1. Introduction & scope

Boost RAVA operates a programmatic advertising platform that connects publishers and advertisers using automated systems (including real-time bidding). Our systems process large volumes of signals and identifiers to deliver, target, measure and optimize digital advertising. This processed data can include personal data, pseudonymous identifiers, and aggregated statistics. This Policy explains what we collect, how we use it, with whom we share it, and your choices and rights. It also explains how our practices align with major legal regimes (for example the EU General Data Protection Regulation (GDPR), the ePrivacy rules governing cookies and similar technologies, US state privacy laws such as the California Consumer Privacy Act and California Privacy Rights Act (CCPA/CPRA), and national law developments in Bangladesh).

2. Definitions

• Personal data: Any information relating to an identified or identifiable natural person.
• Pseudonymous identifier: Device IDs, cookie IDs, advertising IDs, and hashed identifiers.
• Controller / Processor: Roles and short descriptions used in this policy.

3. Data we collect (categories)

We collect Identifiers & device data, Technical & interaction data, Location data (coarse), Interest & demographic inferences, Consent & preference signals, and Aggregated data. We do not intentionally collect sensitive categories.

4. Sources of data

Publisher ad calls and SDKs, advertisers, third-party vendors, user devices, CMPs and public sources.

5. How we use personal data (purposes & legal bases)

Primary purposes include ad delivery, targeting, measurement, fraud prevention, billing, legal compliance, and research/product development. Legal bases vary by jurisdiction (consent, contract, legitimate interest, legal obligation).

6. Automated decision-making & profiling

Our systems use ML to score and optimize ads. EU residents may have rights regarding significant automated decisions.

7. Cookies, tracking technologies & consent signals

We use cookies, local storage, pixels, SDK storage and honor CMP consent strings (IAB TCF) and browser privacy signals where applicable.

8. Data sharing and recipients

We share data with advertisers, identity providers, measurement vendors, cloud providers and legal authorities when required.

9. International data transfers and safeguards

We use SCCs, adequacy, or other safeguards for cross-border transfers; details available on request.

10. Data retention and deletion

Retention depends on purpose; raw logs shorter (30–90 days), billing longer. Deletion requests will be honoured subject to technical limitations for cached copies.

11. Security measures

Encryption, access controls, role-based access, audits, secure development practices.

12. Minors and children’s data

We do not knowingly collect data from children below applicable age thresholds. Publishers must not pass minor data without parental consent.

13. Data subject rights & exercising them

We support GDPR rights, CCPA/CPRA rights and local rights (including Bangladesh). Submit requests to privacy@boostrava.com with appropriate identifiers.

14. Compliance with specific laws

Overview of GDPR, CCPA/CPRA and Bangladesh PDPA developments — not legal advice.

15. Compliance, audits, processors & contracts

We require DPA agreements, vendor due diligence and periodic audits.

16. Incident / breach notification

We will notify regulators and affected parties as required by law.

17. Updates to this policy

Material changes will be posted with updated effective date.

18. Contact information & dispute resolution

DPO: privacy@boostrava.com — Mailing address: [INSERT].

19. Annexes & practical guidance

Implementation checklist, sample retention windows and methods to exercise rights are provided in annexes.