Get started
Effective 18 May 2026

Privacy & Cookie Policy

How TradeDesk uses personal data, cookies and similar technologies.

This Privacy & Cookie Policy explains how DATAVERA LTD, trading as TradeDesk, uses personal data. You can contact us at privacy@tradedesk.io.

TradeDesk usually acts as a controller for website, account, billing, support, product-telemetry, security and business-operation data. TradeDesk usually acts as a processor for Customer Content stored in customer workspaces where Customer decides the purpose and means of processing.

The Personal Data We Use

Depending on how you interact with TradeDesk, we may process:

  • account and identity data, such as name, work email, employer, job title, login details and role settings;
  • customer workspace data, such as notes, comments, uploads, assignments, labels and review metadata;
  • company-intelligence data, such as names of directors, officers, people with significant control, authorised persons, business contact details and source-linked records;
  • device, log and telemetry data, such as IP addresses, browser data, event logs, timestamps, system diagnostics and audit activity;
  • support and communications data, such as ticket history, recordings or notes from support interactions, and related attachments;
  • billing and subscription data, such as billing contacts, invoices, tax records and payment-administration data;
  • cookie and similar technology data.

We may collect personal data directly from you, from your organisation, from public registers and official publications, from licensed data providers, from integrations you enable, from openly accessible web sources that we lawfully observe or link to, and from our own website and application logs.

Lawful Bases and Uses

We use personal data only where we have a valid lawful basis. The lawful bases most likely to apply are contract, legitimate interests, legal obligation and consent.

Where we rely on legitimate interests, those interests commonly include running a secure and reliable B2B SaaS platform, preserving evidence linkability, keeping our records relevant and useful, preventing abuse, investigating complaints, maintaining auditability, and improving functionality. We assess those interests against the rights and interests of individuals and use safeguards such as minimisation, access controls, retention limits, human review and correction processes.

We use personal data to provide and administer the Service, maintain user accounts, operate the review workspace, show source-linked records, respond to support requests, process billing, protect the Service, detect misuse, investigate incidents, maintain system logs, communicate about service issues, and improve the product.

Sharing, Requests and Transfers

We may share personal data with cloud hosting, infrastructure, communications, support, analytics, security and billing providers; advisers, auditors and insurers; regulators, courts and law-enforcement bodies where lawful and necessary; a buyer or successor in a merger, acquisition or asset sale; and Customer administrators or Authorised Users where relevant to the account or workspace. We do not sell personal data in the ordinary commercial sense.

We may disclose personal data to courts, regulators, law-enforcement bodies and other public authorities where we reasonably believe disclosure is necessary and proportionate, or where we are legally required to do so. When handling such requests, we aim to verify the requester's identity, authority and scope, assess the legal basis, limit disclosure to what is reasonably necessary, and maintain a record of the request and our response. Unless prohibited by law or inappropriate in the circumstances, we may notify the relevant customer before disclosing customer-controlled workspace data.

We may process personal data in the UK and in other countries where our service providers operate. Where UK restricted-transfer rules apply, we use recognised transfer tools such as adequacy regulations or approved contractual safeguards.

Retention

We keep personal data only for as long as necessary for the purposes for which it was collected, plus any period needed for legal, security, contractual or accountability reasons. Our working retention schedule is:

Data typeRecommended retention
Customer account and user profile dataDuring the subscription term and for up to 24 months after closure, unless earlier deletion is appropriate.
Workspace notes, comments and uploadsDuring the subscription term; export window after termination as set out below; deletion from active systems thereafter, subject to backups and legal holds.
Security logs and audit trails12 months rolling by default, longer where needed for an incident, dispute, investigation or legal claim.
Support tickets and support correspondence24 months after closure of the ticket or relationship.
Billing, accounting and tax records6 years from the end of the relevant financial year, or longer where required by law.
Marketing suppression and unsubscribe recordsAs long as necessary to honour opt-out requests.
Cookie preference recordsUp to 12 months unless a different cycle is justified or the user refreshes preferences.
Data-correction and complaint records6 years after closure to support accountability and legal defence.

Where we say that data is deleted, this usually means deletion from active systems first, with deletion from backups and archives following the applicable backup lifecycle, legal-hold rules and security requirements.

Your Rights, Complaints and Corrections

Subject to applicable law, you may have rights to access your personal data, correct inaccurate data, erase data in some circumstances, restrict processing, object to processing, and receive portable data where that right applies. Where we rely on consent, you may withdraw it.

To exercise your rights, contact us at privacy@tradedesk.io. If your request concerns Customer Content in a workspace that your organisation controls, we may need to direct you to that organisation and assist it as processor.

You can complain to us by email at privacy@tradedesk.io or through to be confirmed. We will acknowledge receipt of a data-protection complaint within 30 days, investigate it, keep you appropriately informed, and tell you the outcome without undue delay.

If you believe a TradeDesk record about you is inaccurate, incomplete, out of date or misleading in context, contact privacy@tradedesk.io or to be confirmed. We may correct, annotate, suppress or remove the presentation where appropriate. If the issue originates with a source provider, you may also need to pursue correction with that source.

Cookies and Similar Technologies

We use cookies, local storage and similar technologies to run the Service, secure sessions, remember settings and understand how our website and application are used. Where no exception applies, prior consent is required. Silence or inactivity is not consent, and withdrawal must be as easy as giving consent.

CategoryPurposeLaunch position
Strictly necessarySession integrity, authentication, security, fraud prevention and essential service delivery.On by default.
Appearance and accessibilityRemembering language, theme or accessibility preferences requested by the user.Use where relevant; provide clear information and a simple way to object where relying on an exception.
First-party statistical analyticsUnderstanding aggregate use of the website or app to improve the service.Use only if implementation clearly meets an exception and offers a simple way to object; otherwise require consent.
Functional third-party toolsSupport widgets, embedded media, experimentation, error replay or analytics that are not clearly exempt.Off until consent.
Advertising or cross-site trackingPersonalised advertising, retargeting and cross-site profiling.Not used in the application at launch; if introduced later, off until consent.

Where we rely on consent for non-exempt technologies, our consent mechanism will keep non-essential technologies off until valid consent is given, present clear information about purposes, allow rejection and acceptance with equal ease, and allow preferences to be revisited through /legal/privacy#cookie-preferences.

Marketing, Children, Accessibility and Changes

We may send service and administrative notices where necessary for the service relationship. We will send optional marketing communications only where we have a lawful basis to do so, and you can opt out at any time.

TradeDesk is designed for business use and is not marketed to children. We aim to make the Service and our public notices usable by as many people as reasonably possible and to work towards WCAG 2.2 AA as our accessibility target.

We may update this section from time to time. If we make a material change, we will post the updated version and, where appropriate, notify customers through the Service or by email.