PRIVACY POLICY
INTRODUCTION
Gravy Analytics, Inc. ("Gravy," "we," "us," or "our") values individuals' ("you" or "your") privacy.
In this Privacy Policy ("Policy"), we describe how we and our corporate affiliates may collect,
use, store, and disclose your information as it relates to:
Our data services - these are the data products and services that we provide to our
Customers (the "Data Services"); and
This website, www.gravyanalytics.com (the "Website" or "Site").
Our customers ("Customers") are entities that use our Data Services.
Our partners ("Partners") are companies that collect information from individuals, including, their
mobile device's location information, and provide that information to us in different data sets so
that we can assist our Customers.
By visiting the Website, you agree that your information will be handled as described in this
Policy. Your use of this Site is subject to this Policy.
Please note that this Policy does not cover our Customer's use of the information we provide to
them. Our Customers may associate the information we provide with additional information they
have from other sources and may use this combined information for a variety of purposes, such
as, targeted advertising, consumer insights, foot traffic analysis, fraud detection, law
enforcement, and national security.
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland,
please refer to the EEA, U.K., & Switzerland Privacy notice here.
WHO WE ARE
Gravy is the leading provider of real-world location intelligence. Our technology verifies mobile
consumer attendance at millions of places, points-of-interest, and local events, providing
unprecedented insight into consumer activities and interests. We provide our Customers with
location-based data services and analytics services based on inferred interests and matching of
Location Data (defined below) against place and event data. Our Customers rely on our Data
Services to power mobile advertising and marketing campaigns and use our data services to
more deeply understand their customers, acquire competitive intelligence, to conduct law
enforcement activities and enhance national security, and to provide and improve the services
they offer to their own customers.
DESCRIPTION OF SERVICES
Gravy collects and processes various types of information from mobile devices which we
receive from our third-party partners. These third-party partners are owners of mobile
applications ("App(s)") or data aggregators who primarily receive data from software
development kits ("SDKs") in Apps (SDKs allow developers to embed certain third-party
functionality into their own software applications). They may also receive data from (i) WiFi
routers, and/or (ii) Bluetooth beacons (these are devices placed in stores that emit Bluetooth
signals and collect ID information of smartphones in their vicinity to provide related
advertisements to those smartphones).
The data we receive from our Partners includes location data in the form of latitude/longitude
("Location Data"), which is associated with a mobile advertising ID, such as Apple's Identifier for
Advertisers ( IDFA) or a Google Advertising ID (Advertising ID/Ad ID). Each mobile advertising
ID allows us to identify each unique mobile device and is used by advertisers and marketers to
display ads to your device. Using proprietary algorithms, Gravy cleanses, processes and
merges the Location Data that we receive from all sources to create a portfolio of Location Data
records for each mobile advertising ID. We also may receive other information from our third-
party partners about your device, such as IP address and Device User Agent Data (as defined
below).
Additionally, we create virtual boundaries, known as geo-fences, around locations of interest,
such as shopping centers, restaurants, and events, like professional sports matches, concerts,
and county fairs. We then combine the Location Data we receive with our geo-fences, and other
information that we create and collect about physical locations, such as venue, hours of
operation, and events, and use such combined data to make inferences about the types of
activities or events users of such mobile devices enjoy or spend time doing. We use the
Location Data and the resulting inferences to provide our Data Services to our customers.
OUR DATA PRACTICES
1. Information We Collect About You
2. How We Use Your Information
3. How We Share Your Information
4. Supplementary Information for Individuals Residing In Select U.S. States
5. Our Use of Cookies and Other Tracking Mechanisms
6. Third-Party Links
7. Security of Your Information
8. Privacy Choices
9. Retention
10. Children
1. Information We Collect About You
We collect the following information when you browse or submit an inquiry on our Website,
contact us to request information about our products or services, or apply for a job.
Information Category
Description of Information Collected
Identifiers
IP address, and the following information if you choose to
provide it to us: name, email address, phone number; job
and company information, and state.
Device Information
Your browser type and operating system, time zone setting
and location, browser plug-in types and versions.
