Updated: Jan 1st, 2026

1. OVERVIEW

42 Inc. (“42,” “we,” “us,” or “our”) is a marketing technology and services company.

This Privacy Policy describes how we collect, use, disclose, and protect personal information when:

•  You visit our website(s)

•  You use our SaaS platform(s)

•  You interact with advertising delivered using our technology

•  You otherwise engage with us in a business capacity

Depending on the context, we act as either:

•  A Data Controller (e.g., website visitors, business contacts), or

•  A Data Processor/Service Provider on behalf of clients.

2. CATEGORIES OF PERSONAL INFORMATION WE COLLECT

2.1 Business and Account Information

•  Name, business email, phone number

•  Company name and job title

•  Account credentials

•  Billing and payment information

•  Communications and support requests

2.2 Technical and Device Information

•  IP address

•  Device identifiers

•  Cookie IDs and mobile advertising IDs (MAIDs)

•  Browser and operating system

•  Log data and usage metrics

•  Referring URLs and timestamps

2.3 Advertising and Media Data

When operating programmatic media buying services, we may process:

•  Pseudonymous identifiers

•  Audience segment data

•  Impression, click, and conversion data

•  Bidstream/Clickstream data (device metadata, contextual signals)

•  Coarse geolocation derived from IP address

•  Campaign attribution and performance data

2.4 Data from Clients and Partners

We may receive information from advertisers, agencies, data providers, ad exchanges, DSPs, SSPs, and measurement partners, subject to contractual agreements.

When acting as a processor, we process data solely under our client’s instructions.

3. HOW WE USE PERSONAL INFORMATION

We use personal information to:

3.1 Provide and Operate Our SaaS Platform

•  Account management and authentication

•  Customer support

•  Platform analytics and performance

•  Billing and contract administration

3.2 Execute Media Buying and Advertising Services

•  Real-time bidding (RTB)

•  Audience targeting and segmentation

•  Frequency capping

•  Conversion tracking and attribution

•  Brand safety and fraud detection

3.3 Improve and Secure Our Services

•  Platform optimization

•  Security monitoring

•  Fraud prevention

•  System diagnostics

3.4 Legal and Compliance Purposes

•  Compliance with applicable laws

•  Enforcement of agreements

•  Protection of rights and safety

4. ARTIFICIAL INTELLIGENCE AND AUTOMATED DECISION-MAKING AI

42 uses artificial intelligence (“AI”) and machine learning systems within its SaaS platform and advertising services.

4.1 How We Use AI

AI systems are used to:

•  Generate audience insights and targeting parameters

•  Review creative content for safety and compliance
 •  Allocate campaign budgets dynamically

•  Optimize media buying and bidding strategies

•  Predict campaign performance

•  Detect fraud and invalid traffic

•  Enhance automation and platform efficiency

AI is used exclusively for marketing strategy and advertising optimization. It is not used for decisions related to credit, employment, healthcare, housing, or other high-risk determinations.

4.2 Data Used in AI Systems

AI models may process:

•  Campaign performance metrics

•  Pseudonymous identifiers (e.g., cookie IDs, device IDs)

•  Device and contextual metadata

•  Aggregated behavioral signals

•  Audience segment data

Where feasible, we:

•  Use aggregated or pseudonymized data

•  Avoid directly identifiable personal data in model training

•  Apply data minimization principles

We do not knowingly use directly identifiable personal information (e.g., names or email addresses) to train general AI models unless contractually required and supported by a lawful basis.

4.3 Automated Decision-Making and Profiling

Our systems may perform automated decisions, including:

•  Real-time bidding decisions

•  Budget pacing adjustments

•  Category Entry Point generation and scoring 
 •  Audience scoring

•  Creative assessment and optimization

These processes typically rely on pseudonymous identifiers and contextual signals.

Where required by applicable law, individuals may request information about automated decision-making and may have rights to object.

