JourneyCraft Privacy Policy
Effective 29 May 2025 — last revised 31 May 2025

JCProg Ltd. (“JourneyCraft,” “we,” “us,” or “our”) is a programmatic-advertising studio headquartered in Tel Aviv, Israel. This Policy explains how we collect, use, share, and protect information when you

  • visit jcprog.com or communicate with us (“Site Visitors”);

  • use JourneyCraft tools as a Business Customer (advertiser, agency, publisher); or

  • view or interact with an ad impression that JourneyCraft helps buy or sell on a third-party site or app (“End Users”).

1 Information We Process

Contact & account data – name, work-email, company, budget, messages you send us. (We act as data controller.)

Bid-stream / ad-tech data – truncated IP address, cookie ID, mobile AdID/IDFA, user-agent, page or app ID, coarse city-level geo, auction logs. (We process this on behalf of publishers and supply-side platforms.)

Site analytics data – pages visited, referrer, device type, collected via first-party cookies and Google Analytics 4.

We do not knowingly collect data from anyone under 16 years of age.

2 How We Use Information & Legal Bases

  • Provide and optimise our curation / monetisation services (Contract)

  • Measure audiences, detect fraud, maintain security (Legitimate Interest)

  • Personalise ads and measure performance (Consent via IAB Europe TCF where required)

  • Send marketing updates and thought-leadership (Consent – opt-in)

  • Comply with legal obligations and resolve disputes (Legal Obligation / Legitimate Interest)

3 Sharing & Disclosure

  • Service providers – cloud hosting, anti-fraud, analytics, email; all bound by data-processing agreements.

  • Advertising partners – DSPs, SSPs and exchanges, only when a valid consent or other lawful basis exists.

  • Industry frameworks – we are Vendor ID [XXXX] in the IAB Europe Transparency & Consent Framework v2.2 and members of the Network Advertising Initiative and Digital Advertising Alliance.

  • Authorities – when required by law.

  • Business transfers – successor entity in a merger, acquisition or asset sale (with notice).

JourneyCraft does not sell personal information for money. Certain advertising flows may be deemed a “sale” or “share” under US state laws; see § 6 for your opt-out choices.

4 Cookies, Mobile IDs & Similar Tech

We set first-party cookies for site functionality and GA4 analytics. Partners may set third-party cookies or receive mobile Advertising IDs to deliver interest-based ads.
Your options: disable cookies in your browser, reset or limit your mobile AdID, or use NAI / DAA opt-out tools.

Cookie Notice – a full list of cookies and their lifespans is available at /cookie-notice.

Signals we honour

  • Global Privacy Control (GPC) and any other recognised Universal Opt-Out Mechanism – automatically treated as a “Do Not Sell/Share” request.

  • Do Not Track (DNT) – currently not acted on because no uniform standard exists.

5 Data Retention

  • Contact-form data – 24 months (longer if we enter a contract)

  • RTB bid logs – 30 days, then aggregated & pseudonymised

  • Aggregated reporting / models – up to 24 months

  • GA4 analytics – 26 months (Google default)

6 Your Choices & Rights

EU / EEA / UK – access, rectify, delete, restrict, portability, object (GDPR Arts 15-21).

California (CCPA / CPRA) – know, delete, correct, opt-out of sale/share, limit sensitive data. Use the “Do Not Sell or Share My Personal Information” footer link, send a GPC signal, or email us.

Colorado, Virginia, Connecticut, Utah & other US states – opt-out of targeted advertising and profiling; we honour any state-approved Universal Opt-Out Mechanism (including GPC).

Nevada (SB-220) – email privacy@jcprog.com with subject “Nevada Opt-Out”.

California Shine-the-Light – email privacy@jcprog.com with subject “Shine the Light” once per year for a list of third parties who received your info for direct marketing.

Identity verification & authorised agents: we verify requests by matching at least two data points (three for sensitive data) and accept authorised agents with written permission.

7 International Transfers

Data may be stored on AWS or GCP servers in the EU, US and Israel. Transfers outside the EEA rely on the EU adequacy decision for Israel or the EU Standard Contractual Clauses (2021/914).

8 Security

We use TLS encryption, multi-factor authentication, role-based access controls, network segmentation and at-rest encryption aligned with ISO 27001. No system is 100 % secure, but we work to minimise risk.

9 Children

We do not knowingly process data from anyone under 16. If we discover we have done so, we delete the data promptly.

10 Changes

Material updates will appear here with a new “Last revised” date. Continued use of our services after an update constitutes acceptance.

11 Contact

Email: privacy@jcprog.com
Postal: JCProg Ltd., Refidim 22, Tel Aviv 6526301, Israel