Internet or Network
Activity
Web pages you view, links you click, the length of time you
visit our Site, and the webpage that led you to our Site.
Communications
Preferences
Your preferences in receiving marketing from us and your
communication preferences.
Professional or
Employment Information
If you apply for a job, current or past job history or
performance evaluations.
We collect the following information about you from our Partners and use it to provide our Data
Services:
Information Category
Description of Information Collected
Location Data
Precise geolocation data, including latitude-longitude
coordinates obtained from Apps via requests to the mobile
device operating system which utilizes various mechanisms
to derive Location Data, including GPS tools, cell tower
triangulation, WiFi data, or other techniques. We do not
collect your precise geolocation in real-time. Neither Gravy,
nor its third-party data partners determine whether Location
Data is received from GPS signals, cell tower triangulation,
WiFi data, or by other techniques. The device operating
system determines which signal is most readily available to
the device and returns the Location Data to the
corresponding App provider.
Identifiers
IP address; mobile advertiser ID ("MAID"); hashed e-mail
Internet or Network
Activity
Timestamp, list of Apps from which location signals were
received.
Device User Agent Data
Device type; browser family; browser version; operating
system; version of operating system; device model number,
carrier data
Demographic Data
Age, gender, generational suffix, marital status, parental
status, number of children, educational level, yearly income.
*Bidstream Data*
Gravy Analytics DOES NOT collect mobile advertising
bidstream data to support our Data Services. We likewise
ask our third-party partners to refrain from supplying data
sourced from the mobile advertising bidstream.
2. How We Use Your Information
Gravy uses information we collect through our Website for the following purposes:
Providing and Improving Our Services. We use your information to provide, improve,
and personalize our services to you.
Marketing and Communications. We use your information to communicate with you
about our services, respond to your inquiries, administer surveys and questionnaires, to
provide customer service, and for marketing and promotional purposes. For example, we
may use your information to send you news and newsletters, special offers, and
promotions, or to otherwise contact you about products or information we think may
interest you. We also may use the information that we learn about you to assist us in
advertising our services.
Research and Analytics. To better understand how you access and use our Website,
and for other research and analytical purposes.
Protecting Rights and Interests. To protect the safety, rights, property, or security of
Gravy, our services, any third-party or Partner, or the general public; to detect, prevent,
or otherwise address fraud, security, or technical issues; to prevent or stop activity that
Gravy, in its sole discretion, may consider to be, or pose a risk of being, an illegal,
unethical, or legally actionable activity; to use as evidence in litigation; to conduct audits;
and to enforce this Policy.
Legal Compliance. To comply with applicable legal or regulatory obligations, including
as part of a judicial proceeding; to respond to a subpoena, warrant, court order, or other
legal process; or as part of an investigation or request, whether formal or informal, from
law enforcement or a governmental authority.
Gravy uses the information we receive from our Partners to provide Data Services to our
Customers. We do not use information collected through our Website to provide our Data
Services. Using the information we receive from our Partners, we create a portfolio of your
device's Location Data records that are associated with your mobile advertising identification
number. We also create virtual boundaries called "geofences" around locations of interest, such
as shopping centers, restaurants, and events. We take your device's Location Data and
combine it with these geofences, as well as other information noted above, to determine the
venues and events you attended and to infer your preferences. As part of our Data Services, we
also:
Categorize device users into interest segments called "personas" and "audiences." You
can view a list of our audiences at the following link: https://gravyanalytics.com/gravy-
audience-finder/ .
Track key performance indicators throughout the length of an advertising campaign and
determine whether a MAID that was served an ad visited a particular store or location;
Create insights and trends about consumer behaviors, including foot traffic at and
surrounding a particular location and predicting future behavior; and
Create competitive consumer intelligence for our Customers, such as identifying new
customers that may be interested in their offerings, targeting and enhancing marketing
and advertising capabilities for our Customers.
We do not use the information we collect about you to determine employment eligibility, credit
eligibility, insurance eligibility, underwriting, or for pricing purposes.
