads,
prevent fraud,
measure impressions,
or operate its advertising technology.
All such processing is limited to what is necessary to provide the Services.
Registration & business account data
Blasto’s Services are provided to business customers. To create and manage a business account, Blasto may process:
name,
business email address,
company name,
country,
login credentials,
optional contact details.
This data is used to:
create and administer business accounts,
verify access,
prevent fraud,
and provide customer support.
Customer support data
When a business customer contacts Blasto support, Blasto may process:
account identifiers,
email address,
and the content of the inquiry.
This data is used solely to respond to and resolve support requests.
Billing & payments
Payments for Blasto’s Services are processed through third-party payment providers such as Stripe, PayPal, or banks. Blasto does not store full payment card numbers.
Blasto may retain:
transaction references,
invoices,
and accounting records to meet legal and financial obligations.
Segment III.Your Privacy Rights and How They Apply
Blasto is committed to respecting privacy rights across all jurisdictions in which it operates. While specific rights may vary depending on your location, Blasto applies substantially the same level of data protection and user control worldwide, subject to applicable local laws.
If you wish to exercise any of your rights, you may do so through the Contact Us section or the “Do Not Sell or Share My Personal Data” link available on the Website.
EEA Users (GDPR)
If you are located in the European Economic Area (EEA), your personal data is protected by the EU General Data Protection Regulation (GDPR). Under the GDPR, you have the following rights in relation to your personal data.
Your rights
Your right | What it means |
Right of access | You may obtain confirmation as to whether your personal data is processed and receive a copy of that data. |
Right to be informed | You have the right to know what personal data is processed, for what purposes, and how it is used. |
Right to rectification | You may request correction of inaccurate or incomplete personal data. |
Right to erasure | You may request deletion of personal data where it is no longer necessary, where consent is withdrawn, or where processing is unlawful, subject to legal or regulatory retention obligations. |
Right to restriction of processing | You may request that the processing of your personal data be limited in certain situations, such as where accuracy is contested. |
Right to object | You may object to processing based on legitimate interests or for direct marketing purposes. |
Right to data portability | You may request certain personal data in a structured, machine-readable format where processing is based on consent or contract. |
Rights relating to automated decision-making | You have the right not to be subject to decisions based solely on automated processing that have legal or similarly significant effects. Blasto does not engage in such decision-making for end users. |
Right to lodge a complaint | You may lodge a complaint with a data protection authority in your country of residence, work, or where the alleged infringement occurred. |
Lawful disclosures
Blasto may be required to disclose personal data where required by law, court order, or valid request from a competent public authority, including data protection authorities or law-enforcement bodies, in accordance with applicable law.
California Privacy Rights (CCPA / CPRA)
Blasto respects the privacy rights of California residents under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).
If you are a California resident, you have the following rights in relation to your personal information:
Your right | What it means |
Right to know | You may request information about the categories of personal information processed about you, the purposes of processing, and the sources of that information. |
Right of access | You may request a copy of the personal information hold about you. |
Right to correction | You may request that inaccurate personal information be corrected. |
Right to deletion | You may request deletion of personal information, subject to legal and operational exceptions. |
Right to opt out of sale or sharing | You may opt out of the sale or sharing of your personal information for cross-context behavioral advertising or similar purposes. |
Right to limit use of sensitive personal information | Where applicable, you may request limits on the use of sensitive personal information. |
Right to non-discrimination | You have the right not to receive discriminatory treatment for exercising your CCPA rights. |
Blasto applies substantially the same level of data protection and user control to users in different jurisdictions, while honoring the specific rights granted under California law.
California residents may exercise their rights through the Contact Us section or the “Do Not Sell or Share My Personal Data” link available on the Website.
Blasto will duly review and respond to all valid privacy requests received from individuals in any applicable jurisdiction and will handle such requests in accordance with the requirements of the relevant data protection laws.
Consent Withdrawal
You have the right to control how your personal data is used, including the right to give or withdraw consent where processing is based on consent. You may withdraw your consent at any time, and such withdrawal will not affect the lawfulness of any processing carried out before it was withdrawn.
Where your consent was provided to a website, application, or other business that you interact with directly, you must manage or withdraw that consent through that party’s settings or privacy tools. This includes consent given through third-party apps, websites, or consent management platforms.
On certain devices, you may also be able to limit or disable advertising-related preferences through your operating system settings (for example, by enabling advertising opt-out or ad-tracking limitations on your mobile device). Please refer to your device manufacturer or operating system provider for instructions specific to your device.
