This Privacy Policy explains how Programmatic LLC collects, uses, shares and safeguards information when you use programmatic.llc and any related features, products or services (collectively, the "Services"). By using the Services, you agree to this Privacy Policy.
Plain-English summary: We collect only what we need to operate and improve our Services, communicate with you, comply with law and (if applicable) show relevant content. You control your choices, including cookie preferences and U.S. "Do Not Sell or Share" opt-outs (if we ever enable advertising tags).
1 Scope, Roles & Contact
Who we are
Controller: Programmatic LLC
Registered address: First Floor, Al Fishawi, HCQH+394, Al Khuwayr, Muscat, Oman
Primary contact email: [email protected]
Support portal (optional):Contact US
If you interact with our Services as a visitor, customer, partner or prospect, we act as a data controller for your personal information. Certain third-party vendors act as processors on our behalf. If you process personal data as our customer using our Services, your separate agreement may govern respective controller/processor roles.
Geographic scope & representatives
EU/EEA/UK users: None appointed at this time.
Switzerland: None appointed at this time.
Accessibility
We aim to align with WCAG 2.1 guidelines. To obtain this policy in an accessible format, contact us at [email protected].
2 Information We Collect
We collect data in three ways: you provide it, we collect it automatically or we obtain it from third parties (e.g., analytics, payments, anti-fraud).
Categories of data (overview)
| Category | Examples | Source | Purpose |
|---|---|---|---|
| Identifiers | Name, email, IP address, account ID | You; automatic; third parties | Account, authentication, security, support |
| Contact/Profile | Phone, address, company, role | You; third parties | Communications, account, service delivery |
| Commercial | Purchases, proposals, project history | You; Services | Billing, support, analytics |
| Financial | Billing details, payment tokens (no full card storage by us) | You; payment processors | Payments, refunds (processors store card data) |
| Device/Usage | Browser/OS, pages viewed, events | Automatic (cookies/SDKs) | Performance, security, analytics, improvement |
| Approx. Geolocation | Country/region inferred from IP | Automatic | Localization, fraud prevention |
| Communications | Emails, forms, support tickets | You | Support, quality, compliance |
| User Content | Files, briefs, assets you submit | You | Service functionality |
| Sensitive PI | None collected by default | — | — |
We do not intentionally collect data from children under 18. If you believe a minor provided data, contact [email protected].
Detailed list (if applicable)
Social / OAuth data (third-party sign-in): Not used
Ad/marketing identifiers (cookies, pixels): Google Analytics (measurement only); no advertising/remarketing pixels by default
Recordings (support calls/chats): Not used
3 How We Use Information & Legal Bases
Purposes of use
We use personal information to:
- Provide and operate the Services (accounts, features, transactions).
- Communicate (support, updates, service notices, marketing where permitted).
- Secure and maintain the Services (fraud prevention, diagnostics, logs).
- Improve and develop features (analytics, testing, quality).
- Comply with law (tax, accounting, lawful requests).
- Ensure business continuity (backups, incident response).
- With consent (e.g., marketing emails, non-essential cookies).
Legal bases (GDPR/UK GDPR)
| Processing purpose | Legal basis |
|---|---|
| Account provisioning, core features | Contract |
| Troubleshooting, security, fraud prevention | Legitimate interests (security, service integrity) |
| Analytics & product improvement | Legitimate interests (service improvement); Consent where required |
| Marketing communications | Consent (or legitimate interests where permitted, with opt-out) |
| Payments, invoicing, tax | Legal obligation / Contract |
| Compliance with lawful requests | Legal obligation |
| Use of cookies/SDKs not strictly necessary | Consent |
Where we rely on consent, you can withdraw it at any time via cookie-preferences or by contacting [email protected].
4 Cookies, Tracking & Preferences
What we use
We and our partners may use:
- Strictly necessary cookies (auth, security, core functionality).
- Functional cookies (preferences, language).
