Platform Privacy Policy

Updated: December 31, 2025

This policy applies to PulsePoint’s platforms and services, including PulsePoint’s ad exchange, demand-side platform, and data analytics product(s) (collectively, the “Platforms”), and it explains our practices regarding the collection, use, and disclosure of information on our platforms as well as your rights with regard to that information.

This policy does not govern the collection and use of information through our website at www.pulsepoint.com – that is governed by our website privacy policy. This policy also does not govern the collection or use of information collected by our clients or the third parties they may otherwise contract with. 

If you would like to go straight to our cookie opt-out tool, click here. 

WHO WE ARE

PulsePoint, Inc. (“PulsePoint”) operates several technology platforms that help advertisers serve ads on mobile applications, websites and other digital channels. If you have any questions regarding the use or privacy of your data, please email dataprivacy@pulsepoint.com

Our headquarters is located at:

283-299 Market Street
2 Gateway Center, 4^th Floor
Newark, NJ 07102

‍PulsePoint is a member in good standing of the Network Advertising Initiative (NAI), an association dedicated to responsible data collection use in advertising. PulsePoint also adheres to the specifications of the IAB EU Transparency & Consent Framework for purposes of compliance with EU data protection laws. Our Vendor Number with IAB Europe is 81.

WHAT WE DO

PulsePoint’s Platforms help advertisers and publishers provide advertising over the internet, as well as other channels such as digital billboards or smart TVs. Additionally, the Platforms allow for advertisers to show advertising to you that is relevant to your interests, with the hope that you are presented with ads that may provide beneficial products and services for you.

Through our ad exchange, PulsePoint works with publishers and other content providers to help them sell their advertising space, which in turn helps them to fund their content or apps. On our demand-side platform, also known in the industry as a “DSP,” we work with advertisers who will purchase that advertising space to advertise their goods and services to consumers who may be likely to be the right audience for those ads. We may also measure and report on how often an ad was seen, and how effective that ad was by metrics given to us by the advertiser. To do this, we receive and share “pseudonymous” personal data – data such as IP addresses, cookies, and other unique identifiers – that we receive or may assign to you to remember who “you” are, but that do not directly identify you or your direct contact information.

With respect to our analytics product, we work with our clients to understand the browsing behavior of healthcare providers (“HCPs”). Through pieces of code called “pixels,” we collect information on certain of our clients’ websites or other internet-enabled spaces to understand if HCPs are visiting certain webpages (such as pharmaceutical brand pages) and what kind of information they are viewing. 

‍INFORMATION THAT WE COLLECT

How we collect information:

When a person browses the internet, our publisher partners may request advertisements from PulsePoint’s Platform. Through the serving of those advertisements or through other Platform analytics, we may collect or otherwise receive information that is linked to your computer or device that may reflect how you interact with a webpage, the advertisements you view or click, or other information from your mobile device. As a result, our Platforms may collect data from partners sending us requests for ads on websites, apps, smartTVs, digital billboards, or other advertising channels; through cookies and pixels; through clients or partners providing data to us; through clients and partners using our Platforms; and through the delivery of advertising. We also license data from third-party data providers to help us provide better targeting for our advertising clients.

In addition, PulsePoint is part of the Internet Brands family of companies, and is a subsidiary of WebMD Health Corp. Other companies within the Internet Brands group, including WebMD, may be able to use information collected by PulsePoint for purposes of its own advertising, and PulsePoint also receives certain information collected by the Internet Brands group of companies in support of the PulsePoint Platforms. 

Types of information we may collect:

PulsePoint specializes in health-related advertising and may collect and use information based on a user’s interactions with content on sites or within ads that pertain to health. For example, if you have previously interacted with content that has to do with skin care, PulsePoint may collect that information and you may subsequently be shown an ad on another page for skin care-related products and services. We do not, however, collect sensitive health information like a user’s specific health condition or diagnosis, or information that reveals a person’s health condition or diagnosis.

