Last Updated: June 2023
- Our data services – these are the data products and services that we provide to our Customers (the “Data Services”); and
- This website, www.gravyanalytics.com (the “Website” or “Site”).
Our customers (“Customers”) are entities that use our Data Services.
Our partners (“Partners”) are companies that collect information from individuals, including, their mobile device’s location information, and provide that information to us in different data sets so that we can assist our Customers.
By visiting the Website, you agree that your information will be handled as described in this Policy. Your use of this Site is subject to this Policy.
Please note that this Policy does not cover our Customer’s use of the information we provide to them. Our Customers may associate the information we provide with additional information they have from other sources and may use this combined information for a variety of purposes, such as, targeted advertising, consumer insights, foot traffic analysis, fraud detection, law enforcement, and national security.
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, please refer to the EEA, U.K., & Switzerland Privacy notice here.
Who We Are
Gravy is the leading provider of real-world location intelligence. Our technology verifies mobile consumer attendance at millions of places, points-of-interest, and local events, providing unprecedented insight into consumer activities and interests. We provide our Customers with location-based data services and analytics services based on inferred interests and matching of Location Data (defined below) against place and event data. Our Customers rely on our Data Services to power mobile advertising and marketing campaigns and use our data services to more deeply understand their customers, acquire competitive intelligence, to conduct law enforcement activities and enhance national security, and to provide and improve the services they offer to their own customers.
Description of Services
Gravy collects and processes various types of information from mobile devices which we receive from our third-party partners. These third-party partners are owners of mobile applications (“App(s)”) or data aggregators who primarily receive data from software development kits (“SDKs”) in Apps (SDKs allow developers to embed certain third-party functionality into their own software applications). They may also receive data from (i) WiFi routers, and/or (ii) Bluetooth beacons (these are devices placed in stores that emit Bluetooth signals and collect ID information of smartphones in their vicinity to provide related advertisements to those smartphones).
The data we receive from our Partners includes location data in the form of latitude/longitude (“Location Data”), which is associated with a mobile advertising ID, such as Apple’s Identifier for Advertisers ( IDFA) or a Google Advertising ID (Advertising ID/Ad ID). Each mobile advertising ID allows us to identify each unique mobile device and is used by advertisers and marketers to display ads to your device. Using proprietary algorithms, Gravy cleanses, processes and merges the Location Data that we receive from all sources to create a portfolio of Location Data records for each mobile advertising ID. We also may receive other information from our third-party partners about your device, such as IP address and Device User Agent Data (as defined below).
Additionally, we create virtual boundaries, known as geo-fences, around locations of interest, such as shopping centers, restaurants, and events, like professional sports matches, concerts, and county fairs. We then combine the Location Data we receive with our geo-fences, and other information that we create and collect about physical locations, such as venue, hours of operation, and events, and use such combined data to make inferences about the types of activities or events users of such mobile devices enjoy or spend time doing. We use the Location Data and the resulting inferences to provide our Data Services to our customers.
Our Data Practices
- Information We Collect About You
- How We Use Your Information
- How We Share Your Information
- Supplementary Information for Individuals Residing In Select U.S. States
- Third-Party Links
- Security of Your Information
- Privacy Choices
1. Information We Collect About You
We collect the following information information when you browse or submit an inquiry on our Website, contact us to request information about our products and services, or apply for a job.
