Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Sharethrough is a US based advertising exchange specialised in native advertising and contextual targeting. Founded in 2008 in San Francisco and merged with Canadian District M in 2021, it operates as an omnichannel SSP serving publishers and advertisers via OpenRTB. Sharethrough sets advertising cookies on sharethrough.com, is registered in the IAB Europe TCF v2.2 framework, and processes data in the United States and Canada. EU traffic deployments require explicit consent under the GDPR and the ePrivacy Directive.
Sharethrough is an omnichannel ad exchange founded in 2008 in San Francisco with a focus on native and contextual advertising. In 2021 it merged with Canadian District M to form one of the largest independent SSPs in North America, expanding across display, video, native and CTV.
Sharethrough is integrated on publisher sites via Prebid.js or direct tags. Once loaded, it participates in OpenRTB auctions and returns native or display creatives.
Bid requests include IP, User Agent, page URL, ad slot data, viewport, approximate geolocation, content categorisation (IAB content taxonomy), the user advertising identifier (STX_CID cookie), and the TCF v2.2 consent string. Authenticated identifiers (UID 2.0, ID5, LiveRamp) may be passed when available.
Cookies on sharethrough.com: STX_CID (visitor identifier, ~1 year), STX_SST (session state), STX_USYNC (cookie sync state). All are third party cookies used across the Sharethrough partner network.
Sharethrough is registered in the IAB Europe TCF v2.2 Global Vendor List. Publishers must transmit a valid TC string with the relevant purposes consented before loading Sharethrough or sending bid requests. The Belgian DPA TCF decision and CJEU C 252/21 ruling on legitimate interest both apply.
For contextual native advertising without behavioural profiling, legitimate interest can theoretically be argued, but in practice the same cookies and bid stream are shared, so consent is the safest basis across the board.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Sharethrough Inc. processes data primarily on US infrastructure under SCCs and the EU US Data Privacy Framework. After the District M merger, some processing may also occur in Canada, which benefits from a partial EU adequacy decision (PIPEDA). A TIA is required for the US flows.
Onward transfers to DSPs in the OpenRTB chain often involve additional US and EU recipients that the publisher must document.
Native ads blend with editorial content, which raises additional disclosure obligations under the Digital Services Act (clear ad labelling) and consumer protection laws. The DPIA must address audience and content categorisation, fan out, vendor list governance, retention, and Art. 22 GDPR for automated bid decisions.
For sensitive content, exclude Sharethrough or limit it to strict contextual targeting without behavioural profiling.
Register Sharethrough in your TCF v2.2 CMP. Sign the Sharethrough DPA. Defer sharethrough.com calls until consent. Audit Prebid bidders. Document Sharethrough in your privacy notice with US and Canada transfers, and ensure native ads are clearly labelled per DSA.
Implement Global Privacy Control handling, ad slot level consent in Prebid, and review the DPIA annually. For sensitive content, disable Sharethrough loading.
Websites using Sharethrough must obtain user consent under GDPR regulations.
DPIA considerations
Sharethrough is a native advertising SSP that operates in the programmatic chain. Key DPIA considerations: (1) bid requests include IP, User Agent, page URL, ad slot data, geolocation, and the user advertising identifier; (2) cookies on sharethrough.com enable cross site profiling; (3) native ads blend with content, so context is more important than usual: content categorisation could capture special category content (Art. 9 GDPR); (4) data transfers to the US under SCCs / DPF require a TIA; (5) the Belgian DPA decision on TCF and CJEU C 252/21 apply; (6) the merger with District M extended the processor chain into Canada, which benefits from EU adequacy but still requires documentation.
Sample consent text
We use Sharethrough to monetise our advertising inventory with native and contextual formats. With your consent, Sharethrough sets cookies on sharethrough.com and shares bid request data with our demand partners. This data is processed on Sharethrough servers in the United States (and partially Canada) under Standard Contractual Clauses and the EU adequacy decision for Canada. You can refuse advertising in our consent banner.
Third-party domains contacted
sharethrough.comnative.sharethrough.combtlr.sharethrough.comasset.sharethrough.comdistrictm.ioCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| STX_CID | Marketing | 1 year | Persistent visitor identifier set by Sharethrough. Used to recognise users across publisher sites and participate in real time bidding. |
| STX_SST | Marketing | Session | Tracks the current session state for Sharethrough auction participation. |
| STX_USYNC | Marketing | 30 days | Cookie sync state between Sharethrough and demand side platforms. |
Sharethrough places tracking cookies for advertising — comply with GDPR using FlowConsent.
Sharethrough sets third party cookies on sharethrough.com: STX_CID (visitor identifier, ~1 year), STX_SST (session state), STX_USYNC (cookie sync state). All are advertising cookies and require consent.
Yes for any EU deployment. Sharethrough cookies and the OpenRTB bid request require prior informed consent under Art. 5(3) ePrivacy and §25 TTDSG, plus a valid TCF v2.2 TC string transmitted to Sharethrough.
Consent (Art. 6(1)(a) GDPR). Legitimate interest is not available for behavioural advertising after CJEU C 252/21. For contextual native, the same cookies are shared so consent remains safest.
Yes. Sharethrough is US based, processing data in the United States under SCCs and the EU US Data Privacy Framework. After the District M merger, processing may also occur in Canada, which has EU adequacy. A TIA is required for US flows.
Yes, in most cases. The DPIA must cover audience and content categorisation (especially for Art. 9 GDPR), the OpenRTB fan out, vendor list, retention, and Art. 22 GDPR for automated bidding. DSA compliance for native ad labelling should also be addressed.
Register Sharethrough in your TCF v2.2 CMP. Sign the DPA. Defer sharethrough.com calls until consent. Restrict Prebid bidders. Ensure native ads are clearly labelled under DSA. Document the full chain in your privacy notice.
Native SSPs and exchanges: Taboola, Outbrain, Triplelift, MGID, Nativo, RevContent. EU based native: ADYOULIKE (France), Plista. Sharethrough differentiator is the focus on premium publishers and brand safe native inventory.
List the Sharethrough cookies (STX_CID, STX_SST, STX_USYNC) with provider (Sharethrough Inc., United States), purpose (native and contextual advertising), lifetime, and category (Marketing). Disclose the US and Canada transfer chain and link the Sharethrough privacy policy.