Most of the information PulsePoint collects is either pseudonymous data, such as cookies, mobile advertising IDs, or other unique identifiers; or non-personally identifiable data, which is data that does not identify you in any way but may be associated with your browsing behavior. Under US State Privacy Laws, some of this data may be considered “personal information” or “personal data.” We may collect information such as:

• IP addresses
• Cookie identifiers
• Device information, such as the type and model, software version, manufacturer, operating system (e.g., iOS or Android), carrier name, mobile browser (e.g., Chrome or Safari), applications used and the version of such applications, and identifiers assigned to your device, such as its iOS Identifier for Advertising (IDFA), Android Advertising ID (AAID), or unique device identifier (a number uniquely given to your device by your device manufacturer), sometimes referred to as a mobile advertising ID or “MAID”;
• User interactions with websites or apps and the general type of content within them, and related information such as the time of day the user visited the websites or apps;
• Ads served, viewed, or clicked on, and where on the internet the ad was served;
• Location information, such as your zip code or approximate geographic area provided by your ISP or by location services and GPS features of a website or mobile device. GPS location may be shared with us if you have opted to provide that information a publisher or other content provider who is responsible for obtaining your prior permission to share that data with us. We may also infer general geolocation of your device based on data collected through, for example, an IP address (though we do not infer “precise” geolocation as defined under applicable state privacy laws);
• Hashed email addresses or other pseudonymous identifiers derived from email addresses or phone numbers, licensed from third party data vendors;
• Demographic information we license from third parties, such as age range, gender, income range, and interests; this data is pseudonymized – meaning, it is tied to a unique identifier, typically provided by the data vendor, but does not provide us with directly identifiable information of an individual.
  ‍

Additionally, for HCPs, we receive data from our affiliate, Medscape, such as an HCP’s name, practice area, practice location, and practice email address; this is disclosed in Medscape’s Terms of Use and Privacy Policy.  We may license similar data from third party data providers. We also collect publicly available information about HCPs from the National Provider Identifier Registry. 

We also contract with third parties to license de-identified healthcare data, including filled prescription data. This data comes to us already in de-identified form in compliance with HIPAA de-identification standards, and we use the data based on the direction of expert determinations to ensure that data remains de-identified. PulsePoint will never attempt to re-identify a specific individual with this data.  

Our Clients may input their own data into our Platforms to support their advertising campaigns and goals. In our contracts, we require our Clients to comply with applicable laws, and we do not permit them to input or share with us certain information, such as certain sensitive data or HIPAA-covered data. 

HOW WE USE COLLECTED INFORMATION

We use the data we collect for the following purposes:

• Targeted and Contextual Advertising. We use the information we acquire to provide optimized, tailored advertising. We may target advertising to the content of a page (known as “contextual” advertising), to an audience of people who enter a general location, to a group of users who fit into an interest-based segment of population (often referred to as “interest-based advertising”), or to people who have engaged with a particular brand or content before (by something known as “retargeting”).
• Location Based Targeting. We may target ads to users that enter the proximity of a general area, using a functionality called “geotargeting” or “geofencing.” We do not collect or use precise location in the provision of these services.  
• Advertising insights, measurement, analytics and performance. Some data we collect may be used to provide insights about an ad campaign or about web traffic. For example, we may use information gathered from ads we have placed to provide our clients with ad-related services, such as statistical reporting about website activity and the number of ads served, and to provide more ads to end-users based on their interactions with specific types of content. We may also disclose how many users are visiting certain of our clients’ websites, how frequently the average end user requests pages about a certain category (such as health or finance), or which ads a segment of end-user interacts with on domains across our Platform.
• Performance of Service. In order to provide the services requested by our clients and publisher partners, we deliver ads on publishers’ pages and apps, create audiences for targeting, provide analyses of ad campaigns, limit the number of times a person sees the same ad (called “frequency capping”), associate devices that may relate to each other, determine whether certain purchases or actions by consumers are attributed to viewing a particular ad, and other ad reporting services.
• Inferred Information. We may infer certain information from the data we collect. This may be inferences about a user who has interacted with content – so, for example, where we see a user has interacted with content about women’s heath, we may infer that user is a woman who is interested in health topics related to women. This information may also be inferences that we make based on other information, such as data that we license, for assumptions or predictions we may make about ad performance. 
• Cross-device linkage. We may use data that we collect or license to help us determine if there are groups of identifiers that might be related to each other, such identifiers that are all likely to belong to the same device, or that may be associated with individuals with multiple devices or within the same household.
• Fraud Detection and Security. We may use data to protect our Platform and our clients against fraud, as well as to protect the safety of the data we hold within our systems. We may be able to detect malicious or fraudulent activity through our services by using and reviewing the data.
• Product Functionality and Improvement. We use the data to operate our services, for aggregate statistics, to improve our services and functionalities, and for other internal business purposes.
• Communication and Legal Disclosures. We may use your information to respond to you if you reach out to us directly with questions or concerns; we may also disclose data to legal authorities or regulators if required by applicable law.
  ‍

‍Some of the use cases may be considered “selling” or “sharing” of personal information under applicable laws. 

