Privacy Policy

EFFECTIVE DATE: APRIL 1, 2026

Rhebus values your privacy. This Privacy Policy describes how we process information in connection with our advertising technology services, including what information we collect, how we use it, and with whom it may be shared.

This Privacy Policy may change from time to time. Your continued use of our services after we make changes is deemed to be acceptance of those changes. This Privacy Policy has been developed and is maintained in accordance with all applicable federal and international laws and regulations, and specifically with the California Online Privacy Protection Act (CalOPPA – U.S regulation) and the GDPR (General Data Protection Regulation – European regulation).

Personal data processed through our services, including via https://rhebus.works, is under the responsibility of:

• Rhebus Inc.
• Info@Rhebus.works
• privacy@Rhebus.works

(Hereinafter referred to as “Rhebus”).

We receive information as part of the programmatic advertising ecosystem from digital properties and advertising partners. This information is typically received from digital properties (such as websites and mobile applications) and our advertising partners.

The types of information we may process include:

• Device Information

  Including device type, operating system, browser type, and device characteristics.

• Identifiers

  Such as IP address, cookie identifiers, mobile advertising identifiers (e.g., IDFA, GAID), and other pseudonymous identifiers.

• Usage and Interaction Data

  Information about interactions with digital content, including pages viewed, timestamps, and advertising interactions.

• Non-Precise Location Data

  General location information derived from IP address (e.g., country, region, city).

We do not intentionally collect directly identifiable information such as names, email addresses, or phone numbers.

We use the information we process to operate and provide our advertising technology services. Specifically, we use data to:

• Facilitate Ad Delivery

  Enable the delivery of digital advertising through programmatic systems.

• Measure and Analyze Performance

  Measure the effectiveness of advertising and improve campaign performance.

• Prevent Fraud and Ensure Security

  Detect and prevent fraudulent or invalid traffic and maintain the integrity of our systems.

• Operate and Improve Our Services

  Maintain, debug, and enhance our technology and infrastructure.

• Comply with Legal and Industry Requirements

  Process data in accordance with applicable laws and industry frameworks, including the IAB Europe Transparency & Consent Framework.

We do not use personal data to directly identify individuals or to create profiles for personalized advertising.

Where applicable under the General Data Protection Regulation (GDPR), we rely on the following legal bases:

Consent

Where required, we process personal data based on user consent obtained by publishers or application providers through consent management platforms in accordance with applicable law and industry frameworks.

Legitimate Interests

We may process personal data where necessary for our legitimate interests, including:

• operating, maintaining, and improving our services

• measuring and analyzing advertising performance

• detecting fraud, invalid traffic, and ensuring system security

We ensure that such processing is carried out in a manner that is proportionate and respects individuals’ rights and freedoms.

Rhebus participates in the IAB Europe Transparency & Consent Framework (TCF).

Where applicable, we rely on consent signals provided by publishers and their consent management platforms. These signals are communicated through standardized consent strings (TC strings), which we use to determine whether and how personal data may be processed.

We process personal data in accordance with user preferences and applicable legal requirements, including respecting consent choices and other signals transmitted through the TCF, and limiting processing where required.

We may share information with third parties as part of the digital advertising ecosystem, including:

• Supply-side platforms (SSPs)

• Demand-side platforms (DSPs)

• Advertising exchanges and partners

• Service providers and infrastructure partners

• Fraud detection and security vendors

These third parties may process data in accordance with their own privacy policies and legal obligations. We work with partners that adhere to applicable data protection laws and industry standards, but we do not control their independent data practices.

We and our partners may use cookies, mobile identifiers, and similar technologies to support advertising delivery, measurement, and fraud prevention.

Users can manage their preferences through consent tools provided by digital properties or through their device and browser settings.

We retain personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy.

In general, personal data is retained for up to 30 days, consistent with our data minimization practices and operational requirements.

In limited circumstances, data may be retained for a longer period where necessary for:

• fraud prevention and detection
• security and system integrity
• legal or regulatory compliance

If you are habitually located in the European Union, you have the right to access, rectify, download or erase your information, as well as the right to restrict and object to certain processing of your information. While some of these rights apply generally, certain rights apply only in certain limited circumstances.
We describe these rights below:

• Access and Porting: You can access your information at any time.
• Rectify, Restrict, Limit, Delete: You can also rectify, restrict, limit or delete much of your information by contacting us.
• Object: Where we process your information based on our legitimate interests explained above, or in the public interest, you can object to this processing in certain circumstances. In such cases, we will cease processing your information unless we have compelling legitimate grounds to continue processing or where it is needed for legal reasons.
• Revoke consent: Where you have previously provided your consent, you have the right to withdraw your consent to the processing of your information at any time. For example, you can withdraw your consent by updating your settings. In certain cases, we may continue to process your information after you have withdrawn consent if we have a legal basis to do so or if your withdrawal of consent was limited to certain processing activities.
• Complain: Should you wish to raise a concern about our use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local supervisory authority.

We process personal data as part of our advertising technology services and based on the legal bases described above. We do not typically have a direct relationship with individuals whose data we process.

You can see more about these rights at:
https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens_en

CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law’s reach stretches well beyond California to require any person or company in the United States (and conceivably the world) that operates websites collecting Personally Identifiable Information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals or companies with whom it is being shared.

Because we value your privacy, we have taken the necessary precautions to be in compliance with the California Online Privacy Protection Act (CalOPPA).

According to the California Online Privacy act, you have the following rights:

• Know what personal data is being collected.
• Know whether your personal data is sold or disclosed and to whom.
• Access to your personal data.
• Request to delete any personal information about you.
• Not be discriminated against for exercising their privacy rights.

We are in compliance with the requirements of the California Online Privacy Protection Act (CalOPPA – U.S regulation) and the GDPR (General Data Protection Regulation – European regulation) regarding the protection of the personal data of minors. We do not collect any information from anyone under 13 years of age. If you become aware that your child has provided us with personal information, please contact us. If we become aware that a child has provided us with personal information, we will take steps to delete that information, terminate that person’s account, and restrict access to that person.

We may share personal data for advertising purposes, which may be considered a “sale” or “sharing” under applicable California law. We honor applicable opt-out signals where required.

We may process data outside of the user’s country, including in the United States, using appropriate safeguards, including Standard Contractual Clauses (SCCs) and supplementary measures, where required.

We may update this Privacy Policy from time to time. Updates will be posted on this page with a revised effective date.

We implement reasonable technical and organizational measures to protect data from unauthorized access, loss, or misuse.

If you have questions or concerns about this Privacy Policy and the handling and security of your data, please contact us at:

📧 privacy@rhebus.works

🌐 https://rhebus.works