Skip to main content

Data & Privacy FAQ

Review some of the frequently asked questioned raised by Rokt Ecommerce partners around data usage, storage, privacy, and security. For more information, review our privacy policy.

Why does Rokt need customer data?#

The data that a partner integrates with Rokt is at the discretion of the partner. At minimum, we require customer email address. We suggest that partners also integrate name, age, gender, post/ZIP code, and phone number. Rokt requests this data so that we can better personalize and optimize the offers presented to customers. Specifically, this data powers:

  1. Offer selection algorithm and targeting. Rokt's algorithm effectively creates a segment based on what it knows about the customer and determines what this individual is likely to engage with based on engagement from others in the same segment. Targeting rules dictate what offers are eligible for this customer to see, for example, and advertiser may only want its offer shown to people who live in New York.
  2. Personalization. Rokt may use your data to personalize the UX and improve relevance, for example providing order confirmation messaging before showing the customer an offer: "Jenny, you're going to London..."
  3. Offer fulfillment. Rokt uses your available data to fulfill the advertiser's offer upon the request and explicit consent of a customer.

What types of data does Rokt handle?#

Rokt recognizes four distinct types of data:

Data typeDefinitionUse
Partner dataThe data a partner integrates with Rokt—typically this includes data synced with backend systems (e.g., CRM data) or data that comes out of an ecommerce transaction (e.g., information about the customer or transaction).Rokt uses partner data to power the current customer interaction. Partner data is also used to fulfill any requests a customer makes during a session (e.g., "sign me up to a newsletter"), as well as to improve relevancy (e.g., for a 45-year-old man that just purchased sports tickets, what are the most relevant offers?)
Rokt data/derived dataThe data we get from customer interactions across the Rokt ecosystem. Derived data allows Rokt to deliver a better customer experience and results for partners. It allows us to know what message to put in front of what customer at what time. The most common form of derived data is customer responses to Rokt offers. These are used to manage creative rotation and improve our algorithms.- Creative rotation—showing the most relevant offer (e.g., if a customer has previously seen and refused an offer, she is unlikely to see it again).
- Improving the customer experience or performance of Rokt algorithms.
Advertiser dataThe data we receive from advertisers in our third-party ecosystem that offers through the Rokt placement on partner sites or apps. Advertiser data comprises audience information (e.g., suppression/inclusion lists) and conversion data (i.e., which users referred by convert into customers).- Audience data is used by Rokt to ensure that campaigns are only shown to eligible customers (e.g., an advertiser may not want to show their offer to current customers).
- Conversion data is used to optimize advertiser campaigns and help them achieve marketing goals.
Third-party dataData sourced from third parties in order to improve the partner and advertiser experience with Rokt. This includes age, gender, and some demographic information.- Used to understand what messages are going to be most relevant to a customer.
Note: Rokt does not acquire third-party data for EU/UK residents.

Rokt treats all partner data as confidential information.

Who owns each type of data?#

Partners own partner data. Any partner data that a partner integrates with Rokt remains 100% owned by the partner.

Think of Rokt no differently than how you would think of your CRM or ESP provider—we have a platform that you can use to solve a range of business objectives, however any partner data you integrate on our platform remains yours.

Rokt owns derived data, but uses that data for the benefit of partners on an ongoing basis.

Third party data is generally owned by the third party that gives Rokt access to the data, but Rokt is permitted to use it for the benefit of the Rokt network.

Do other partners have access to my data?#

No, partner data for one user is not commingled or combined with the partner data from another partner.

However, partners should understand that we are able to look at advertiser data, derived data, and third party data to create the best experience for each customer across the Rokt network. For example, if an advertiser gives us a customer list—we use this to manage how we show this advertiser’s offer when we see that customer on a partner website.

Do advertisers have access to my data?#

The only time partner data is ever available to an advertiser is when a partner’s customer (the end user) gives clear and unambiguous consent to an advertiser offer. In this instance, depending on the type of campaign being run (e.g., email referral), the marketplace advertiser is able to access and enable customer data in order to fulfill the customer request (e.g., emailing a discount code).

What data can advertisers access after a customer opt in?#

When a customer opts in to an advertiser’s campaign, the advertiser fulfilling the request may access the following data: name, email address, age, gender, post/ZIP code, source URL, phone number (if required), and other custom fields where approved by the partner (e.g., event name). That customer’s record is then added to the advertiser’s Rokt account and the advertiser can use the customer’s data to market to the customer, such as through email campaigns.

You can view a full list of attributes available to advertisers for each campaign type here.

Will our customers receive marketing messages from you or third parties after leaving our site?#

Rokt does not send unsolicited marketing communications to customers. In other words, a customer will never receive an unsolicited email or other communication from Rokt after interacting with our placement on your website.

However, when a customer opts in to an offer (e.g., signing up for a newsletter) they will receive marketing communication from that advertiser. In some instances, we send the initial messages on behalf of the advertiser. Additionally, partners also use our platform to manage internal offers—e.g., signing up for a calendar or installing an app. In this instance partners can set up campaigns that involve sending communications to customers when they opt in to internal offers. Note Rokt doesn't support generic signups (e.g., “send me travel deals!”) or bundle consent for multiple offers.

Where is data stored?#

Our primary data center is AWS Oregon (USA); we utilize additional AWS data centers in North Virginia (USA), Sydney (AU), and Ireland for caching purposes in other markets.

How does Rokt ensure that personal data is stored and accessed securely?#

All data in Amazon Web Services (AWS) is encrypted-at-rest using AES-256. Personally identifiable information is cell-level encrypted in the application layer using AES-256 before being written to storage.

All data access occurs over secure protocols. Web traffic is over HTTPS using TLS 1.2 (falling back down to TLS 1.0 with known vulnerable ciphers disabled). SSL is never used.

What assurance does AWS give to get the service back up and running in the event of an incident?#

AWS service levels are outlined here for our core infrastructure:

What exactly is the Web SDK?#

Rokt Ecommerce for websites is powered by the Web SDK, a JavaScript code on a partner’s confirmation page or other web properties. It renders an iframe on the page as an overlay or embedded placement (among other placement types), displaying Rokt’s UX, namely, offers from third-party advertisers or the partner itself.

Learn more about Web SDK security.

Is it possible for non-PII (personally identifiable information) data to be encrypted?#

We are able to encrypt all non-PII data upon request. Learn more.

Can third parties access my data when we run internal campaigns with Rokt?#

For internal offers, there is no access to data by third parties.

What advertising standards does Rokt have? How does Rokt enforce them to protect our brand?#

Rokt has a robust set of advertiser policies that meet the highest benchmarks in all of the international markets in which Rokt operates. Our foundational principle is to obtain Quality Consent from customers. Quality Consent means that it is clear what the offer is, who it is from, and what will happen next, e.g., the consumer will receive emails from the advertiser by opting in.

Every creative, campaign, and audience is submitted into an approvals platform and is checked for compliance to the campaign policies by a member of the team before it is approved and eligible to be shown on partner sites. Lastly, partners have full control over which advertisers and advertiser verticals are approved to run onsite.

  • This includes managing eligible advertiser industries and specific advertisers.
  • These settings can be updated at any time in Rokt's One Platform.
Was this article helpful?