HOW WE SHARE INFORMATION

PulsePoint discloses information that it collects to the following categories of third parties:

• Affiliates, which includes our parent companies, such as WebMD and Internet Brands, and sister companies, affiliates within the Internet Brands family.
• Demand and Supply Partners, who may receive bid request information as part of our services on the ad exchange.
• Data Vendors, which may be consent management platforms, identity resolution providers, and other companies that help to provide us with data-related services in order to allow us to run our services in a privacy-focused manner.
• Service Providers and Subcontractors, who only provide services on our behalf, at our direction, and for no other purpose. We may share data with these service providers to ensure our platforms and technology work properly or to otherwise support our services.
• Mergers and Acquisitions, where we may share data in connection with a corporate merger or acquisition by another company.
• Law Enforcement or Regulatory Authorities, where we may be compelled by law or other legal authority, to comply with a court order, or to otherwise cooperate in legal proceedings, including if we determine it necessary in connection with an investigation.
• Clients, for Healthcare Providers only – we share certain publicly available data such as NPI numbers, in connection with browsing behavior associated with those NPI numbers, with our clients who purchase those specific services and have signed contracts with us that include terms on protection of privacy.
  ‍

‍We may share certain information with Google as a partner in the ad ecosystem. Where we share information with Google, Google uses the information to deliver its services, maintain and improve them, develop new services, measure the effectiveness of advertising, protect against fraud and abuse, and personalize content and ads you may see on Google and on our partners’ sites and apps. You can review Google’s Privacy & Terms page here.

USE OF COOKIES AND TRACKING TECHNOLOGIES

We collect information about users through technologies such as cookies, pixels, tags, web beacons, or other similar technologies. “Cookies” are small data files that are stored by your web browser on your computer. When you visit a webpage, the cookie sends back data about that visit. “Pixels” are small graphic images (usually invisible) that can be embedded in content and ads on a webpage that track usage of websites and effectiveness of communication. These pixels can then be used to recognize our cookies and to monitor certain user interactions with a website.

‍Cookies and these other technologies are important and useful because they allow us to recognize and distinguish between devices and provide relevant advertising as described in this policy. Our cookie domain is contextweb.com. 

‍You have several choices when it comes to opting out of the collection of information about your web browsing activities through cookies. See the “Opt Outs” section below for ways to opt-out. You can also find information about opting out on the DAA website. For additional information on cookies, please review our Cookie Policy.

OPT OUTS AND YOUR CHOICES OVER INFORMATION WE SHARE

You have various options to opt out of our use of your personal information for targeted advertising and/or the sale or sharing of your personal information. Please note that opting out does not prevent you from seeing ads; it simply means that we will no longer collect your data for the purpose of targeted advertising or to sell or share your personal information. You may still see ads that come from our services, they just may not be relevant to you.

Cookie-based opt-outs are browser- and device-specific. If you change web browsers or change computers, you will need to opt out of cookies on those browsers or devices as well. If you delete your cookies, you will also delete the opt out signal to PulsePoint, so you will need to re-submit the opt out after that deletion. 

Note that different devices require separate opt-outs because each device type uses different technologies, and many of the opt-out technologies available are browser- or cookie-based so they will only apply to those specific browsers or cookies.

Your options include:

PulsePoint Opt Out

You can use our PulsePoint Opt Out Tool, available at this link. 

Industry Opt Outs

Certain online advertising industry groups provide certain programs that allow users to control the use of cookie-based identifiers placed by companies that participate in these programs. You can access these programs through the following:

• DAA Opt Out. Because PulsePoint adheres to the DAA Self-Regulatory Principles, you can opt out of targeted advertising on a cookie basis by clicking here.
• TV Opt Out. Many connected TVs and related devices offer a choice mechanism similar to those offered by mobile devices which PulsePoint will honor. In order to exercise your choices with respect to CTV or OTT devices, please visit: https://www.networkadvertising.org/internet-connected-tv-choices/.
• NAI’s “How to Opt Out” Page. The NAI provides certain tools and resources to users on how to adjust privacy settings and request opt outs at this page: https://thenai.org/how-to-opt-out/
  ‍

Global Privacy Control

 You may also set a preference on your browser through a browser-based opt out signal called “Global Privacy Control” which will provide a signal to automatically make opt-out requests as you browse the web. This signal is only available on certain browsers and is browser-specific, so it will only apply to the browser on which you opt to use it. However, for purposes of the Platforms, PulsePoint honors this signal when it is passed through to us by our partners. You can learn more about GPC here. Additionally, the  NAI has recently released a Global Privacy Control browser extension for Google Chrome which you can access here.

