Taboola is committed to providing our customers, users, and partners full transparency with respect to our services. This Trust Center provides information about the ways that you can control your experience with the Taboola Network and how we ensure compliance with best industry standards. If you have any questions that are not addressed here, please reach out to us at support@taboola.com

Interest-Based Advertising

• What is Interest-Based Advertising?
• How to Opt Out

Industry Participation & Compliance

• Commitment to Best Advertising and Privacy Practices
• Best in Class Disclosures
• Taboola Choice
• Copyright

Advertising Guidelines

• Global Content Review
• Advertising to Children
• Fake News
• Fraud Detection and Invalid Traffic

Privacy at Taboola

• Privacy By Design
• Global Privacy Training
• IAB Europe Transparency and Consent Framework

Security

• Data Security

GDPR

• How does Taboola Comply with the GDPR?
• What Data Does Taboola Collect From its Users?
• Who Should I Contact About GDPR Compliance and My Relationship with Taboola?

CCPA/CPRA

• How Does Taboola Comply with the CCPA/CPRA?
• What Categories of Data Does Taboola Collect from California Consumers?
• What is Taboola's legal position under CCPA/CPRA as it relates to Advertisers and Agencies?
• Who Should I Contact About CCPA/CPRA Compliance and My Relationship With Taboola?

Interest-Based Advertising

What is Interest-Based Advertising?

Interest-based advertising shows you ads that are likely to be of interest to you.

These ads are tailored to your interests and preferences, which advertisers determine based on your browsing behavior over time, across different websites, browsers, or devices. For example, if you browse a website for travel tickets to Costa Rica, and you later browse a different website, you may see ads for hotels and activities in Costa Rica, which are personalized based on your earlier browsing history.

The digital advertising industry has created privacy standards for online ad companies to tell you what kinds of data they collect from you and how they use your data. Taboola is a member in good standing of the following industry groups, and adheres to their self-regulatory standards:

• The Digital Advertising Alliance’s (DAA) Self-Regulatory Principles. Learn more here.
• The Interactive Advertising Bureau’s (IAB) Self-Regulatory Principles for Online Behavioral Advertising (OBA Framework). Learn more here.
• The Network Advertising Initiative’s (NAI) Code of Conduct. Learn more here.

For more information about our collection and use of data for interest-based advertising purposes, please click here.

How to Opt Out

Taboola supports initiatives to offer you greater transparency and control over the use of your data. Therefore, if you do not want Taboola to serve you ads and content based on your past browsing history, you can disable such ads by visiting our Data Subject Access Request Portal.

You may use the NAI opt out tool, which will allow you to opt out of receiving targeted ads from Taboola and from other NAI-approved member companies. The NAI also provides instructions to engage system-level mobile device opt outs in Android, iOS, and Windows Phone environments.  

You may also visit one of the Digital Advertising Alliance affiliate websites to learn more about user choices and opting out of interest-based advertising displayed by the many member companies.

• Users in the United States may visit the DAA consumer choice page at www.aboutads.info/choices
• Users in Canada may visit the DAAC consumer choice page at www.youradchoices.ca/choices
• Users in Europe (including the United Kingdom) may visit the EDAA consumer choice page at www.youronlinechoices.eu

You can also opt out of the use of your email address for targeted ads through Audience Matched Advertising or AMA by Taboola and other advertising companies through the NAI Audience Matched Advertising Opt Out (Beta).

Back to top

Industry Participation & Compliance

Taboola has always believed that digital journalism and content discovery should be supported by honest and non-disruptive advertising. Holding on to this belief, we have become valued partners with thousands of the world's top publishers and advertisers and we have collaborated with and participated in a number of privacy and digital advertising industry groups that have helped shape our own best practices.

Commitment to Best Advertising and Privacy Practices

Best in Class Disclosures

Taboola has implemented stringent disclosure guidelines to ensure that before you click on a piece of content on our network, you can easily determine where the content is coming from and whether it is sponsored by an advertiser. We require that all sponsored content include the name of the sponsoring company and, for certain product types, the product category, to help you better understand the source of the content.

Report Inappropriate Content

“Taboola Choice” offers you the ability to control, in real-time, what you see on the Taboola platform and helps you block individual pieces of content that you dislike. We encourage you to alert us if you see anything that you find to be deceptive, fake, or harmful. To do so, when you see a questionable item in Taboola’s platform, hover over it and you’ll see a small “x” icon in its top right corner. When you click this icon, select from the list of reasons that best describes why you’ve chosen to report this content. Once reported, you will never see this item again, and our Content Review Team will thoroughly review it and either confirm that it complies with Taboola’s Advertising Guidelines, or take all necessary actions to ensure that it is removed from our network.

Copyright and Intellectual Property

If you suspect that any content on our network may violate copyright or intellectual property laws, please reach out to us at copyright@taboola.com. Additionally, in the United States, owners of copyrighted works who believe that their rights under U.S. copyright law have been infringed may also take advantage of the Digital Millennium Copyright Act of 1998 (the “DMCA”) to report alleged infringements, by following the procedures listed here.