|Information Category||Description of Information Collected|
|Identifiers||IP address, and the following information if you choose to provide it to us: name, email address, phone number; job and company information, and state.|
|Device Information||Your browser type and operating system, time zone setting and location, browser plug-in types and versions.|
|Internet or Network Activity||Web pages you view, links you click, the length of time you visit our Site, and the webpage that led you to our Site.|
|Communications Preferences||Your preferences in receiving marketing from us and your communication preferences.|
|Professional or Employment Information||If you apply for a job, current or past job history or performance evaluations.|
We collect the following information about you from our Partners and use it to provide our Data Services:
|Information Category||Description of Information Collected|
|Location Data||Precise geolocation data, including latitude-longitude coordinates obtained from Apps via requests to the mobile device operating system which utilizes various mechanisms to derive Location Data, including GPS tools, cell tower triangulation, WiFi data, or other techniques. We do not collect your precise geolocation data in real-time. Neither Gravy, nor its third-party data partners determine whether Location Data is received from GPS signals, cell tower triangulation, WiFi data, or by other techniques. The device operating system determines which signal is most readily available to the device and returns the Location Data to the corresponding App provider.|
|Identifiers||IP address; mobile advertiser ID ("MAID"); hashed e-mail|
|Internet or Network Activity||Timestamp, list of Apps from which location signals were received.|
|Device User Agent Data||Device type; browser family; browser version; operating system; version of operating system; device model number, carrier data|
|Demographic Data||Age, gender, generational suffix, marital status, parental status, number of children, educational level, yearly income.|
|"Bidstream Data"||Gravy Analytics DOES NOT collect mobile advertising bidstream data to support our Data Services. We likewise ask our third-party partners to refrain from supplying data sourced from the mobile advertising bidstream.|
2. How We Use Your Information
Gravy uses information we collect through our Website for the following purposes:
- Providing and Improving Our Services. We use your information to provide, improve, and personalize our services to you.
- Marketing and Communications. We use your information to communicate with you about our services, respond to your inquiries, administer surveys and questionnaires, to provide customer service, and for marketing and promotional purposes. For example, we may use your information to send you news and newsletters, special offers, and promotions, or to otherwise contact you about products or information we think may interest you. We also may use the information that we learn about you to assist us in advertising our services.
- Research and Analytics. To better understand how you access and use our Website, and for other research and analytical purposes.
- Protecting Rights and Interests. To protect the safety, rights, property, or security of Gravy, our services, any third-party or Partner, or the general public; to detect, prevent, or otherwise address fraud, security, or technical issues; to prevent or stop activity that Gravy, in its sole discretion, may consider to be, or pose a risk of being, an illegal, unethical, or legally actionable activity; to use as evidence in litigation; to conduct audits; and to enforce this Policy.
- Legal Compliance. To comply with applicable legal or regulatory obligations, including as part of a judicial proceeding; to respond to a subpoena, warrant, court order, or other legal process; or as part of an investigation or request, whether formal or informal, from law enforcement or a governmental authority.
Gravy uses the information we receive from our Partners to provideData Services to our Customers. We do not use information collected through our Website to provide our Data Services. Using the information we receive from our Partners, we create a portfolio of your device’s Location Data records that are associated with your mobile advertising identification number. We also create virtual boundaries called “geofences” around locations of interest, such as shopping centers, restaurants, and events. We take your device’s Location Data and combine it with these geofences, as well as other information noted above, to determine the venues and events you attended and to infer your preferences. As part of our Data Services, we also:
- Categorize device users into interest segments called “personas” and “audiences.” You can view a list of our audiences at the following link: https://gravyanalytics.com/audiences/ .
- Track key performance indicators throughout the length of an advertising campaign and determine whether a MAID that was served an ad visited a particular store or location;
- Create insights and trends about consumer behaviors, including foot traffic at and surrounding a particular location and predicting future behavior; and
- Create competitive consumer intelligence for our Customers, such as identifying new customers that may be interested in their offerings, targeting and enhancing marketing and advertising capabilities for our Customers.
We do not use the information we collect about you to determine employment eligibility, credit eligibility, insurance eligibility, underwriting, or for pricing purposes.
3. How We Share Your Information
We may share your information as follows:
- Affiliates: We may disclose your information to our affiliates or subsidiaries; however, if we do so, their use and disclosure of your information will be subject to this Policy.
- Service Providers: We may disclose the information we collect to third-party vendors, service providers, and contractors or agents, who perform functions on our behalf.
- Customers: When we provide our Data Services, we share with our Customers your information, including your device’s location information, mobile advertising identifier, venues and events you attended, interest segments, and device information. Our Customers may use this information for purposes such as advertising attribution analysis and services; marketing and personalized advertising; market research, including consumer research; business intelligence, such as consumer insights, foot traffic and analysis; providing fraud detection analytics and services; movement intelligence analytics; providing security services; law enforcement and national security; and public-health. In some circumstances, our Customers may also resell your information to other third parties for similar purposes.