Mobile App Opt Outs

If you are using a mobile device, your mobile device may offer settings to limit or disable mobile apps from gathering certain information. Review the settings for the app, or access the privacy settings of your device and select “limit ad tracking” (iOS) or “opt-out of interest based ads” (Android). For more information on how to opt out on mobile devices, you can visit the NAI’s information page located at https://thenai.org/how-to-opt-out/advertising-privacy-settings-on-mobile-devices.

Other Identifier Opt Outs

We may share information that we collect from you, such as your IP address or other information about your browser or operating system with certain service providers, including LiveRamp, Inc. LiveRamp returns an online identification code that we may store in our first-party cookie and it may be shared with advertising companies to enable interest-based and targeted advertising. You may opt out of this use here.

Healthcare Provider Opt Out

If you are a healthcare provider (“HCP”) with a registered NPI number, you may request that your NPI number and other personal information be removed from PulsePoint’s NPI database at any time by submitting a request here.

PRIVACY RIGHTS 

Depending on where you live, you may be afforded specific rights with respect to your privacy and control over your personal information. Those rights include:

• Right to Opt Out of Targeted Advertising or Opt Out of Sale or Sharing. We may sell or share (as those terms are defined in the applicable privacy laws) your personal information in connection with providing our Services, which include targeted advertising or cross-context behavioral advertising.  For example, we may share your device information with a demand partner in order to let them decide if they want to show you an ad. You can opt-out of this use of your personal information as described in the “Opt Outs” section above.
• Right to Access/Know. You may have the right to request that we disclose certain information about the personal information we collected about you, the categories of sources from which we collected the personal information, the categories of personal information that we sold or disclosed, our business or commercial purpose for collecting and selling your personal information, the categories of third parties with whom we shared your personal information, and the specific pieces of personal information we collected about you.
• Right to Correct. You have the right to request, in certain circumstances, that we correct any inaccurate personal information that we have collected directly from you.  To protect your personal information, we are required to verify your identity before we can act on your request.
• Right to Delete. You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions.
• Right to Non-Discrimination. You have the right not to be discriminated against for exercising the rights above.

ACCESS, CORRECTION, AND DELETION REQUESTS 

If you would like to submit a request to access, correct, or delete of the data we have on file for you, you may submit such requests here. Alternatively, you may email us at dataprivacy@pulsepoint.com or write to PulsePoint Privacy Department, 283-299 Market Street, 2 Gateway Center, 4^th Floor, Newark, NJ 07102. We may take reasonable steps to confirm your identity in an effort to prevent identity theft. Also, please note that in general, we only have pseudonymous data on any given individual (other than HCPs).  The information we need to complete these requests will include either your PulsePoint cookies, your MAID, or your IP address. 

To find your PulsePoint cookies, look for the cookies on your browser that resolve to “contextweb.com”. For MAIDs, on an Android device a MAID is referred to as an AAID. Go to your device settings and click on “Ads.” Your AAID will be listed at the bottom of the screen. On an iOS device, a MAID is referred to as an IDFA. The IDFA is hidden by default on iOS devices. You can find the IDFA using a third party app, which are available in the Apple App Store. You can find some of those apps here.  

If we deny your request, you may have the right to appeal our decision by emailing us at dataprivacy@pulsepoint.com and/or following the directions in the denial response. 

Response Fees

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded.  If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

EEA RESIDENTS

We do not intentionally process data of consumers in the EEA for the purposes of our DSP. However, we may receive data of EEA consumers through web traffic passed to us through our Ad Exchange. If we receive data from a device located in the EEA, you will be afforded the rights provided under the GDPR. EEA residents are also able to access our Data Protection Officer, who is reachable at dpo.webmd.ams@dentons.com. For more information on our practices with respect to data of EEA residents, please visit our EEA supplement. 

We participate in the EU-US Data Privacy Framework, the UK Extension to the EU-US Data Privacy Framework, and the Swiss-US Data Privacy Framework. To learn more, click here.

If you are located in the EEA and visit a site or other content provider that happens to work with PulsePoint and uses the IAB Europe Transparency and Consent Framework, that publisher should provide you with an option to choose which third parties you wish to allow access to your device and information.

COLLECTION, USE, AND DISCLOSURE OF INFORMATION BY OTHERS

This Privacy Policy applies only to information gathered by us in connection with our Platform. There are other companies involved in collecting information and serving ads. The use of third-party pixels, cookies, and other technologies on websites that end-users visit, in apps that end-users use, and in ads served to end-users should be described by the privacy policies associated with those websites, apps, and ads. We have no responsibility for the collection, use, or disclosure of information by those third parties via such websites, apps, or ads.

