Privacy Policy

Last Updated Date: December 1st, 2025

Intowow Innovation Ltd. (“Intowow,” “we,” or “us”) develops and operates optimization services exclusively for digital publishers (collectively, “Publishers” or “Supply Partners”) across all inventory formats. Our core service leverages proprietary, AI-driven algorithms to dynamically apply floor prices to programmatic advertising inventory, enabling our publishing partners to maximize revenue yield (collectively, the “Services”).

Intowow is firmly committed to data privacy. Our Services operate exclusively by processing Non-Personal Information, and we do not collect, process, or store any data that can identify the Publisher’s end users (collectively, “Users”). This Policy outlines Intowow’s data practices with respect to information processed through our Services. Because we do not handle any Personally Identifiable Information (PII), we do not intentionally collect or process data relating to children under 16 years of age.

1. The Services and Our Customers

Our Services focus on yield optimization through Dynamic Floor Pricing. We integrate directly with the Publisher’s ad management platform to dynamically calculate and apply optimal floor prices across all available inventory. This process leverages real-time market signals and anonymized ad management platform data to help Publishers maximize revenue on programmatic buyers.

Our Publishers are responsible for providing adequate notice to users about this Policy and maintain a privacy policy of their own, as required by applicable legislation.

Important Note: While Intowow processes only Non-Personal Information, a Publisher’s property, as well as other programmatic partners involved in the advertising ecosystem, may utilize tracking technologies or collect Personal Data under their separate privacy policies. Intowow does not access, control, or receive any such data. Users should refer to the Publisher’s privacy policy for information regarding their data collection and processing practices.

2. Information that Intowow collects and receives (Non-Personal Information Only)

2.1 We Do Not Process Personal Identifiable Information (PII)

Intowow is committed to user privacy and does not collect, process, store, or infer any data that can identify any individual Users (Personal Identifiable Information or PII). This strict exclusion covers, but is not limited to, the following types of data, which we do not process:

• Names, email addresses, phone numbers, or other contact information.
• Login or user account data.
• IP addresses or network identifiers.
• Cookies or other persistent identifiers used for cross-session tracking.
• Advertising identifiers (e.g., Apple IDFA, Google AAID).
• Precise or approximate location data.
• Behavioral, interest-based, or demographic profiles.
• Any data that can identify an individual, whether directly, indirectly, or when combined with other data sets.

2.2 The Non-Personal Information We Process

We solely collect and process Non-Personal Information that is strictly necessary for our AI-driven yield optimization Services. This information is anonymous, aggregated, and cannot be used to track or profile individual Users.

The Non-Personal Information we process includes, but not limit to:

1. General Device and Physical Environment Attributes:
   • General device category (e.g., desktop, mobile, tablet).
   • Browser type, Operating system (OS), and device language settings.
   • Viewport size and general technical specifications.
2. Ad Request and Contextual Data:
   • Non-identifiable ad request metadata (e.g., requested ad sizes, inventory format, refresh count).
   • The Publisher's general content category (e.g., Sports, News).
   • Non-unique, non-persistent traffic categorization signals used for general grouping.
3. Google Ad Manager (GAM) Reporting Tools:
   • We use GAM reports — including its available dimensions, metrics, and filters — to collect data exclusively for the purpose of providing our Services. All data is fully anonymized by GAM and cannot be traced back to any individual User.
4. System and Performance Metrics:
   • We use industry-standard tools to perform general digital system health checks, collecting data such as Core Web Vitals scores, latency, and response times. This information is strictly non-personal and is used solely for troubleshooting and quality assurance purposes.

3. Purpose of Information Processing (Legal Basis: Legitimate Interest)

Legal Basis for Processing

Since Intowow processes only Non-Personal Information that cannot identify an individual, our processing adheres to the principles established by the Data Protection Laws. Our legal basis for this processing is our Legitimate Interest, as defined by the GDPR and recognized by similar global privacy frameworks. Our legitimate interest is to provide functional, stable, and economically viable yield optimization Services to our Publishers globally without impacting the privacy rights of the Users, as no PII is involved.

The Purposes of Processing Non-Personal Information

The Non-Personal Information described in Section 2 is processed solely for the following operational purposes:

1. Dynamic Floor Price Calculation:To support our proprietary AI-driven models that automatically and dynamically determine the optimal floor price for each ad impression opportunity in real time, helping Publishers maximize their advertising revenue.
2. Service Performance Reporting:To provide transparent reporting for Publishers to monitor the performance of our Service in real time.
3. Service Functionality:To ensure the Services are compatible with the Publisher’s ad serving environment and to monitor the Services proper operation thereafter.
4. Operational Analytics and Quality Assurance:To assess overall system stability, identify anomalies, generate aggregated performance reports, and troubleshoot technical or quality issues.

4. Sharing Non-Personal Information with Others

Intowow commits that we do not sell, rent, or trade any information, as we process only Non-Personal Information. We may share the Non-Personal Information we collect exclusively for the purposes detailed below:

With Publishers (Supply Partners)

We share aggregated and anonymized reports with our Publishers related to our Services including performance reports, general traffic characteristics, and anything requested directly by the Publisher. This information is purely statistical and cannot be used to track or profile individual users.