- Data Management Platforms and Third-Party Ad Networks. We disclose your information, including your mobile advertising identifier and interest segments, to third-party ad networks to provide you with targeted advertisements, as more specifically described in the Third-Party Network Advertisers paragraph in the “Privacy Choices” section of this Policy. When you visit our Website, third-party advertising providers collect information about your visit to track your responses to ads we have placed on other websites, and to inform our understanding of how users navigate our Website
- Analytics Providers. We may disclose information we collected through our Website to our analytics providers such as Google Analytics, to evaluate usage of our Site, and to help us improve our services, performance and user experiences. You can learn about Google’s practices by going to https://www.google.com/policies/privacy/partners/, and opt-out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.
- .Aggregate and De-Identified Information. We may share information that has been aggregated and de-identified with third-parties for marketing, advertising, research, or similar purposes.
- Business Transfers. If we are acquired by or merged with another company, if substantially all of our assets are transferred to another company, or as part of a bankruptcy proceeding, we may transfer the information we have collected from you to the other company.
- To Protect Us and Others. We may share your information where we believe it is necessary to investigate, prevent, or act regarding illegal activities, suspected fraud, potential threats to the safety of any person, violations of this Policy, or as evidence in litigation in which Gravy is involved.
- In Response to Legal Process. We also may disclose the information we collect if we believe that such action is necessary to comply with the law, a judicial proceeding, court order, or other legal process, such as in response to a court order or a subpoena.
- With Your Consent. We may disclose the information we collect from you with your consent.
4. Supplementary Information for Individuals Residing In Select U.S. States
Under various U.S. State privacy laws, you may have certain additional rights that pertain to your data privacy. These additional privacy laws require Gravy to provide individuals with certain information about the processing of their “personal information” and the rights that are available to them under such laws.
Generally, “personal information” is defined as “any information that directly or indirectly identifies, relates to, describes, or can be associated with or reasonably linked to “an individual or household”, including, name, address, mobile device identifiers, precise location data, IP and cookie identifiers, inferences, and biometric data.
The following table discloses what categories of “personal information” (as defined by various U.S. state privacy laws) we have collected from or about individuals within the last twelve (12) months:
|"Personal Information" Category||"Personal Information" Examples||Personal Information Collected by Gravy From Website||Personal Information Collected by Gravy From Data Partners|
|Identifiers||Name, address, device identifier, Internet Protocol (IP) address, cookies, web beacons, account name, social security number, passport number, or other similar identifiers||(i) Device identifier and IP address, and (ii) name, phone number, and email address, but only to the extent you have provided us with this information when you submit a comment or request through our Website.||Device identifier, IP address|
|Customer Records||Name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.||Name, phone number||No|
|Internet or Network Activity||Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement||Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement||Timestamp and lists of mobile applications from which location signals were received.|
|Geolocation Data||Physical location or movements||No||Yes|
|Professional or Employment Information||Current or past job history or performance evaluations||Yes, to the extent you provide us with this information as part of an application for employment.||No|
|Protected Classification Characteristics under U.S. State Privacy Laws or Federal Law ("Demographic Data")||race, color, national origin, religion, gender, age, or disability||No||Age and gender|
Categories of Sources of Personal Information
We receive your personal information from the following categories of sources:
- Our customers. Our customers may directly provide us with your information for our performance of services to them; and
Use of Personal Information
Disclosing Personal Information for a Business Purpose
We may share your personal information with affiliates and service providers for a business purpose, which different privacy laws generally define as the use of personal information for operational or other notified purposes. In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:
- Precise Geolocation Data;
- Internet or Network Activity;
- Demographic Data; and
The following are categories of third parties to whom we have disclosed your personal information for a business purpose:
- Our affiliates; and
- Service providers.