4.4 Human Oversight

We implement oversight mechanisms including:

•  Model performance review

•  Monitoring for bias and anomalies

•  Human campaign supervision

•  Override controls for automated systems

AI systems are subject to ongoing evaluation for compliance, fairness, and performance.

4.5 Client Data and AI Training

When acting as a processor:

•  We process client data under contractual instructions.

•  We do not use identifiable client data to benefit other clients without authorization.

•  Aggregated or de-identified data may be used to improve system performance, consistent with contractual and legal obligations.

5. LAWFUL BASES FOR PROCESSING (GDPR)

Where applicable, we rely on:

•  Performance of a contract

•  Legitimate interests

•  Consent (including for cookies and targeted advertising where required)

•  Legal obligations

Clients are responsible for obtaining appropriate consent where required for advertising-related processing.

6. COOKIES AND ADVERTISING TECHNOLOGIES

We and our partners use:

•  Cookies

•  Pixels

•  SDKs

•  Server-to-server integrations

•  Device identifiers

These technologies support:

•  Essential functionality

•  Analytics

•  Personalization

•  Programmatic advertising

•  Cross-device measurement

Users may manage cookie preferences via browser settings or consent management platforms.

We support industry opt-out frameworks where applicable.

7. SHARING AND DISCLOSURE

We may share personal information with:

7.1 Advertising Ecosystem Partners

DSPs, SSPs, ad exchanges, data providers, and measurement vendors, as necessary for campaign execution.

7.2 Service Providers

Cloud hosting providers, analytics vendors, payment processors, CRM systems, and security providers.

7.3 Clients

When we act as a service provider or processor.

7.4 Legal Authorities

When required by law or to protect rights and safety.

7.5 Corporate Transactions

In connection with mergers, acquisitions, or asset transfers.

We do not sell personal information unless defined and permitted under applicable law. Where “sale” or “sharing” is broadly defined (e.g., CPRA), users may exercise opt-out rights.

8. DATA MINIMIZATION AND RETENTION

We:

•  Limit collection to what is necessary

•  Pseudonymize data where feasible

•  Retain data only as long as operationally or legally required

•  Apply contractual restrictions on re-identification

Retention periods vary depending on contractual, legal, and operational requirements.

9. INTERNATIONAL DATA TRANSFERS

Personal information may be transferred across jurisdictions, including to the United States.

We implement safeguards such as:

•  Standard Contractual Clauses

•  Data Processing Agreements

•  Adequacy-based transfers

•  Technical and organizational security measures

10. SECURITY MEASURES

We maintain industry-standard safeguards, including:

•  Encryption in transit and at rest

•  Role-based access controls

•  Multi-factor authentication

•  Continuous monitoring and logging

•  Vendor due diligence

•  Periodic security assessments

No system can guarantee absolute security.

11. INDIVIDUAL PRIVACY RIGHTS

Depending on jurisdiction, individuals may have rights to:

•  Access personal information

•  Correct inaccuracies

•  Delete personal information

•  Restrict or object to processing

•  Data portability

•  Withdraw consent

•  Opt out of targeted advertising

•  Opt out of sale or sharing

Requests may be submitted to: contact@42.works .

Identity verification may be required.

12. CALIFORNIA PRIVACY DISCLOSURES (CPRA)

California residents may have rights to:

•  Know categories and specific pieces of personal information collected

•  Delete personal information

•  Correct inaccurate data

•  Opt out of sale or sharing

•  Limit use of sensitive personal information

•  Non-discrimination for exercising rights

We process categories including:

•  Identifiers

•  Commercial information

•  Internet activity

•  Geolocation data

•  Inferences

Requests may be submitted to: contact@42.works .

13. CHILDREN’S PRIVACY

Our Services are not directed to children under 16. We do not knowingly process children’s data for behavioral advertising without appropriate consent.

14. CHANGES TO THIS POLICY

We may update this Privacy Policy periodically. Material changes will be communicated via website notice or other appropriate means.