Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
BittAds is a programmatic advertising and audience activation platform that buys and serves display, video and native ads across publisher inventory. It relies on cookies, mobile advertising IDs and pixel beacons to build interest based audience segments, retarget visitors and measure conversions across devices. Because BittAds combines tracking and profiling for marketing purposes, it requires prior, freely given and granular consent under the GDPR and the ePrivacy Directive before any tag is loaded.
BittAds is a programmatic advertising platform that connects advertisers with publisher inventory through real time bidding. When a website integrates BittAds, the platform loads JavaScript tags that read and write cookies, collect device and browser signals, and call BittAds servers each time a page loads. Those signals are used to assign the visitor to audience segments, to bid on ad impressions across the open exchanges, and to measure conversions when the same visitor returns to an advertiser site. BittAds also exposes server side endpoints (S2S APIs and conversion postbacks) for advanced integrations such as offline conversions and mobile in app measurement.
BittAds typically sets first party cookies under your domain (for instance bt_uid for the persistent advertising identifier and bt_session for short lived session state) and reads third party cookies set on bittads.com or partner exchanges. The data collected includes the truncated or full IP address, user agent string, screen resolution, language, time zone, referrer, current URL, hashed user identifiers when provided, mobile advertising IDs (IDFA on iOS, AAID on Android) when available, and conversion events such as add to cart or purchase. This data is combined with data from other BittAds publishers and partners to build behavioural profiles used for retargeting and lookalike modelling.
Because BittAds reads and writes information on the user terminal for advertising purposes, Article 5(3) of the ePrivacy Directive requires prior consent before any cookie or local storage entry is created. The processing of IP addresses, advertising IDs and behavioural events also qualifies as personal data under the GDPR, and Recital 47 confirms that direct marketing carried out through systematic cross site profiling cannot rely on legitimate interest in this context. Consent must be specific to advertising, freely given, informed (with the identity of joint controllers and downstream processors disclosed) and as easy to refuse as to grant. The CNIL, AEPD, Garante and Datenschutzkonferenz have all issued binding guidance to that effect.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
BittAds operates infrastructure in the United States and shares data with demand side platforms, supply side platforms and verification vendors that may be located in the US, the United Kingdom, India, Singapore or other jurisdictions. Transfers to the US must be covered either by the EU US Data Privacy Framework (when the recipient is certified) or by Standard Contractual Clauses combined with a transfer impact assessment, in line with the Schrems II ruling and EDPB Recommendations 01/2020. Publishers should request from BittAds an up to date list of subprocessors, the relevant SCC modules, and the supplementary measures in place such as encryption, pseudonymisation and resistance to government access requests.
BittAds tags must be blocked by default and only loaded when the user has accepted the marketing or advertising consent category in your Consent Management Platform. If you operate within the IAB Transparency and Consent Framework, BittAds expects a valid TCF 2.2 consent string covering purposes 1, 3, 4 and 7, and the relevant vendor IDs must be disclosed to the user. Outside the TCF, a granular toggle dedicated to advertising and profiling is sufficient as long as the consent record is auditable and the refusal is honoured for the same duration as the acceptance.
To deploy BittAds in compliance with European law, sign a data processing agreement with BittAds, complete a DPIA, and load the BittAds tag exclusively through your CMP after explicit opt in. Document each cookie, its duration and its purpose in your privacy policy and cookie policy. Configure IP truncation where supported, set short conversion windows, enable the data deletion API for visitor erasure requests, and review the subprocessor list every six months. Test with the browser developer tools that no BittAds request is fired before consent and that opting out triggers an immediate deletion call.
Websites using BittAds must obtain user consent under GDPR regulations.