With Service Providers

We engage trusted third-party service providers to assist us in operating, maintaining, and enhancing our Services. These providers receive Non-Personal Information strictly necessary to perform their functions on our behalf, and are strictly prohibited from using the information for any other purposes.

Namely, we use the following key service providers for infrastructure and operations:

• Amazon Web Services (AWS) (For cloud hosting and infrastructure)
• Google (For internal document management and operational analytics)
• Cloudflare (For network security and optimization)

Legal Requirements

We may disclose non-personal information if required to do so by law or in the good faith belief that such action is necessary to:

• Comply with legal obligations, such as a subpoena or similar legal process.
• Protect our rights, property, or safety, or the safety of others.

Business Transfers

In the event Intowow is involved in a merger, acquisition, or sale of all or a portion of its assets, the Non-Personal Information may be transferred as part of that transaction. Any transferring party will remain bound by this Policy.

5. Data Protection Principles and User Rights

Intowow operates under a philosophy of data minimization and privacy by design. We are committed to adhering to the principles outlined in the Data Protection Laws, including the EU GDPR, UK GDPR, CCPA, and CPRA.

Since Intowow processes only Non-Personal Information that cannot be linked to an identified or identifiable natural person, and we do not collect PII from end-users:

1. Non-Applicability of Specific User Rights:The specific individual data rights granted under Data Protection Laws—including the Rights of Access, Erasure, Portability (under GDPR), and the Right to Know or Right to Delete (under CCPA/CPRA)—do not apply to the data we hold, as we possess no data identifiable to a specific individual.
2. Legal Basis:As stated in Section 3, our processing is based on our Legitimate Interest to provide our technical services, which inherently protects user privacy due to the exclusion of PII.

This model allows us to operate within the spirit of the Data Protection Laws by avoiding the collection and processing of data that would necessitate complex privacy obligations, thereby maintaining a consistent, high-privacy standard worldwide.

6. Data Retention and Security

Data Retention

Intowow ensures that Non-Personal Information is processed for no longer than necessary for the purposes for which it was provided.

• Operational Data: Non-Personal Information collected for real-time optimization and troubleshooting is retained for a limited period, typically not exceeding 24 months, before being destroyed or permanently aggregated.
• Aggregated Data: Data that has been completely aggregated and anonymized for historical analysis, long-term system analytics, and financial reporting may be retained for longer periods.

Security

Intowow is committed to safeguarding the confidentiality and integrity of the data we process. We implement technical and organizational measures to secure our processing environment, minimizing the risks of unauthorized access, damage, or loss of information.

Since we operate exclusively on Non-Personal Information, the data handled carries a minimized inherent security risk. We rely on industry-leading platforms for data hosting and internal operations, including Amazon Web Services (AWS) for cloud infrastructure, and Google Workspace (including Google Drive) for internal document management. Our security measures include:

• Secure data transmission using industry-standard protocols (e.g., HTTPS).
• Strict internal access controls, limiting access to Non-Personal Information to authorized personnel on a need-to-know basis.
• Utilizing trusted service partners (AWS, Google) which employ their own high standards of physical and network security.

7. Information Processing Location

Data Location

The Non-Personal Information processed by Intowow for its Services is stored on servers managed by our infrastructure providers. For our Services, we primarily utilize Amazon Web Services (AWS), with the main processing and storage location being the Tokyo, Japan region.

For internal operational documentation (as detailed in Section 7), we utilize Google Workspace and Google Drive. While the specific data center location for these services is determined by Google, we rely on Google’s commitment to industry-leading security and data protection standards.

Cross-Border Processing of Non-PII

Since Intowow does not process Personal Identifiable Information (PII), we are not subject to the specific requirements of the GDPR regarding the legal mechanism for PII transfer outside the EEA (such as Standard Contractual Clauses or SCCs). Our commitment to processing only Non-Personal Information inherently ensures that we meet the highest standards of data minimization in cross-border data flows.

By using our Services through a Publisher's property, you acknowledge that Non-Personal Information may be processed in jurisdictions outside of your territory for the sole purpose of yield optimization.

8. Changes to This Privacy Policy

Intowow may update this Policy from time to time. When we make material changes, we will notify you by posting the updated policy on our Site. The updates will take effect 7 days after the notice is posted.

Continuing to use the Services after the new policy takes effect means that you agree to the updated terms. Note that if Intowow needs to adapt the policy immediately due to legal or regulatory requirements, the new policy will become effective as required by law.

9. Acceptance and Contact

Acceptance and Consent

By using Intowow Services, you acknowledge that you have read and understood this Policy and consent to our processing of Non-Personal Information as set forth herein.

Contact Us and Data Controller Details

The Data Controller (Administrator) for the Services is: Intowow Innovation Ltd.

Operational Contact Address: No. 97, Songren Rd, Xinyi District, Taipei City, 110 Taiwan

This Privacy Policy was last updated on December 1st, 2025.

Should you have any questions or concerns regarding this Policy, please contact us at:

Email: intowow@intowow.com

We respond to privacy inquiries within 30 days. Please include in your message a description of your concern and any relevant context related to your interaction with the Intowow Services.

‍