Skip to main content

Privacy & Data Handling Guide

This guide outlines how developers integrating the Teads AI Chatbot SDK should manage user data, respect privacy laws, and ensure secure handling of information across all chatbot and advertising flows.

1. Purpose

The Teads AI Chatbot SDK enables dynamic ad and content interactions through API calls to Teads and Partner endpoints.
This Privacy & Data Handling Guide ensures all integrations comply with global privacy standards such as GDPR, CCPA, and IAB Transparency & Consent Framework (TCF).

2. Core Privacy Principles

  1. Data Minimization — Collect and process only what’s strictly necessary for SDK functionality.
  2. Transparency — Inform users clearly when advertising, tracking, or personalization occurs.
  3. Consent — Obtain and store user consent before firing any tracking or personalized content requests.
  4. Security — Encrypt all communications and prevent key exposure.
  5. Compliance — Align with applicable laws in the regions where the chatbot operates.

3. Data Processed by the SDK

a. Automatically Collected (non-personal)

Data TypePurposeRetention
contentUrlContext for content/ad relevancetransient
widgetJSId, idxPlacement identifiers for measurementtransient
extidEvent identifiers (e.g., unit_load, unit_view)transient
userAgentBasic device/browser info for compatibilitytransient
geo (approx.)Regional targeting; no precise locationnot stored
formatResponse format metadatatransient
Data TypePurposeRequires Consent
cookies / deviceIdFrequency capping and attribution
IP addressUsed transiently for geo detection
clickTrackersInteraction tracking for campaigns
viewability pixelsAd impression measurement

4. Data Flow Overview

+------------------+        +------------------+        +------------------+
| User / Chatbot   | --->  | Teads SDK        | --->  | Partner Endpoint  |
| Interaction Data |        | Secure Proxy     |        | (Outbrain/Teads) |
+------------------+        +------------------+        +------------------+
          |                          ^                            |
          v                          |                            v
    Consent Manager ----------> Policy / GDPR Layer ------> Reporting / Analytics

All integrations must integrate with a Consent Management Platform (CMP) compliant with the IAB TCF v2.2 or equivalent.

Requirements

  • Obtain consent before any of these actions:
    • Firing measurement events (e.g., unit_view, unit_click)
    • Fetching paid or organic content from Partner APIs
    • Loading Outbrain widgets or executing trackers
  • Store consent signals (e.g., tcString) in session/local storage.
  • Append consent tokens to SDK calls where applicable.

Example pseudocode:

const tcString = CMP.getConsentString();

sdk.fireMeasurementEvent("unit_view", {
  consent: tcString,
  contentUrl: encodeURIComponent(window.location.href)
});

6. Data Retention and Anonymization

CategoryRetention PolicyNotes
Measurement eventsNot stored client-sideSent once per trigger
Organic/Paid content dataCached ≤ 24hFor UX performance only
Click and view trackersLogged server-side (Teads)No personal data
User consent stringsStored locally by CMPExpire as per CMP policy

The SDK does not store or persist personal user data. All identifiers are ephemeral and hashed where applicable.

7. Security Requirements

  1. HTTPS Only — All API and asset requests must be served via secure HTTPS.
  2. No API key exposure — Keys must be injected through a secure server proxy or environment variable.
  3. Access Controls — Restrict access to the proxy endpoint to verified chatbot servers.
  4. Encryption in Transit — Use TLS 1.2+ for all communications.
  5. Rate Limiting — Apply limits to prevent data scraping or abuse.
  6. Secure Logging — Avoid storing URLs or identifiers containing API keys in logs.

Example proxy architecture:

Chatbot Client -> Secure Proxy (Inject Keys) -> Teads API

8. Regional Compliance Notes

GDPR (EU/EEA/UK)

  • Basis for processing: user consent or legitimate interest (when applicable).
  • Data Subject Rights: provide mechanisms for access, erasure, and opt-out.
  • If using cookies or unique identifiers, register your vendor ID in the IAB TCF.

CCPA (California)

  • Provide “Do Not Sell or Share My Data” opt-out link.
  • Avoid storing personal identifiers unless essential.
  • Honor GPC (Global Privacy Control) headers.

Other Jurisdictions

  • Israel, Brazil (LGPD), Canada (PIPEDA), Singapore (PDPA): ensure local consent and retention compliance.

9. Handling User Requests (DSARs)

If a user requests data deletion, access, or export:

  1. Verify the user’s identity (e.g., email verification).
  2. Confirm that the Teads SDK itself does not store personal data locally.
  3. Forward Partner-specific event logs (if any) to Teads privacy operations for review.
  4. Respond within the legally required timeframe (30 days under GDPR).

10. Developer Responsibilities

✅ Ensure CMP integration before SDK initialization
✅ Do not modify Partner or Teads-provided URLs
✅ Do not attempt to fingerprint or store user identifiers
✅ Keep API keys confidential
✅ Respect test/production separation
✅ Review Partner privacy updates regularly

11. Privacy-by-Design Best Practices

  • Default to testMode=true in QA/staging environments.
  • Use server-to-server measurement when possible to reduce data exposure.
  • Avoid combining SDK data with external user profiles.
  • Always provide a privacy policy link in your chatbot UI explaining how Teads SDK is used.

Example disclosure snippet for chatbot:

“This chatbot uses Teads technology to display sponsored and organic content. Some interactions may be logged for performance and analytics. No personal information is stored.”

12. Reporting Security or Privacy Incidents

In case of suspected misuse or data leakage:

  1. Immediately suspend API calls to Teads SDK endpoints.
  2. Notify your Teads account manager and ai-sdk@teads.com within 24 hours.
  3. Document request/response logs securely (without keys).
  4. Resume production only after clearance from Teads Privacy Team.

13. Contact and Support

© 2025 Teads AI Platform. Confidential and proprietary. All rights reserved.