3. How We Share Your Information
We may share your information as follows:
Affiliates: We may disclose your information to our affiliates or subsidiaries; however, if
we do so, their use and disclosure of your information will be subject to this Policy.
Service Providers: We may disclose the information we collect to third-party vendors,
service providers, and contractors or agents, who perform functions on our behalf.
Customers: When we provide our Data Services, we share with our Customers your
information, including your device's location information, mobile advertising identifier,
venues and events you attended, interest segments, and device information. Our
Customers may use this information for purposes such as advertising attribution analysis
and services; marketing and personalized advertising; market research, including
consumer research; business intelligence, such as consumer insights, foot traffic and
analysis; providing fraud detection analytics and services; movement intelligence
analytics; providing security services; law enforcement and national security; and public-
health. In some circumstances, our Customers may also resell your information to other
third parties for similar purposes.
Data Management Platforms and Third-Party Ad Networks. We disclose your
information, including your mobile advertising identifier and interest segments, to third-
party ad networks to provide you with targeted advertisements, as more specifically
described in the Third-Party Network Advertisers paragraph in the "Privacy Choices"
section of this Policy. When you visit our Website, third-party advertising providers
collect information about your visit to track your responses to ads we have placed on
other websites, and to inform our understanding of how users navigate our Website.
Analytics Providers. We may disclose information we collected through our Website to
our analytics providers such as Google Analytics, to evaluate usage of our Site, and to
help us improve our services, performance and user experiences. You can learn about
Google’s practices by going to https://www.google.com/policies/privacy/partners/, and
opt-out of them by downloading the Google Analytics opt-out browser add-on, available
at https://tools.google.com/dlpage/gaoptout.
Aggregate and De-Identified Information. We may share information that has been
aggregated and de-identified with third-parties for marketing, advertising, research, or
similar purposes.
Business Transfers. If we are acquired by or merged with another company, if
substantially all of our assets are transferred to another company, or as part of a
bankruptcy proceeding, we may transfer the information we have collected from you to
the other company.
To Protect Us and Others. We may share your information where we believe it is
necessary to investigate, prevent, or act regarding illegal activities, suspected fraud,
potential threats to the safety of any person, violations of this Policy, or as evidence in
litigation in which Gravy is involved.
In Response to Legal Process. We also may disclose the information we collect if we
believe that such action is necessary to comply with the law, a judicial proceeding, court
order, or other legal process, such as in response to a court order or a subpoena.
With Your Consent. We may disclose the information we collect from you with your
consent.
4. Supplementary Information for Individuals Residing In Select U.S. States
Under various U.S. State privacy laws, you may have certain additional rights that pertain to
your data privacy. These additional privacy laws require Gravy to provide individuals with certain
information about the processing of their “personal information” and the rights that are available
to them under such laws.
Personal Information
Generally, “personal information” is defined as “any information that directly or indirectly
identifies, relates to, describes, or can be associated with or reasonably linked to “an individual
or household”, including, name, address, mobile device identifiers, precise location data, IP and
cookie identifiers, inferences, and biometric data.
The following table discloses what categories of “personal information” (as defined by various
U.S. state privacy laws) we have collected from or about individuals within the last twelve (12)
months:
“Personal
Information”
Category
“Personal Information”
Examples
Personal Information Collected by
Gravy From
Data Partners
Identifiers
Name, address, device
identifier, Internet Protocol
(IP) address, cookies, web
beacons, account name,
social security number,
passport number, or other
similar identifiers
Device identifier, IP
address
Customer
Records
Name, signature, social
security number, physical
characteristics or
description, address,
telephone number, passport
number, driver’s license or
state identification card
number, insurance policy
number, education,
employment, employment
history, bank account
number, credit card number,
debit card number, or any
other financial information,
medical information, or
health insurance
information.
No
Internet or
Network Activity
Browsing history, search
history, information on a
consumer’s interaction with
a website, application, or
advertisement
Timestamp and lists
of mobile
applications from
which location
signals were
received.