DPIA considerations
A data protection impact assessment is strongly recommended before deploying BittAds. The platform performs systematic profiling of users across multiple websites for advertising purposes (Article 35(3)(a) GDPR) and combines pseudonymous identifiers with behavioural data, which the EDPB lists as a high risk processing factor. The DPIA should document the categories of data collected (IP, advertising IDs, device fingerprint signals, page URLs, conversion events), the retention periods, the international transfers to the US and downstream partners, the technical and organisational measures in place (consent gating, IP minimisation, contractual clauses) and the legitimate expectations of European users regarding cross site tracking.
Sample consent text
We use BittAds to deliver and measure online advertising on our website. With your consent, BittAds may set cookies and read advertising identifiers from your device to build audience segments, show you relevant ads on partner sites, retarget you after your visit and measure the performance of campaigns. Data including your IP address may be transferred to BittAds and its partners in the United States. You can accept, refuse or change your choice at any time from the cookie preferences page.
Third-party domains contacted
bittads.comcdn.bittads.comrtb.bittads.compixel.bittads.comsync.bittads.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| bt_uid | first_party | 13 months | Persistent advertising identifier used to assign the visitor to BittAds audience segments and to power retargeting and conversion measurement. |
| bt_session | first_party | 30 minutes | Short lived session cookie used for impression deduplication and bid request matching during a single browsing session. |
| bt_consent | first_party | 6 months | Stores the user consent state and TCF 2.2 string forwarded to BittAds tags so the platform can refrain from setting tracking cookies when consent is missing. |
| _bt_cm | third_party | 12 months | Cookie matching identifier set on bittads.com used to synchronise BittAds with demand side and supply side platforms during real time bidding. |
BittAds places tracking cookies for advertising — comply with GDPR using FlowConsent.
BittAds typically writes a first party cookie under your domain (bt_uid) holding a persistent advertising ID with a 13 month lifetime, plus a short lived bt_session cookie used for deduplication. It also reads third party cookies on bittads.com or partner exchanges, and on mobile it accesses the IDFA or AAID through the SDK. Local storage entries may be used to mirror the advertising ID when third party cookies are blocked.
Yes. BittAds is an advertising and profiling tracker, so Article 5(3) of the ePrivacy Directive and Article 6(1)(a) of the GDPR require prior, freely given, specific and informed consent. The tag must remain blocked until the user has actively opted in to the marketing or advertising category and the choice must be as easy to revoke as it was to grant.
The only valid legal basis is consent under Article 6(1)(a) GDPR, complemented by Article 5(3) ePrivacy for the storage of and access to information on the user device. Legitimate interest is excluded by EDPB Guidelines 8/2020 and Recital 47 of the GDPR for systematic cross site advertising profiling.
Yes. BittAds operates infrastructure in the United States and shares data with downstream partners worldwide. Transfers must rely on the EU US Data Privacy Framework when the recipient is certified, or on Standard Contractual Clauses combined with a transfer impact assessment, encryption in transit, IP minimisation and an up to date list of subprocessors.
A DPIA is strongly recommended. BittAds carries out systematic profiling on a large scale across multiple websites, which Article 35(3)(a) of the GDPR and the EDPB high risk criteria flag as DPIA triggering processing. The assessment must cover data categories, retention, transfers, technical safeguards and the visitor expectations of European users.
Sign a data processing agreement, complete a DPIA and load BittAds tags only through your Consent Management Platform after explicit opt in. List every cookie in the privacy policy, configure short conversion windows, enable IP minimisation, expose the deletion endpoint, and verify with browser developer tools that no BittAds request fires before consent.
Yes. Contextual advertising platforms such as Seedtag, Ogury Choice or Adagio rely on page context rather than user profiling. Server side and consent free measurement options such as Piwik PRO, Matomo with anonymisation, or Plausible cover analytics needs without behavioural advertising. First party retargeting through your own CRM with hashed email and proper consent records is another option.
Add a dedicated entry for BittAds in the cookie inventory, listing each cookie name, its first or third party scope, its retention period and its purpose. Disclose the joint controller or processor relationship, the international transfer mechanism, the right to withdraw consent and a link to the BittAds privacy policy. Update the policy version date whenever subprocessors or cookie names change.