SECURITY

We use reasonable security measures to protect the data in our possession. However, no method of transmission or storage of data is 100% secure. To the extent we provide your data to any third parties, we request that they use reasonable and industry standard security measures to protect your information.

DATA RETENTION

Personal Information we acquire through our Platforms is generally deleted within 45-60 days but may be retained in PulsePoint’s internal network for up to 18 months from the date of collection before deletion. We may keep or store aggregated or non-personally identifiable data derived from that information indefinitely. 

We retain information we collect from you where we have an ongoing legitimate business need to do so (for example, to comply with applicable legal, tax or accounting requirements).  

When we have no ongoing legitimate business need to process your data, we will either delete or anonymize it or, if this is not possible (for example, because your data has been stored in backup archives), then we will securely store your data and isolate it from any further processing until deletion is possible.

CHILDREN’S PRIVACY

In the interest of the privacy of children, we do not knowingly collect information from or target end users under the age of 18. Our Platform is neither developed for nor directed at children. If we learn we have collected or received information from a minor under 18 without verification of parental consent, we will endeavor to delete that information.

CROSS-BORDER DATA TRANSFERS

Our Platform is based in the United States and operates under United States law. If you are located outside of the United States, the information we collect may be transferred to and processed in the United States and in other countries where the privacy laws may not be the same as the laws where you reside and, in some cases, may not be as protective. Additional considerations apply to the collection, use, and disclosure of information from individuals who live in the EEA.

GLOBAL PRIVACY CONTROL (“GPC”)

Certain web browsers allow you to turn on settings that automatically send a signal to companies you interact with online to indicate you would like to opt out of having your data shared or sold. PulsePoint has implemented and will honor GPC. PulsePoint is also a signatory to the IAB’s MSPA and recognizes the GPP consent string in accordance with IAB guidance.  

RESIDENTS OF CALIFORNIA

Under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (the “CCPA”), we are required to disclose certain additional information to California residents. If you are a California resident, the information in this Section pertains to you.

In addition to the privacy rights listed below for certain US Residents, California Residents have the right to limit the use of sensitive personal information that we may collect about such residents. We generally do not attempt to collect any “Sensitive Personal Information” as defined under the CCPA, but we may be sent such information from publishers or other partners without prior notice. If we use or disclose this sensitive personal data for any reason other than as permitted under the CCPA, you have the right to request that we limit that use to only specific uses as prescribed under the CCPA.

California Disclosure

In the past 12 months:

Categories of Personal Information Collected

For Healthcare Providers Only: Identifiers such as name, postal address, telephone number, email, account name; Professional or employment-related information such as current place of employment; and all items collected below for consumers.

For Consumers: Identifiers such as Cookies, IP address, Mobile Ad IDs, Timestamps, User Agent Strings, unique personal identifiers, online identifiers, IP address; Location Data such as general location data that is “imprecise” under applicable law, as well as other location data that may be determined based on WiFi; Internet and Electronic Network Information, such as information on a user’s interaction with a website, application or advertisement; and Inferences drawn from other personal information.

Please also see “Information We Collect” in the privacy policy above for more details.

Categories of Sources from which Information is Collected

Websites, mobile applications, technology platforms, other adtech providers, data providers, data brokers.

Purposes for Collecting and Disclosing Personal Information

We use collected information to provide online advertising services, as further described above in “How We Use Collected Information” and “How We Share Information”

Categories of Personal Information that we sell or share

Pursuant to the definition of “sell” under the CCPA, we “sell” only the personal information described for “Healthcare Providers Only” under the “Categories of Personal Information Collected” provided above in this chart. Pursuant to the definition of “share” under the CCPA, we share the information for both HCPs and Consumers under “Categories of Personal Information Collected” provided above in this chart.

Third parties to whom information is shared or sold

Publishers, demand partners, supply partners, measurement providers, identity resolution partners, advertiser clients (for HCP data only)
‍
CALIFORNIA DELETE ACT

PulsePoint is a registered Data Broker for purposes of, and as defined by, the California Delete Act. Below are the statistics for the Calendar Year 2024:

For requests to delete and to know/access, many of the requests are listed as “denied” because we were either unable to verify the identity of the individual making the request, or because we were not able to locate any information relating to the individual making the request. 

CHANGES TO THIS PRIVACY NOTICE

We reserve the right to change or modify this privacy notice and any of our Services at any time and any changes will be effective upon being posted unless we advise otherwise. We encourage you to periodically review this privacy notice for the latest information on our privacy practices.