Data and Privacy

Your guide to industry frameworks, laws, and TUNE’s own practices

Our pledge to you: With TUNE products, your data always belongs to you. We do not leverage your data for unauthorized purposes, take a cut of your ad spend or revenue, or share your data without permission.

TUNE honors global privacy laws and requirements

We maintain high standards in safeguarding the data of our clients and their end users

TUNE defines privacy as the end user’s rights to receive notice, give consent, and opt-out of the collection, use, and sharing of data that is about or can identify that end user.

Notice to End Users
TUNE provides end users notice through our privacy policies for HasOffers, TMC, and visitors to tune.com. Each privacy policy is unique to the service/site in question, but also reflects our data pledge and the fact that use of our platform(s) is entirely dictated by the client. They also incorporate our Privacy Shield statement, which describes how TUNE processes both commercial and internal data.

End User Opt Out (also referred to as Consumer Control, Choice or Access)
In accordance with the DAA standard, we offer an end user opt out for those features in the TMC that facilitate ad targeting. Visit www.optoutmobile.com for enhanced notice of how the TMC honors the DAA opt out rules.

Security
TUNE secures client and client end user data to prevent unauthorized access and disclosure. Please contact legal@tune.com and security@tune.com to learn more about TUNE’s security policies and practices.

Enforcement
TUNE complies with regulatory requirements, as well as other industry best practice frameworks for enforcement. Some highlights:

  • EU US Privacy Shield
    As of September 26, 2016, TUNE’s US-EU data transfer practices are certified under the EU-US Privacy Shield Framework. See TUNE’s Privacy Shield Statement. You can also find a description of TUNE’s Privacy Shield certification on the Privacy Shield site. We work with TRUSTe for end user dispute resolution of all complaints stemming from TUNE’s transfer of commercial data under Privacy Shield. If the end user is unable to reach a resolution with the TUNE client or TUNE, they can file a complaint directly with TRUSTe.
  • ePrivacy (TMC)
    Attribution Analytics (AA) in the TMC has been certified under German and EU privacy law under the ePrivacy standard.  Visit ePrivacy’s site to confirm and learn more.
  • DAA Compliance (TMC)
    In the TMC, we comply with the opt-out requirements of the DAA’s standard for targeted advertising.  Visit www.optoutmobile.com to learn more.

Additional resources about data privacy

Depending on your end user data collection and use, these regulatory frameworks and industry guidance may apply:

  • Ad Delivery: The National Advertising Initiative (NAI) applies to first and third parties engaged in ad delivery and related services. The Digital Advertising Alliance (DAA) standard is based on the 2009 FTC OBA Report and applies to first and third parties engaged in targeted or online behavioral advertising (OBA). In addition, the DAA has issued the “DAA Cross-Device Guidance,” to provide an industry standard around using data to track end users across devices for advertising.
  • App Developers: In the US, the FTC provides guidance on both marketing and privacy compliance for mobile apps. In the EU, the Article 29 Working Party (lead data protection authorities from every EU member country) has recommendations for data collection on “smart mobile devices.”
  • Data Security: The FTC’s Start With Security guide focuses on data security for app developers and the mobile ecosystem.
  • Mobile Marketers: The Mobile Marketing Association (MMA) offers helpful guidelines.

Privacy Laws in the United States:

  • US federal laws take a “sectoral” approach to privacy that protects data by type and use. In addition, several states have individual privacy laws.
  • Collecting/Sharing Data for Credit, Employment, or Insurance Reasons: You may be covered by requirements under the Fair Credit Reporting Act (FCRA). You can visit Epic’s microsite to learn more about the relationship between credit data and privacy. Visit the FTC’s microsite for information on employment data collection.
  • Marketing to Children Under 13: Under the Children’s Online Privacy Protection Act (COPPA), you will need a parent or guardian’s permission before marketing to kids. Follow the six steps to COPPA compliance provided by the FTC.
  • Collecting Health Data: You will need to comply with the HIPPA privacy and security rules.
  • Doing Business in California: Review the California Attorney General’s online privacy microsite.
  • Confirming Recent FTC Rulings: Visit the FTC Casebook, maintained by the International Association of Privacy Professionals (IAPP).
  • Looking for more? Review the full list of US federal privacy laws and individual state privacy laws.

Privacy Laws in the European Union

  • The EU currently has a comprehensive data protection law that applies to all online and offline data. New requirements will come into force in May 2018. You can find a summary of these requirements (courtesy of Promontory), available here.
  • App developers in Europe should be mindful of the 2013 guidance from the Article 29 Working Party on smart devices.

Privacy Laws in the Asia-Pacific Economic Cooperation