Sale of Personal Information
In the preceding twelve (12) months, we have sold the following categories of personal information in order to monetize our services:
- Precise Geolocation Data;
- Internet or Network Activity;
- Demographic Data; and
Categories of parties to whom we have sold your personal information:
- Our affiliates;
- Third parties, which include our customers, partners, law enforcement, data management platforms, and third party ad networks.
Your Rights in Connection with Personal Information
Many U.S. State privacy laws grant you a number of rights (subject to certain exceptions) with respect to your personal information that companies may hold about you. Each of your rights is outlined in more detail below:
- Right to Know & Right to Access. You have the right to request that we tell you:
- the categories of personal information we collected, sold, or disclosed for a business purpose in the previous 12 months;
- the categories of sources from which we collected such personal information;
- the business or commercial purposes for collecting and selling such personal information; and
- the categories of third parties to whom we sold or disclosed for a business
- purpose such personal information and the specific categories of personal information sold or disclosed to each category of third party.
- In addition, you have the right to request a copy of the specific pieces of personal information that we have collected from you in the 12 months preceding your request. If we are able to confirm your identity to the degree required by law and corresponding regulations, we will disclose to you a copy of the specific pieces of personal information about you that we have processed.
- Please click here for more information on exercising your Right to Know/Access or click on the Right to Know link at the bottom of our home page.
- Right to Delete. You have the right to ask us to delete or remove the personal information we have collected from you and retained. Upon our confirmation of your request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies (for example, where your information helps us comply with a legal obligation, or detect or prevent security incidents, or as required to comply with applicable law).
- Right to Opt-Out of Sale. Where we sell your personal information, you have a right to opt out of such sale and any further resale of your personal information. You can opt-out of the sale of your personal information here or by clicking on the “Opt-Out and Do Not Sell” link available on the home page, and on all other Gravy Website landing pages. If we receive any opt-out request either directly or through a third-party partner, we will cease selling your personal information, as “sale” is defined under U.S. State privacy laws.
How to Exercise your Rights
In order to exercise any of the rights described above, please contact us by either:
- Calling us toll-free at 1-855-545-5623; or
- emailing us at: firstname.lastname@example.org
We may need to request specific and/or additional information from you to help us confirm your identity and ensure your right to know, access or delete your personal information. Information on Gravy’s verification process can be found here. This is a security measure designed to prevent the disclosure of your personal information to a person who has no right to receive it.
We will only use this information to verify your identity or authority to make the request. An authorized agent submitting a request on behalf of a consumer must demonstrate that the consumer provided written permission, signed by the consumer authorizing the agent to act on the consumer’s behalf. For requests for information and deletion, Gravy may require that you verify your own identity directly with Gravy and directly confirm that you provided the authorized agent permission to submit the request.
We will deliver our written response by mail or electronically, at your option. We will not charge you a fee for access to your personal information (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, excessive, or manifestly unfounded, or we may refuse to comply with your request in these circumstances.
We will not be obligated to respond to more than 2 requests for data access/data portability in a 12-month period. Any responses will cover the 12-month period preceding your request.
If you have opted out of the sale of your personal information, you may change your mind and opt back in at any time by contacting email@example.com.
Shine the Light
California’s Shine the Light Law (Civil Code 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please refer to any of the contact methods in the Contact Information section below.
Currently, our systems do not recognize browser “do-not-track” requests. You may, however, disable certain tracking as discussed in this section (e.g., by disabling cookies); you also may opt-out of targeted advertising by following the instructions in the Third-Party Ad Network section.
Cookies. Cookies are alphanumeric identifiers that we transfer to your computer’s hard drive through your web browser for record-keeping purposes. Some cookies allow us to make it easier for you to navigate our Site and Services, while others are used to enable a faster log-in process or to allow us to track your activities at our Site and Service. There are two types of cookies: session and persistent cookies.
- Session Cookies. Session cookies exist only during an online session. They disappear from your computer when you close your browser or turn off your computer. We use session cookies to allow our systems to uniquely identify you during a session or while you are logged into the Site. This allows us to process your online transactions and requests and verify your identity, after you have logged in, as you move through our Site.
- Persistent Cookies. Persistent cookies remain on your computer after you have closed your browser or turned off your computer. We use persistent cookies to track aggregate and statistical information about user activity, and to display advertising both on our Site and on third-party sites.