Geolocation
Data
Physical location or
movements
Yes
Inferences
Profile reflecting a person’s
preferences, characteristics,
psychological trends,
predispositions, behavior,
attitudes, intelligence,
abilities, and aptitudes.
No, but as part of its
Data Services,
Gravy does make
certain inferences.
Please refer to our
Description of
Services section of
this Privacy Policy
for more information.
Professional or
Employment
Information
Current or past job history or
performance evaluations
No
Protected
Classification
Characteristics
under U.S. State
Privacy Laws or
Federal Law
(“Demographic
Data”)
race, color, national origin,
religion, gender, age, or
disability
Age and gender
Categories of Sources of Personal Information
We receive your personal information from the following categories of sources:
From you. Directly from you through your provision of the information to us directly on
our Website or automatically from your use of our Website or as described further in this
Privacy Policy;
Our customers. Our customers may directly provide us with your information for our
performance of services to them; and
Third Parties and Partners. Our third-party data suppliers (data resellers) who either
directly or indirectly collect your personal information and provide it to us for our
provision of the Data Services, as described in this Privacy Policy.
Use of Personal Information
Please refer to the “How We Use Your Information” section of this Privacy Policy for information
on how we use your personal information with respect to the Data Services and our Website.
Disclosing Personal Information for a Business Purpose
Business Purpose
We may share your personal information with affiliates and service providers for a business
purpose, which different privacy laws generally define as the use of personal information for
operational or other notified purposes. In the preceding twelve (12) months, we have disclosed
the following categories of personal information for a business purpose:
Identifiers;
Precise Geolocation Data;
Internet or Network Activity;
Demographic Data; and
Inferences
The following are categories of third parties to whom we have disclosed your personal
information for a business purpose:
Our affiliates; and
Service providers.
Sale of Personal Information
In the preceding twelve (12) months, we have sold the following categories of personal
information in order to monetize our services:
Identifiers;
Precise Geolocation Data;
Internet or Network Activity;
Demographic Data; and
Inferences.
Categories of parties to whom we have sold your personal information:
Our affiliates;
Vendors;
Third parties, which include our customers, partners, law enforcement, data
management platforms, and third party ad networks.
Your Rights in Connection with Personal Information
Many U.S. State privacy laws grant you a number of rights (subject to certain exceptions) with
respect to your personal information that companies may hold about you. Each of your rights is
outlined in more detail below:
Right to Know & Right to Access. You have the right to request that we tell you:
the categories of personal information we collected, sold, or disclosed for a
business purpose in the previous 12 months;
the categories of sources from which we collected such personal information;
the business or commercial purposes for collecting and selling such personal
information; and
the categories of third parties to whom we sold or disclosed for a business
purpose such personal information and the specific categories of personal
information sold or disclosed to each category of third party.
In addition, you have the right to request a copy of the specific pieces of personal
information that we have collected from you in the 12 months preceding your request. If
we are able to confirm your identity to the degree required by law and corresponding
regulations, we will disclose to you a copy of the specific pieces of personal information
about you that we have processed.
Please click here for more information on exercising your Right to Know/Access or click
on the Right to Know link at the bottom of our home page.
Right to Delete. You have the right to ask us to delete or remove the personal
information we have collected from you and retained. Upon our confirmation of your
request, we will delete (and direct our service providers to delete) your personal
information from our records, unless an exception applies (for example, where your
information helps us comply with a legal obligation, or detect or prevent security
incidents, or as required to comply with applicable law).
Right to Opt-Out of Sale. Where we sell your personal information, you have a right to
opt out of such sale and any further resale of your personal information. You can opt-out
of the sale of your personal information here or by clicking on the “Opt-Out and Do Not
Sell” link available on the home page, and on all other Gravy Website landing pages. If
we receive any opt-out request either directly or through a third-party partner, we will
cease selling your personal information, as “sale” is defined under U.S. State privacy
laws..