When Blasto receives a valid consent-withdrawal or opt-out signal through applicable frameworks or from its business partners, it will process that signal in accordance with applicable law and ensure that it is respected across the Services.
In limited circumstances, Blasto may be required to retain certain data despite a withdrawal of consent, where retention is required by law or necessary to establish, exercise, or defend legal claims.
Segment IV. Who We Share Your Information With
Blasto shares personal data only where it is necessary to operate its services, meet business and technical requirements, or comply with applicable law.
Categories of recipients
Advertising and technology partners As part of the operation of digital advertising services, Blasto may share limited personal data with advertising and technology partners, including demand-side platforms, supply-side platforms, advertisers, data platforms, and ad exchanges. This sharing enables the technical delivery, measurement, and optimization of advertising.
Fraud prevention and traffic quality providers We work with specialized vendors to detect invalid traffic, prevent fraud, and protect the integrity of advertising transactions. These providers process data solely to identify suspicious or non-genuine activity and to maintain a safe advertising environment.
Legal and regulatory authorities Blasto may disclose personal data where required to do so by law, regulation, court order, or valid request from law-enforcement or regulatory authorities.
Corporate transactions If Blasto undergoes a merger, acquisition, restructuring, or sale of assets, personal data may be transferred to the relevant successor or acquiring entity, subject to applicable data-protection requirements.
Service providers (vendors) Blasto uses third-party service providers to support its operations. These providers process data on Blasto’s behalf and only for the purposes described below.
Data hosting and infrastructure:
HQ Host (ALLUS Online Corp., affiliate of IPIPE International Corp.), 100 Delawanna Ave, Clifton, NJ 07014, USA
Serverel (Serverel B.V.), Winthontlaan 200, 3526 KV Utrecht, The Netherlands
Servers.com (Servers.com B.V.), Keienbergweg 22, 1101GB Amsterdam, The Netherlands
Geolocation services:
MaxMind, Inc., 51 Pleasant Street #1020, Malden, MA 02148, USA
Advertising fraud and quality monitoring:
Pixalate, Inc., 1775 Greensboro Station Place, McLean, VA 22102, USA
HUMAN Security, Inc., 841 Broadway, New York, NY 10003, USA
These vendors are contractually required to protect personal data and to use it only in accordance with Blasto’s instructions and applicable data-protection laws.
Segment VI. International Transfers of Personal Data
Blasto operates globally, and as a result, personal data may be processed or accessed in countries outside the European Economic Area (EEA), including the United States and other jurisdictions where Blasto or its service providers operate.
Where personal data is transferred from the EEA to a country that has not been recognized by the European Commission as providing an adequate level of data protection, Blasto ensures that appropriate safeguards are in place. These safeguards may include, where applicable, the use of the European Commission’s Standard Contractual Clauses (SCCs) or other legally approved transfer mechanisms.
Blasto also implements additional technical and organizational measures to protect personal data when it is processed across borders, in line with applicable data protection laws.
You may request further information about international data transfers and the safeguards applied by contacting Blasto through the Contact Us section above.
Segment VII.Turning off targeted advertising
Targeted advertising uses technical and advertising signals to display advertising that may be more relevant based on your interactions and device settings. You always retain the right to limit or opt out of this type of advertising.
You can manage your advertising preferences through your device settings:
On iOS, enable “Limit Ad Tracking” or manage tracking permissions in your system settings.
On Android, enable “Opt out of Ads Personalization.”
If these options are not available on your device, please consult your device manufacturer or operating system provider.
Where your consent or privacy choices were provided to a website, application, or advertising partner that you interact with directly, those choices must be managed or withdrawn through that party’s privacy or consent tools.
Further information on how consent can be withdrawn and how such signals are applied across Blasto’s Services is provided in the “Consent Withdrawal” section above.
When Blasto receives valid opt-out or consent-withdrawal signals through applicable frameworks or from its partners, it will process and apply them in accordance with applicable data-protection laws.
Segment VIII.Children’s Privacy
Blasto’s Website and Services are not designed for, and are not directed to, children under the age of 18. We take steps to avoid collecting or processing personal data relating to minors and do not knowingly engage in such processing.
If we become aware that personal data relating to a child has been submitted or processed through our systems, we will promptly take appropriate steps to remove or restrict such data in accordance with applicable law.
If you believe a child’s personal data has been provided to Blasto, please contact us so we can address the issue.