Data privacy

At Bombora, we take our responsibility in protecting consumer's rights to privacy very seriously. Our data is 100% non-personally identifiable information and brand anonymous. This data privacy page is intended to answer frequently asked questions about how we collect, leverage, and safeguard consumer data.

Frequently Asked Questions:

1. Where can I find Bombora's privacy policy?
2. What type of data does Bombora collect?
3. What type of data does the Bombora Visitor Insights tag collect?
4. What type of data does the Bombora Audience Verification tag collect?
5. Who has access to this data?
6. How frequently are cookies refreshed or deleted?
7. How long do you store IP data and do you use it for targeted advertising?
8. Is IP data collected as individual IP addresses or is this aggregated upon collection?
9. How long do you store browser type or operating system (OS) data and do you use it for targeted advertising?
10. Can the storage of cookie data be shortened or extended at a client’s request?
11. Please describe what location data you collect and what role it plays in creating your B2B segments?
12. Do you collect personally identifiable information (PII)?
13. What does Bombora do with data collected from pixels placed on advertising campaigns or websites?
14. Do you share non-personal information with any other partners or firms?
15. Are you accredited by any data privacy associations?
16. From which geographic regions does Bombora collect data?
17. Does Bombora take steps to contractually require publishers to obtain clear and affirmative consent from consumers for the collection of data?
18. What are the options for opting out of behavioral advertising on a desktop device?
19. What are the options for opting out of behavioral advertising on a mobile device?
20. How is Bombora's Intent data GDPR compliant
21. Does Bombora comply with the EU's data protection regulation?
22. Are there any implications for Bombora's data due to GDPR?
23. Who is the appointed chief privacy officer (CPO) at your firm?
24. Does Bombora track consumer demographic data in the EU?
25. What security measures do you use to prevent data hacking?
26. What is your protocol for informing consumers if their data is hacked?
27. Do you have a process to respond to questions, concerns, corrections, deletions to profiles?
28. To which of the data privacy regulations are you complying with?
29. How is Bombora ethically responsible to its Data Co-op members? 


1. Where can I find Bombora's privacy policy?  
http://bombora.com/privacy/

2. What type of data does Bombora collect?  
Bombora collects online information from internet-based activity when consumers are visiting a Bombora partner website or on a 3rd party's behalf in the serving of advertisements. Bombora does not collect any personal information that directly identifies any person.
Online marketing information may include:

a. Unique IDs such as a cookie placed on a web browser

b. Internet Protocol address (IP address) and information derived from an IP address such as geographic location

c. Information about a device such as information contained in HTTP requests ('Usage Information') including browser type, operating system (OS), and referring URLs

d. Demographic information such as age, gender, ethnicity, functional area, seniority, and professional group

e. Behavioral data such as device usage, browsing activity, actions on websites and content areas, responses to advertisements delivered by Bombora, date and time of these activities  

3. What type of data does the Bombora Visitor Insights tag collect? 

a. Unique IDs such as a cookie placed on a computer, mobile, or device ID

b. Internet Protocol address (IP address) and information derived from an IP address such as geographic location

c. The URL of the page that the consumer has visited as well as the referrer URL

d. Information about a device such as information contained in HTTP requests ('Usage Information') including browser type and operating system (OS)

e. The language of the user's browser

f. Engagement level data including dwell time, scroll depth, scroll velocity, and time between scrolls

4. What type of data does the Bombora Audience Verification tag collect? 

a. Unique IDs such as a cookie placed on a computer, mobile, or device ID

b. Internet Protocol address (IP address) and information derived from an IP address such as geographic location

c. The URL of the page that the consumer has visited

d. Information about a device such as information contained in HTTP requests ('Usage Information') including browser type and operating system (OS)

5. Who has access to this data?  
Senior engineers only.

6. How frequently are cookies refreshed or deleted?  
Cookies are refreshed in real-time. They expire after 13 months.

7. How long do you store IP data and do you use it for targeted advertising?  
IP data is stored to user profiles in raw log files for 90 days. However, IP data is not used for targeted advertising.

8. Is IP data collected as individual IP addresses or is this aggregated upon collection?  
IP addresses are collected as individual values and deleted in 90 days.

9. How long do you store browser type or operating system (OS) data and do you use it for targeted advertising?  
Browser type and OS data is stored to user profiles for 180 days. However, the data is not used for targeted advertising. Browser type and OS data is used for brand safety purposes only including fraud and bot detection.

10. Can the storage of cookie data be shortened or extended at a client’s request?  
No. Storage of cookie data is standard across Bombora and cannot be shortened or extended at a client's request.

11. Please describe what location data you collect and what role it plays in creating your B2B segments?  
Location data is derived from IP address. IP address does not play a role in creating our B2B audience segments.

12. Do you collect personally identifiable information (PII)?  
No. Bombora collects non-personally identifiable information only as defined by the Network Advertising Initiative (NAI).

13. What does Bombora do with data collected from pixels placed on advertising campaigns or websites? 

Bombora's data collection methods are privacy compliant and completely brand anonymous. Data obtained from advertising campaigns and websites are anonymized and aggregated to provide several services including:

a. Better tailor website and promotional content to visitor interests

b. Enable more relevant and targeted advertising

c. Analytics for advertisers to better understand the audience they are reaching

14. Do you share non-personal information with any other partners or firms?  
Yes, Bombora may share non-personal information, such as aggregated demographic, user statistics, interest categories and Usage Information with third parties.