Disabling Cookies. Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in the future. The Help portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Visitors to our Site who disable cookies will be able to browse certain areas of the Site, but some features may not function.
Clear GIFs, pixel tags and other technologies. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, clear GIFs are embedded invisibly on web pages. We may use clear GIFs (a.k.a. web beacons, web bugs or pixel tags), in connection with our Site to, among other things, track the activities of Site visitors, help us manage content, and compile statistics about Site usage. We and our third-party service providers also use clear GIFs in HTML e-mails to our customers, to help us track e-mail response rates, identify when our e-mails are viewed, and track whether our e-mails are forwarded.
6. Third-Party Links
Our Site and Services may contain links to third-party websites. Any access to and use of such linked websites is not governed by this Policy, but instead is governed by the privacy policies of those third-party websites. We are not responsible for the information practices of such third- party websites.
7. Security of Your Information
We have implemented appropriate administrative, technical, and physical safeguards to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our best efforts, no data security measures can guarantee security.
8. Privacy Choices
Data Services Opt Out. If you would like to opt-out of our use of your device’s Location Data and other related data we use in our Data Services, you can (a) disable location services on your mobile device, or (b) complete the Opt-Out & Do Not Sell Form. Please note that your opt-out will be specific to the device for which you submit the opt-out request. This means that if you use multiple devices, you will need to opt out each device that you use. In addition, if you re-set your mobile advertising ID, you will need to opt out that device again.
Users in the United States may opt out of many third-party ad networks. For example, you may go to the Digital Advertising Alliance (“DAA”) Consumer Choice Page for information about opting out of interest-based advertising and their choices regarding having information used by DAA companies. You may also go to the Network Advertising Initiative (“NAI”) Consumer Opt-Out Page for information about opting out of interest-based advertising and their choices regarding having information used by NAI members, of which we are one. Additionally, you may also go to the NAI’s Audience Matched Advertising Opt-Out Page for more information about opting out of digital advertising linked to hashed email addresses (“HEMs”).
Opting out from one or more companies listed on the DAAConsumer Choice Page or the NAI Consumer Opt-Out Page will opt you out from those companies’ delivery of interest-based content or ads to you, but it does not mean you will no longer receive any advertising through our Site or on other websites. Also, if your browsers are configured to reject cookies when you opt out on the DAA or NAI websites, your opt out may not be effective.
Email Marketing Opt Out. You may opt-out of receiving promotional communications from us by following the opt-out instructions contained in the e-mail. Please note that it may take up to 10 business days for us to process opt-out requests. If you opt-out of receiving promotional emails about recommendations or other information we think may interest you, we may still send you e-mails about your account or any services you have requested or received from us.
We retain your personal information for so long as retention is necessary to comply with our legal and contractual obligations, enforce our agreements, and enable us to investigate events and resolve disputes. We store Location Data, Internet or Network Activity, and Device User Agent Data, associated with a particular mobile advertising ID and used for our Data Services, for up to four (4) years, provided, we may retain such personal information for a longer period to the extent it is required for a legal or significant operational purpose, such as for compliance, record-keeping, auditing, safety and security, and error or bug prevention.
Our Services are not designed for children under 16. If we discover that a child under 16 has provided us with personal information, we will delete such information from our systems.
Gravy is a member of the Network Advertising Initiative (NAI) and we undergo annual reviews that we adhere to their Strict Code of Conduct. If you wish to learn more about the NAI or about options available to you to opt out of receiving targeted advertising from other third party services that are also members of the NAI, please click here.
If you have any questions or would like to speak with us regarding changes to your personal information, please email us at firstname.lastname@example.org, call us at 703.840.8850, or write to us at:
44679 Endicott Drive, Suite 300
Ashburn, VA 20147
This Policy is current as of the Effective Date set forth above. We will post any changes to this Policy on our Site. If we make any changes to this Policy that materially affect our practices with regard to the information we have previously collected from you, we will endeavor to provide you with notice in advance of such change by highlighting the change on our Site.