Skip to main content
Table of contents

The Criteo privacy promise

For Criteo, privacy is not an afterthought — it’s our guiding principle. 

As a French company founded in 2005, Criteo’s privacy protections have consistently adhered to or surpassed what’s been required by law, including the GDPR, for over 14 years. We understand the sensitivity of customer data and are committed to protecting its confidentiality and security. 


We always:

  • Collect only the data that is required to deliver our service 

  • Store SHA256 hash of MD5 hash of emails 

  • Minimize data retention 

  • Ensure data security 

  • Provide a user-friendly opt-out tool 


We never: 

  • Record directly identifying information 

  • Store any original files containing hashed emails beyond 90 days

  • Use or store your audience data for any other purpose 

  • Impact your intellectual property with respect to customer data 

  • Use any 3rd-party-owned or managed data centers 


Industry leadership: Investing in best practices 

Criteo has an extensive number of certifications that are reviewed annually by governing and standards bodies, and supports initiatives that deliver greater transparency and control to users.

We are a proponent of the IAB Transparency and Consent Framework and were early adopters of industry best practices such as the AdChoices program, as well as:

Privacy by design principles

Privacy by design principles

Criteo goes to great lengths to protect and process your customer data in compliance with applicable Privacy and Data Protection Laws. Our product teams develop every feature with privacy in mind. 

It’s the cornerstone of Privacy by Design, a four-step approach that ensures an industry-leading level of safety for marketers and consumers alike: 

  1. Power of information: Our privacy standards are deliberately rigorous. We know that the more a consumer understands what we do, the more confident they’ll feel. 

  2. User choices: We make every effort to enhance the shopping experience, but we respect that some consumers would rather opt out. We make it easy for them to do so with a single click. 

  3. Security and access: Data is always securely collected and retained using state-of-the-art pseudonymization techniques that are considered best practice under the GDPR. 

  4. Privacy counsel: Our team of privacy experts constantly assesses risks, provide company-wide privacy training, and helps us to build even better products. 


Our commitment to global privacy 

We require a high level of data protection and privacy requirements from all our partners across the world. Thus, should the relationship with one of our partners involve cross-border data flows outside the European Union, our partner is formally required to comply with best-practice data protection standards and adhere without any restrictions or limitations to the Standard Contractual Clauses adopted by the European Commission. 

Protecting consumers’ privacy and being clear and transparent about business practices are essential to our global organization. When customers understand exactly how their information is being used and are given control over their personal browsing data, it strengthens their trust in us and, ultimately, your business.