Back to top

Advertising Guidelines

It is important to us that we honor your trust by maintaining content quality and safety across our network. Therefore, all content that runs on the Taboola Network must comply with our Global Advertising Policies, which you can review here.

Global Content Review

All content that we distribute is first manually reviewed and categorized by our Global Content Review Team. This team includes international content reviewers who are fluent in many languages and familiar with diverse cultural nuances. Their core mission is to ensure compliance with our Global Advertising Policies, and that nothing has inadvertently been miscategorized.

Advertising to Children

The Children’s Online Privacy Protection Act, (“COPPA”) governs websites and ad content targeted to audiences 18 years old or younger. Similarly, the EU’s General Data Protection Regulation (“GDPR”) generally limits the processing of data belonging to users under the age of 16. Because Taboola is unable to obtain meaningful parental consent before we serve our Content Discovery Platform, we do not provide our services to websites that are intended for children 18 years old and younger in the U.S. or under the age of 16 in the EU.

Fake News

Taboola has taken a strong stance on banning “Fake News” from our network. We appreciate the impact that our content has on our audiences and value the integrity of all content on our network. We take this responsibility seriously and we do not tolerate content that intentionally confuses readers or that appears to be news or editorial content, when instead it is truthless propaganda or an advertisement.

We have spoken at great length about our efforts against the distribution of fake news on numerous panels, in the Financial Times, and on Taboola’s Blog.

Fraud Detection and Invalid Traffic

We take fraud seriously, and know that any infractions damage the quality of Taboola’s recommendations. To ensure that our advertisers target the right users on the best quality websites and digital properties, Taboola has a dedicated global Anti-Fraud team that manually reviews and automatically monitors for invalid traffic. This includes fraudulent clicks and impressions that might not be the result of genuine user interest (e.g., mechanically generated “click fraud” or “bot fraud”).

Back to top

Privacy at Taboola

We are dedicated to providing you with the highest level of transparency and control over the data we use for personalized online advertising.

Privacy By Design

Taboola’s products and services are designed to minimize the collection and use of your data. Taboola has built data protection compliance into our processes and systems from the ground up. To do this, we have ensured that our employees, engineers, and design teams have a solid understanding of Taboola’s data protection obligations. This also includes that the concept of “Data Protection by Design” — or ensuring that any new products, services, or systems are designed to minimize the personal data that we collect — is embedded into our product development process, and considered from the outset and throughout the life cycle of our products and services.

Global Privacy Training

In the spirit of Privacy by Design, we appreciate that all members of the Taboola family need to understand how to minimize, identify, and protect personal data. As such, our privacy team conducts regular in-person and video privacy trainings for all Taboola employees, instructing each to protect privacy in their relevant roles and to understand Taboola’s global protocols and data protection obligations.

IAB Europe Transparency and Consent Framework

Taboola's privacy team continues to be actively involved with the IAB Europe's GDPR Implementation Group, where we collaborate with others in the industry and helped develop the IAB Europe’s Transparency and Consent Framework. This Framework provides you with greater transparency into, and control over, the use of your personal data, and allows you to express your preferences about how companies may process your data.

Taboola is a Global Registered Vendor of the IAB EU Framework. This means that when you first visit your favorite websites and apps in the EU, some will ask whether you agree that your data can be used to personalize your browsing and advertising experience. When you give or deny this consent, the website or app will let Taboola know, and we will respect your choices by only making recommendations in compliance with your privacy rights. This does not mean you won’t see Taboola’s discovery platform anymore, it just means that our recommendations will not be tailored specifically for you (and instead they will be determined by the website you’re visiting and other contextual factors).

If you are a Taboola publisher and would like more information about how to integrate with Taboola via the IAB Transparency and Consent Framework, please review our guidance, here.

Security

Data Security

We value the security of your data and have taken steps to help protect it from loss, misuse, unauthorized access, disclosure, alteration, destruction, and any other form of unauthorized processing. Taboola is ISO/IEC 27001:2013 and ISO/IEC 27701:2019 certified and uses these industry-standard specifications to ensure data security. Our security posture is evaluated on an ongoing basis and when cyber intelligence shows a change of risk levels, the security posture is updated accordingly. Please be aware, however, that no measures can guarantee 100% data security.

Back to top

GDPR

The European Union General Data Protection Regulation (the “GDPR”) harmonizes data protection laws across Europe and gives individuals within the EU better control over their personal data and the ways that organizations may use it.

How does Taboola Comply with the GDPR?