How to Exercise your Rights
In order to exercise any of the rights described above, please contact us by either:
Calling us toll-free at 1-855-545-5623; or
emailing us at: privacy@gravyanalytics.com
We may need to request specific and/or additional information from you to help us confirm your
identity and ensure your right to know, access or delete your personal information. Information
on Gravy’s verification process can be found here. This is a security measure designed to
prevent the disclosure of your personal information to a person who has no right to receive it.
We will only use this information to verify your identity or authority to make the request. An
authorized agent submitting a request on behalf of a consumer must demonstrate that the
consumer provided written permission, signed by the consumer authorizing the agent to act on
the consumer’s behalf. For requests for information and deletion, Gravy may require that you
verify your own identity directly with Gravy and directly confirm that you provided the authorized
agent permission to submit the request.
We will deliver our written response by mail or electronically, at your option. We will not charge
you a fee for access to your personal information (or to exercise any of your other rights).
However, we may charge a reasonable fee if your request is clearly unfounded, repetitive,
excessive, or manifestly unfounded, or we may refuse to comply with your request in these
circumstances.
We will not be obligated to respond to more than 2 requests for data access/data portability in a
12-month period. Any responses will cover the 12-month period preceding your request.
If you have opted out of the sale of your personal information, you may change your mind and
opt back in at any time by contacting privacy@gravyanalytics.com.
Non-Discrimination
Privacy laws prohibit discrimination against individuals for exercising their rights and imposes
requirements on any financial incentives offered to individuals related to their personal
information. Gravy will not discriminate against you for exercising any of your privacy rights.
Shine the Light
California’s Shine the Light Law (Civil Code 1798.83) permits users of our Website that are
California residents to request certain information regarding our disclosure of personal
information to third parties for their direct marketing purposes. To make such a request, please
refer to any of the contact methods in the Contact Information section below.
5. Our Use of Cookies and Other Tracking Mechanisms
We and our third-party service providers use cookies and other tracking mechanisms to track
information about your use of our Site. We may combine this information with other information
we collect from you (and our third-party service providers may do so on our behalf).
Currently, our systems do not recognize browser "do-not-track" requests. You may, however,
disable certain tracking as discussed in this section (e.g., by disabling cookies); you also may
opt-out of targeted advertising by following the instructions in the Third-Party Ad Network
section.
Cookies. Cookies are alphanumeric identifiers that we transfer to your computer's hard drive
through your web browser for record-keeping purposes. Some cookies allow us to make it
easier for you to navigate our Site and Services, while others are used to enable a faster log-in
process or to allow us to track your activities at our Site and Service. There are two types of
cookies: session and persistent cookies.
Session Cookies. Session cookies exist only during an online session. They disappear
from your computer when you close your browser or turn off your computer. We use
session cookies to allow our systems to uniquely identify you during a session or while
you are logged into the Site. This allows us to process your online transactions and
requests and verify your identity, after you have logged in, as you move through our Site.
Persistent Cookies. Persistent cookies remain on your computer after you have closed
your browser or turned off your computer. We use persistent cookies to track aggregate
and statistical information about user activity, and to display advertising both on our Site
and on third-party sites.
Disabling Cookies. Most web browsers automatically accept cookies, but if you prefer, you can
edit your browser options to block them in the future. The Help portion of the toolbar on most
browsers will tell you how to prevent your computer from accepting new cookies, how to have
the browser notify you when you receive a new cookie, or how to disable cookies altogether.
Visitors to our Site who disable cookies will be able to browse certain areas of the Site, but
some features may not function.
Clear GIFs, pixel tags and other technologies. Clear GIFs are tiny graphics with a unique
identifier, similar in function to cookies. In contrast to cookies, which are stored on your
computer's hard drive, clear GIFs are embedded invisibly on web pages. We may use clear
GIFs (a.k.a. web beacons, web bugs or pixel tags), in connection with our Site to, among other
things, track the activities of Site visitors, help us manage content, and compile statistics about
Site usage. We and our third-party service providers also use clear GIFs in HTML e-mails to our
customers, to help us track e-mail response rates, identify when our e-mails are viewed, and
track whether our e-mails are forwarded.
