# Privacy & Consent Management

**The Untitled ID Tag is both CCPA and GDPR Compliant.** Our data is collected through user opt-ins, including marketing opt-ins, only within the United States/for U.S.-based contacts. In this model, we act as a data processor, enabling our customers—as the data controllers—to **leverage information originating from their own web properties.** Our clients are able to collect data from their websites and access their results by properly disclosing the data being collected and transmitted within their website’s Privacy Policy, and by providing users with a method to decline data collection **upon entry to the site.**

Privacy and disclosures are a critical component to the Untitled ID Tag process. In order to remain in good standing there are **two core disclosures** that must be available on any website that includes our iframe or javascript tag. Those disclosures include a privacy policy and a consent management string/service (also known as Cookie Consent Banner).

### Privacy Policy Information <a href="#privacy-policy-information" id="privacy-policy-information"></a>

The privacy policy must be globally accessible on the website.  It must also include specific references to the use of cookies for the purpose of marketing and re-marketing. Untitled has provided a [<mark style="color:blue;">template</mark>](https://docs.getuntitled.ai/misc/privacy-and-consent-management/sample-privacy-policy) as reference. **However, we strongly encourage each client to review the policy with their legal counsel and tailor it for their website to accurately reflect their data collection, usage, and disclosure practices, as well as any applicable regulatory requirements.**

### Consent String <a href="#consent-string" id="consent-string"></a>

In addition to maintaining an appropriate Privacy Policy, Untitled requires notification and consent for cookies through a consent management solution. By implementing a consent banner (e.g., “This website uses cookies”) for new visitors, users are given the ability to opt out, preventing the Untitled tag from firing if consent is not provided. Many publishing platforms include this functionality by default, and third-party services are also available for websites without a built-in solution. The following list is provided for convenience and is not exhaustive.

**Consent Management Services**

* Osano
* CookieYes
* Cookiebot

### Allowing Customers to Opt Out <a href="#allowing-customers-to-opt-out" id="allowing-customers-to-opt-out"></a>

To support compliance with CCPA requirements, we ask that customers include a link to the [Untitled CCPA request form](https://getuntitled.ai/do-not-sell-my-info/) within their Privacy Policy. If a California resident submits a request for deletion, Untitled will remove all associated records from our data sets in accordance with CCPA standards.

Additionally, for California residents who have opted out of advertising on your web property, we ask that you maintain appropriate suppression controls within your marketing systems to prevent recontacting.

### Security & Compliance FAQs  <a href="#security-information" id="security-information"></a>

#### **Is the tool GDPR compliant?** <a href="#is-the-tool-gdpr-compliant" id="is-the-tool-gdpr-compliant"></a>

Yes - the Untitled ID Tag services does not collect or store any data from individuals in the EU. Only within the United States/for U.S.-based contacts.

#### **Is any PII transmitted to 3rd-parties?**

No. We do not transmit any PII to third parties in order to resolve your website visitors. Instead, we leverage joint first-party data through a consent-based framework, collecting information from the visitor’s browser and matching those signals against second- and third-party data sources through out-of-band or offline processes.

If you have any questions about how this works, or would like to confirm compliance before enabling the ID Tag feature, feel free to reach out. We’re happy to help.

#### **What does the JavaScript code send Untitled?**

IP, Time Stamp, Cookies, Browser Specifications, and the referring URL. We can provide a schema for you to review.

#### **Can the code be hacked and be exploited?** <a href="#can-the-code-be-hacked-and-be-exploited" id="can-the-code-be-hacked-and-be-exploited"></a>

No. It is a JavaScript code snippet that fires and captures specific fields once loaded.

#### **How does your team test the efficacy and security of the code?**

We use a 3rd-party firm to review our tag security.

#### **Does the tag collect information on minors?** <a href="#does-the-tag-collect-information-on-minors" id="does-the-tag-collect-information-on-minors"></a>

We do not collect or solicit personal information from anyone deemed a minor. In the event that we learn that we have collected personal information from a minor without verification of parental consent, we will delete that information as quickly as possible. If you believe that we might have any information from or about a minor, please contact us using the contact information provided on the Website.