- Performance/analytics (e.g., Google Analytics) to understand usage.
- Advertising/retargeting: not used on our Site by default.
Details are in our Cookie Policy: https://programmatic.llc/cookie-policy.
Your controls
Cookie banner & settings: Manage non-essential cookies anytime via https://programmatic.llc/cookie-preferences.
Browser/OS controls: Block or delete cookies; use platform limits (e.g., Limit Ad Tracking).
Global Privacy Control (GPC): When we detect a valid GPC signal, we treat it as a request to opt out of "sale"/"sharing" for that browser/session (where applicable).
Do Not Track (DNT): We currently do not respond to DNT signals (industry standard).
5 Data Retention
We retain personal information only as long as necessary for the purposes described above, unless a longer period is required by law (e.g., tax, accounting) or to resolve disputes.
Typical retention windows:
| Data type | Example | Typical retention |
|---|---|---|
| Account & profile | Name, email, settings | Life of account + 24 months |
| Transactions & tax | Invoices, payouts | 7 years (legal/accounting) |
| Logs & diagnostics | IP, events | 12–24 months |
| Analytics IDs | GA/other identifiers | 13–26 months (tool defaults) |
| Support records | Tickets, emails/chats | 24 months |
| Marketing | Email + consent history | Until unsubscribe or inactive purge |
| Sensitive PI | N/A (not collected) | N/A |
When no longer needed, we delete or anonymize data. If deletion is not feasible (e.g., backups), we securely store and isolate it from further processing until deletion.
6 U.S. State Privacy (Sale/Sharing & Your Privacy Choices)
Some U.S. state laws (e.g., California CPRA, Colorado, Connecticut, Virginia, Utah, Oregon, Texas, Florida) provide additional rights, including opting out of "sale" or "sharing" (cross-context behavioral advertising) and certain profiling.
"Sale" and "Sharing"
We do not sell or share personal information for targeted advertising on our Site.
(If this changes, we will update this Policy and provide opt-out links as required.)
Opt-out mechanisms
GPC honored: Valid Global Privacy Control signals are treated as opt-outs for that browser.
Profiling opt-out (where applicable): Not applicable
Sensitive Personal Information
We do not use or disclose Sensitive Personal Information for purposes requiring the right to limit under California law.
7 Information Sharing & Disclosures
We do not sell your personal information in the traditional sense. Depending on how you use the Services, we may disclose information as described below. Where a disclosure could be deemed a "sale" or "sharing" for cross-context behavioral advertising under certain U.S. state laws, you can opt out via Your Privacy Choices (see Section 6).
Types of recipients
Service Providers / Processors — Hosting, cloud storage, analytics, customer support, email delivery, payments, fraud prevention, security and similar vendors that process data under our instructions.
Affiliates — None at this time.
Business Transfers — In connection with a merger, acquisition, financing or sale of assets. We will continue to protect information and notify you of any material changes.
Legal / Safety / Compliance — To comply with law, lawful requests and to protect our rights, users or the public.
With Your Direction or Consent — For example, when you connect a third-party integration.
What we may disclose (illustrative matrix)
| Category of personal information | Typical recipients | Used for targeted advertising?* |
|---|---|---|
| Identifiers (e.g., email, IP) | Service providers (hosting, analytics), security vendors | No |
| Contact/Profile | Email delivery, support tools | No |
| Commercial data | Payment processors, billing tools | No |
| Financial tokens (non-card data) | Payment processors | No |
| Device/Usage data | Analytics, security vendors | No |
| Approx. geolocation | Security/anti-fraud tools | No |
| Communications | Support platforms | No |
| Sensitive PI | N/A (not collected) | No |
*"Targeted advertising" (also called "cross-context behavioral advertising" or "sharing") may trigger state law opt-outs (see Section 6).
Sensitive Personal Information (SPI): We do not use or disclose SPI for purposes requiring the right to limit under California law.