15. Are you accredited by any data privacy associations?

Bombora is accredited by the following data privacy associations:

  • Digital Advertising Alliance (DAA)

16. From which geographic regions does Bombora collect data?

We collect data globally.

17. Does Bombora take steps to contractually require publishers to obtain clear and affirmative consent from consumers for the collection of data?  
Bombora maintains in our Master Service Agreement (MSA) with publishers that data is obtained in a lawful manner and no applicable privacy policies were violated in obtaining the data. Additionally, we review the privacy policy, path to consumer consent, and consumer opt-out options for our publisher partners to ensure proper data collection methods are followed.

18. What are the options for opting out of behavioral advertising on a desktop device?  
If you wish to to opt-out, please visit http://bombora.com/privacy/ 

19. What are the options for opting out of behavioral advertising on a mobile device?  
Online consumers using mobile or tablet devices can opt-out from Bombora by using one of the following methods:

a. iOS Device 
iOS 7 or above: Go to your Settings > Select Privacy > Select Advertising > Enable the 'Limit Ad Tracking' setting
iOS 6: Go to your Settings > Select General > Select About > Select Advertising > Enable the 'Limit Ad Tracking' setting

b. Android Device
For Android devices with OS 2.2 and up and Google Play Services version 4.0 and up: Open your Google Settings app > Ads > Enable 'Opt-out of interest-based advertising.' 

If you've turned on Limit Ad Tracking on your IOS device or the Opt-out of interest-based ads on your Android device, you can restore interest-based ads by turning the settings off. Please note that when you opt-out, you will still see advertising on your mobile or tablet device; however, they may be less relevant to you because they won't be based on your interests. 

20. How is Bombora's Intent data GDPR-compliant? 

There are two main paths to GDPR compliance – legitimate interest and consent. Bombora is taking a consent-based approach to comply with the requirements of GDPR.

Where other forms of Intent data are based on legitimate interest, Bombora has a direct relationship with owners of the sites in its Data Co-op. Bombora is explicitly listed as a vendor and our data usage (its purpose) is detailed, providing visitors the opportunity to provide knowing consent.

To give users control over their privacy and tracking preferences, Bombora also uses standardized opt out processes as well as making a Data Subject Access Request (DSAR) portal available – another requirement of GDPR.

21. Does Bombora comply with the EU's data protection regulation, GDPR?  
Bombora is working with its partners and consent platforms such as Evidon to gain user consent and be compliant with GDPR & ePrivacy.  

22.  Are there any implications to Bombora's data due to GDPR?
Bombora and its EMEA co-op partners are preparing compliant user consent paths, including industry standard platforms such as Trustee. Bombora is identifying Data Controller and Data Processor responsibilities and producing complaint agreements with the support of a team of privacy attorneys from Fieldfisher, a UK-based firm. In addition, we are building internal processes to facilitate responses to consumer inquiries, if any, requesting transparency regarding data stored on a particular individual’s profile. Please view our GDPR one pager for more information.

23. Who is the appointed chief privacy officer (CPO) at your firm?  
Havona Madama, Chief Privacy Officer.

24. Does Bombora track consumer demographic data in the EU?  
No, Bombora does not track demographic data such as age, gender, and ethnicity in the EU.

25. What security measures do you use to prevent data hacking? 

Bombora’s advanced security measures include best-in-class risk assessment programs, incident response plans, intrusion detection systems, and vulnerability testing. Our datacenter conducts regular SSAE 16 SOC 3 audits and implements biometric security. Networks are protected by firewalls and ACLs, and our site-to-site traffic is routed over VPNs. Additionally, we leverage role-based security and needs-based computing.

26. What is your protocol for informing consumers if their data is hacked?  
In the unlikely scenario that there is a data hack, we will inform consumers via a blog article on the Bombora website.

27. Do you have a process to respond to questions, concerns, corrections, deletions to profiles?  

Bombora maintains a privacy@bombora.com email address to respond to consumer concerns and questions. Additionally, we have appointed a chief privacy officer (CPO) to respond to privacy-related questions.

28. To which of the data privacy regulations are you complying with?  
Bombora complies with the data privacy regulations as defined by the Network Advertising Initiative (NAI).

29. How is Bombora ethically responsible to its Data Co-op members? 
Fundamental to the Data Co-op model is confidentiality around the originating source of content consumption behavior. To ensure this, Bombora anonymizes the content consumption activity that it collects and translates this into raw topics, which it uses in aggregate to form its Intent dataset. The identity of the Co-op member is never exposed.

Previous Article
See all customer stories from the Bombora website
See all customer stories from the Bombora website

Use these links to learn more about our latest stories of customer success. Check back often as we are alwa...

Next Article
Company Surge® feed- All Domains All Topics (ADAT) FAQs
Company Surge® feed- All Domains All Topics (ADAT) FAQs

The ADAT feed provides an aggregated supply of topics surging across specific business domains and location...