Here is a summary of just some of the things Taboola has done to prepare for the GDPR:

• Internal privacy team credentials include the International Association of Privacy Professionals (IAPP) Certified Information Privacy Professional/United States (CIPP/US), Certified Information Privacy Professional/Europe (CIPP/E), Certified Information Privacy Manager (CIPM), and Fellow of Information Privacy (FIP) designation
• Trainings and awareness sessions for all global employees
• Appointment of a Data Protection Officer
• A multidisciplinary internal GDPR task force comprised of members of our executive, legal, privacy, business, product, IT, data, and R&D teams
• Maintenance of a Privacy Policy reflecting our obligations under the GDPR
• Implementation of necessary technical changes to our services to support the GDPR's requirements and enhanced data subject rights
• Implementation of appropriate safeguards consistent with the GDPR to enable the transfer of data out of the EU and any processing to occur lawfully outside of the EU
• Mandating any data processors to provide sufficient guarantees to implement appropriate technical and organizational measures to ensure processing meets the requirements of the GDPR

What Data Does Taboola Collect From its Users?

For a full description about the data we collect and how we use that data, please visit Taboola’s Privacy Policy.

Who Should I Contact About GDPR Compliance and My Relationship with Taboola?

For more information about Taboola and the GDPR, please contact us at privacy@taboola.com.
To learn more about the GDPR, specifically, please visit this official website from the European Commission.

Back to top

CCPA/CPRA

The California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA/CPRA”) is a U.S. state-level privacy law that aims to provide California consumers with greater control over how their personal information is collected, used, sold and shared by companies.

How does Taboola Comply with the CCPA/CPRA?

Here is a summary of just some of the things Taboola has done to prepare for the CCPA/CPRA:

• Taboola’s U.S. Privacy Rights Portal helps California consumers access, correct, update or delete their Personal Information in real-time.
• Taboola provides CCPA/CPRA-required notices and disclosures to California consumers in the Taboola Platform (Feed and Widget) with additional information in our Platform Popup Disclosure, which all appear at the point of collection on our partner publisher’s websites and digital properties.
• Taboola supports the IAB Privacy Technical Specifications. While Taboola, in relation to its publisher partners, is as an independent business with a direct relationship to our California consumers, is not a signatory to the IAB Multi-State Privacy Agreement, we do honor all IAB “Do Not Sell or Share” signals passed by our publisher partners as if the user instructed Taboola directly.
• Taboola continues to exercise the best practice of data minimization and undertook a comprehensive review of our data practices and eliminated certain data uses to ensure effective data protection and CCPA/CPRA compliance.
• Taboola implemented CCPA/CPRA appropriate website disclosures, and outlined specific California rights in our Privacy Policy and Cookie Policy.
• Taboola has implemented CCPA/CPRA specific Data Processing Addenda to supplement our agreements with our advertiser clients to allow Taboola to act as a "Third Party" business (as defined in the CCPA/CPRA).
• Taboola has implemented various CCPA/CPRA specific Data Processing Addenda to supplement our agreements with our suppliers, demand partners, data partners, and online vendors, to ensure they act as Taboola’s “Service Providers” or "Third Parties," as applicable (as defined under CCPA/CPRA).

What Categories of Data Does Taboola Collect from California Consumers?

For a full description about the data we collect and how we use that data, please visit Taboola’s Privacy Policy.

What is Taboola's legal position under CCPA/CPRA as it relates to Advertisers and Agencies?

In relation to our Advertisers and Agencies, Taboola is a "Third Party" business under section 1798.140(ai) of the CCPA/CPRA.

Taboola provides retargeting and personalization services to Advertisers. Taboola uses the data it collects for “cross contextual behavioral advertising” (CCBA) under section 1798.140(k). CCBA is not a permitted business purpose for “service providers” under section 1798.140(e)(6).

Cross-context behavioral advertising is the CCPA term for targeted advertisements to consumers based on their behavior across digital properties. This also includes retargeting and personalization. Taboola contracts with our Advertisers to provide CCBA.

The law explicitly says that Taboola can only be a “third party” if we provide CCBA. Section 7050(b) of the CPRA Final Regulations states that, “[a] service provider or contractor cannot contract with a business to provide cross-contextual behavioral advertising…A person who contracts with a business to provide cross-contextual behavioral advertising is a third party and not a service provider or contractor with respect to cross-contextual behavioral advertising services.”

In light of the CPRA amendments, Taboola positions itself as a “third party” business to continue using the collected data for CCBA. As a "Third Party," Taboola has certain statutorily required contractual provisions that we need to include in our contracts with you. These are pursuant to section 7053 of the CPRA Final Regulations. Taboola has included these provisions in our Advertiser Privacy Terms, which are incorporated into our standard Terms & Conditions.

Who Should I Contact About CCPA/CPRA Compliance and My Relationship With Taboola?

For more information about Taboola and the CCPA/CPRA, please contact us as follows. If you are a Taboola Customer, please reach out to your designated sales representative for specific-CCPA/CPRA guidance. If you are a California consumer, please visit Taboola’s United States Privacy Rights Portal, or contact us directly by email at privacy@taboola.com. 

Back to top

EU Digital Services Act

Transparency Reports for Providers of intermediary services

These transparency reports are published pursuant to Article 15 of Regulation (EU) 2022/2065 (Digital Services Act - DSA) by Taboola.com LTD, as an intermediary service provider, under Article 3(g) of the DSA.