8 International Data Transfers
We may process and store information in countries other than your own. Where required, we implement appropriate safeguards to protect your information.
Transfer mechanisms:
- Standard Contractual Clauses (SCCs): used for EEA/UK/Swiss transfers to third countries.
- Data Privacy Framework (DPF) participation: No (at this time).
Key processing locations: Oman; Pakistan; United States (via common cloud/IT providers).
Copies / information on safeguards: Contact [email protected] to request details.
9 Security Measures
We apply administrative, technical and physical safeguards appropriate to the nature of the data we handle. While no method is 100% secure, our controls are designed to reduce risk of unauthorized access, use or disclosure.
Examples of controls (non-exhaustive):
- Encryption: Data in transit via TLS; at rest encryption: Yes where supported by our providers and systems we control.
- Access controls: Role-based access, least-privilege, multi-factor authentication for internal systems.
- Network & application security: Firewalls, endpoint protection, vulnerability scanning; periodic penetration testing: Yes (internally and/or vendor-led).
- Vendor due diligence: Security and privacy assessments of service providers.
- Monitoring & logging: Yes — centralized logging and anomaly detection on core systems.
- Incident response: Documented procedures for detection, containment, investigation and notification where required by law.
- Training: Employee security and privacy training annually (at minimum).
If you believe your account or data has been compromised, contact us immediately at [email protected].
10 Your Rights & Choices
Your privacy rights depend on where you live. We make these controls available to all users where reasonably possible.
Global controls
Access, correction, deletion: Request a copy of your data, ask us to fix inaccuracies or delete your data (subject to legal exceptions).
Portability: Receive certain data in a portable format.
Object / restrict: Where applicable (e.g., GDPR), object to or request restriction of certain processing.
Marketing choices: Unsubscribe from marketing emails via any message or by contacting us.
Cookies & tracking: Use Cookie Preferences (https://programmatic.llc/cookie-preferences) to manage non-essential cookies.
Automated decisions / profiling: Not used for decisions producing legal or similarly significant effects.
U.S. state privacy (e.g., CA/CO/CT/VA/UT/OR/TX/FL)
Opt out of "sale" or "sharing" / targeted advertising: Use Your Privacy Choices (privacy-policy) or enable a valid GPC signal in your browser.
Profiling opt-out (where applicable): Not applicable
Appeals: If we deny your request, you may appeal by contacting [email protected] with the subject "Privacy Request Appeal."
Authorized agents & verification: We will verify identity and, if applicable, agent authorization before acting on a request.
GDPR/UK GDPR rights (EEA/UK)
Rights: Access, rectification, erasure, restriction, portability and objection; withdraw consent at any time (does not affect past processing).
Legal bases: See Section 3.2.
Supervisory authorities: You may lodge a complaint with your local authority. (EU/UK representatives: none appointed at this time.)
How to exercise your rights
Submit a request: Email [email protected]
Response times: We aim to respond within 30 days (GDPR/UK) or 45 days (U.S. state laws), with extensions where permitted.
Verification: We may request information to verify your identity and protect against fraudulent or unauthorized requests.
11 Children's Privacy
Our Services are not directed to individuals under 18. We do not knowingly collect personal information from children. If you believe a child has provided personal information, contact [email protected] and we will take appropriate steps to delete it.
12 Third-Party Links & Services
The Services may link to third-party websites, apps or services. We are not responsible for their privacy or security practices. Review those providers' policies before sharing information.
13 Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will post the updated version with a new "Last Updated" date and, where required, provide additional notice (e.g., email or in-product alert).
Effective Date: September 12, 2025
Last Updated: September 12, 2025
Your continued use of the Services after an update constitutes acceptance of the revised Policy.
14 Contact Us
Controller: Programmatic LLC
Postal address: First Floor, Al Fishawi, HCQH+394, Al Khuwayr, Muscat, Oman
Privacy email: [email protected]
Support portal (optional): Contact Us
