logo

Privacy Policy

Last updated: 1st January 2026

This Privacy Policy explains how Insights Digital LLC, a Delaware limited liability company, operating under the brand name Profit With Insights and doing business as Profit With Insights (“we”, “us”, or “our”), processes personal data in connection with our website and our advertising optimisation and measurement services (the “Services”).

This Privacy Policy is intended for customers, website visitors, regulators, and enterprise legal teams. It is written to provide clear, transparent information about our data practices and the privacy safeguards built into our Services.

1. Who We Are

Legal entity: Insights Digital LLC A Delaware limited liability company

Trading name: Profit With Insights

Role under data protection law:

  • For the operation of our Services on behalf of customers, we act as a data processor under the GDPR and UK GDPR, and as a service provider under applicable US privacy laws.
  • Our customers act as data controllers (or businesses under US law) in respect of any personal data processed using the Services.

Contact details for privacy-related inquiries are provided in Section 14.

2. Scope of This Privacy Policy

This Privacy Policy applies to:

  • Our public website.
  • Our server-side, privacy-preserving advertising optimisation and measurement Services provided to business customers.

This Privacy Policy does not replace or override contractual terms agreed with customers, including any Data Processing Addendum (“DPA”).

3. Overview of the Services

Profit With Insights provides a server-side advertising optimisation and measurement platform designed to operate without user tracking and without reliance on cookies or similar technologies.

The Services are designed to:

  • Measure conversions server-side.
  • Generate aggregated, campaign-level and creative-level optimisation signals.
  • Support advertising performance analysis without identifying or tracking individual users.

The Services are intentionally engineered to minimise privacy risk and regulatory exposure.

4. Core Privacy Principles by Design

The Services operate under the following strict technical and organisational constraints:

  • No cookies, localStorage, or any other device-side storage.
  • No fingerprinting or device-level identification.
  • No cross-day or cross-context user tracking.
  • No remarketing, behavioural advertising, or profiling.
  • No creation of advertising audiences.
  • No sharing of user-level identifiers with advertising platforms.
  • No persistent identifiers.

Any identifiers used internally are:

  • Short-lived.
  • Rotated daily.
  • Used solely for deduplication within a maximum 24-hour window.
  • Never used to track individuals over time.

5. Data We Process

5.1 Website Data

When you visit our website, we may process limited technical data such as:

  • IP address (processed transiently and not stored in identifiable form).
  • Basic server logs necessary for security and availability.
  • Aggregated usage metrics.

We do not use cookies or similar technologies on our website unless explicitly stated elsewhere.

5.2 Service Data Processed on Behalf of Customers

When providing the Services to customers, we may process limited data elements provided by or generated on behalf of the customer, which may include:

  • Event timestamps.
  • Campaign or creative identifiers defined by the customer.
  • Conversion metadata supplied server-side.
  • Short-lived internal identifiers used for deduplication only.

We do not receive names, email addresses, precise location data, or persistent device identifiers as part of the core Services.

6. What We Explicitly Do Not Do

To avoid ambiguity, the Services do not involve:

  • Cookies or similar tracking technologies.
  • Device storage of any kind.
  • Cross-site or cross-app tracking.
  • User profiling or behavioural analysis.
  • Advertising audience creation.
  • Retargeting or remarketing.
  • Sharing personal data with advertising platforms for targeting purposes.

7. Why ePrivacy and PECR Consent Is Not Required

The core Services do not require consent under the ePrivacy Directive or the UK Privacy and Electronic Communications Regulations (PECR) because:

  • No information is stored on, or accessed from, a user’s device.
  • No cookies or similar technologies are used.
  • Processing occurs server-side and is limited to aggregated measurement and optimisation.

As a result, the Services do not trigger consent requirements applicable to cookies or similar technologies.

8. Lawful Bases for Processing (EU and UK)

Where the GDPR or UK GDPR applies, processing is conducted on the following lawful bases, as applicable:

  • Legitimate Interests (Article 6(1)(f)) For providing privacy-preserving measurement, service security, fraud prevention, and service improvement, where such interests are not overridden by the rights of individuals.

  • Contractual Necessity (Article 6(1)(b)) Where processing is necessary to perform our contractual obligations to customers.

Customers remain responsible for identifying and communicating their own lawful bases for any data they submit to the Services.

9. Data Retention

We apply strict data minimisation and retention controls:

  • Short-lived internal identifiers are rotated daily and retained for no longer than 24 hours.
  • Aggregated reporting data is retained only as necessary to provide the Services.
  • Raw or transient technical data is deleted or anonymised as soon as it is no longer required.

We do not retain data in a form that allows long-term identification of individuals.

10. International Data Transfers

We are headquartered in the United States and may process data in the United States or other jurisdictions.

Where personal data originating from the UK or EEA is transferred internationally, we rely on appropriate safeguards, which may include:

  • Standard Contractual Clauses approved by the European Commission or UK authorities.
  • Supplementary technical and organisational measures appropriate to the low-risk nature of the data processed.

11. Data Subject Rights

11.1 EU and UK Individuals

Where applicable, individuals have rights under the GDPR and UK GDPR, including:

  • The right to access.
  • The right to rectification.
  • The right to erasure.
  • The right to restriction of processing.
  • The right to object.
  • The right to lodge a complaint with a supervisory authority.

Given the aggregated and non-identifying nature of the data processed, it may not be technically feasible to identify individual data subjects in many cases.

11.2 United States

Depending on the applicable state law, individuals may have rights to:

  • Access information about data processing.
  • Request deletion of personal data.
  • Opt out of certain disclosures.

We act as a service provider and process data only on documented instructions from customers.

12. Customer Responsibilities

Customers using the Services:

  • Act as data controllers (or businesses under US law).
  • Are responsible for determining lawful bases for processing.
  • Are responsible for providing appropriate privacy notices to end users.
  • Must ensure that their use of the Services complies with applicable data protection laws.

13. Data Processing Addendum

Processing of personal data on behalf of customers is governed by a separate Data Processing Addendum (DPA), which forms part of our contractual arrangements with customers.

14. Security Measures

We implement appropriate technical and organisational measures designed to protect data, including:

  • Access controls.
  • Encryption in transit.
  • Logical separation of customer data.
  • Regular security reviews.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be reflected by an updated “Last updated” date.

16. Contact Information

For privacy-related questions or requests, contact:

Insights Digital LLC Doing business as Profit With Insights Email: [email protected]

End of Privacy Policy