Page tree
Skip to end of metadata
Go to start of metadata

IDENTITY MANAGEMENT PLATFORM DATA SECURITY

Data Submission

All personally identifiable consumer data (e.g., email, name, address) must be MD5 hashed prior to uploading to the IMP. This ensures that an advertiser's human readable customer data never actually touches Viant servers. The MD5 hash functions as a compact digital signature of a file, where each hash is a 32-byte hexadecimal string.  Viant's data onboarding tool looks at each record in the uploaded file and checks to see if the length of the string is 32-bytes. Any record that is not 32-byte is not eligible for matching or subsequent targeting within the IMP.  

An MD5 hashed list does not contain the actual consumer information, so it is not possible to convert these values back to actual data from the MD5 list alone. The matching process compares the client’s uploaded hashed values against the existing hashed database to determine if any records produce an MD5 hashed match. Matching values indicate that the records relate to the same consumers. The existing records in the Viant database are then flagged as consumers that an advertiser desires to reach in their ad campaign. 

To be eligible for matching, the file must have at least 1000 unique records and be in CSV (Comma Separated Value) format. Files that are not in this file format or that do not have the minimum amount of records will be rejected by the UI and will not be eligible for matching. Additionally, advertiser must have authorization to supply customer data to Viant and must abide by data-related requirements in the Viant Ad Cloud Master Services Agreement and applicable schedules, such as the IMP Services Schedule. 

Authorized Systems 

The application server of the IMP is the only system that can perform matching queries against the database.

All Viant services are accessed through the IMP. Only advertisers with valid Viant user credentials will be able to login to the IMP. Advertiser credentials only allow access to client-specific campaign data, and not to data from any other advertiser or campaign. All activity within the IMP is logged for audit purposes.  

Data Transmission

The Viant web server that receives hashed customer lists has an SSL certification installed to allow secure connections from the browser. SSL Certificates are small data files that digitally bind a cryptographic key to an organization’s details. 

Storage and Retention

Hashed custom audience lists are uploaded to the IMP and matched immediately against Viant’s hashed database. This upload can either be done through the UI or as a managed service. Advertiser data is then stored in a secure area of Google’s Cloud Storage. These files are stored behind multiple levels of access control. The data within an uploaded custom audience list is only accessible outside of the Viant servers if the client requests additional managed services to be performed on their data (ex. matching results download). At such time a managed service is requested, relevant data will be securely ported to the necessary area(s) from its location in Google Cloud Storage. All matching processes against the Viant database are logged.  

Deletion

Advertisers may delete existing custom audiences and the related MD5 hash lists within Viant’s IMP service through the user interface. Deletion of the MD5 hash file is immediate. When a custom audience segment is deleted, the hashed list and the flags identifying matched consumers are deleted from the Viant database and ad server Server Side User Store. Deletion of the resulting matches from the Server Side User Profile Store is completed in no longer than 30 minutes. 

Please note that like any ad serving platform, Viant is required to keep detailed log files of delivered ads for audit and diagnostic purposes. However, access to these logs is restricted and the logs utilize a compressed form with proprietary IDs.

Privacy

When an advertiser uploads hashed customer data to Viant, they authorize Viant to attempt matching of the records to Viant's hashed database in order to deliver the ad serving and analytics services of the Viant Ad Cloud to the advertiser.

Saved custom audience segments can only be used within the account in which they were created. No one outside of the advertiser who uploaded the list can see the file or associated matched users. It is not possible to retrieve, download, or view previously uploaded custom audience files.

A custom audience segment can only be utilized for advertising campaigns generated within the IMP account that originally uploaded the hashed data. Advertisers must safeguard access to account credentials to ensure that the account remains protected. 

Viant will not use any advertiser data for any purpose other than as directed by advertiser or as indicated in Viant’s Privacy Policy, as applicable, a current copy of which is available at the following URL: http://www.viantinc.com/privacy-policy/

 

For more information on Viant Data Security, please visit the  Viant Data Security page.