6. Third-Party Links
Our Site and Services may contain links to third-party websites. Any access to and use of such
linked websites is not governed by this Policy, but instead is governed by the privacy policies of
those third-party websites. We are not responsible for the information practices of such third-
party websites.
7. Security of Your Information
We have implemented appropriate administrative, technical, and physical safeguards to protect
the information we collect from loss, misuse, and unauthorized access, disclosure, alteration,
and destruction. Please be aware that despite our best efforts, no data security measures can
guarantee security.
8. Privacy Choices
Data Services Opt Out. If you would like to opt-out of our use of your device’s Location
Data and other related data we use in our Data Services, you can (a) disable location
services on your mobile device, or (b) complete the Opt-Out & Do Not Sell Form. Please
note that your opt-out will be specific to the device for which you submit the opt-out
request. This means that if you use multiple devices, you will need to opt out each device
that you use. In addition, if you re-set your mobile advertising ID, you will need to opt out
that device again.
Third Party Ad Network Opt Out. We may use third-party network advertisers to serve
advertisements on third-party websites or other media (e.g., social networking platforms). This
enables us and these third parties to target advertisements to you for products and services in
which you might be interested. Third-party ad network providers, advertisers, sponsors and/or
traffic measurement services may use cookies, JavaScript, web beacons (including clear GIFs),
Flash LSOs and other tracking technologies to measure the effectiveness of their ads and to
personalize advertising content to you. We may provide these third-party advertisers with
information about you.
Users in the United States may opt out of many third-party ad networks. For example, you may
go to the Digital Advertising Alliance ("DAA") Consumer Choice Page for information about
opting out of interest-based advertising and their choices regarding having information used by
DAA companies. You may also go to the Network Advertising Initiative ("NAI") Consumer Opt-
Out Page for information about opting out of interest-based advertising and their choices
regarding having information used by NAI members, of which we are one.
Opting out from one or more companies listed on the DAA Consumer Choice Page or the NAI
Consumer Opt-Out Page will opt you out from those companies' delivery of interest-based
content or ads to you, but it does not mean you will no longer receive any advertising through
our Site or on other websites. Also, if your browsers are configured to reject cookies when you
opt out on the DAA or NAI websites, your opt out may not be effective.
Email Marketing Opt Out. You may opt-out of receiving promotional communications from us
by following the opt-out instructions contained in the e-mail. Please note that it may take up to
10 business days for us to process opt-out requests. If you opt-out of receiving promotional
emails about recommendations or other information we think may interest you, we may still
send you e-mails about your account or any services you have requested or received from us.
9. Retention
We retain your personal information for so long as retention is necessary to comply with our
legal and contractual obligations, enforce our agreements, and enable us to investigate events
and resolve disputes. We store Location Data, Internet or Network Activity, and Device User
Agent Data, associated with a particular mobile advertising ID and used for our Data Services,
for up to four (4) years, provided, we may retain such personal information for a longer period to
the extent it is required for a legal or significant operational purpose, such as for compliance,
record-keeping, auditing, safety and security, and error or bug prevention.
10. Children
Our Services are not designed for children under 16. If we discover that a child under 16 has
provided us with personal information, we will delete such information from our systems.
NAI MEMBERSHIP
Gravy is a member of the Network Advertising Initiative (NAI) and we undergo annual reviews
that we adhere to their Strict Code of Conduct. If you wish to learn more about the NAI or about
options available to you to opt out of receiving targeted advertising from other third party
services that are also members of the NAI, please click here.
CONTACT US
If you have any questions or would like to speak with us regarding changes to your personal
information, please email us at privacy@gravyanalytics.com, call us at 703.840.8850, or write to
us at:
Gravy Analytics
45610 Woodland Rd., Suite 100
Sterling, VA 20166
CHANGES TO THIS PRIVACY POLICY
This Policy is current as of the Effective Date set forth above. We will post any changes to this
Policy on our Site. If we make any changes to this Policy that materially affect our practices with
regard to the information we have previously collected from you, we will endeavor to provide
you with notice in advance of such change by highlighting the change on our Site.
Last Updated: January 2023