Privacy Policy


Merchant Protocol, Inc. (“Capital Audience” or “We”) helps marketers and advertisers (and their clients) target their advertising and content to consumers who are most likely to consider them relevant and interesting, based on those users’ interests and demographics. We provide data services to marketers engaged in analytics, enrichment, direct mail, online display media, and email marketing, as well as other data services.

Capital Audience adheres to the widely adopted self-regulatory standards and principles set forth by the Direct Marketing Association (DMA), the Digital Advertising Alliance (DAA) as well as the Network Advertising Initiative (NAI).

To do a universal opt-out of all of Capital Audience’s databases, please click here


Capital Audience receives data from a variety of consumer-facing companies and services, data compilers, and suppliers. We also obtain data through public sources, such as census data and other public records. Some of the data we use and make available is Personal Information (“PI”) or is linked to PI. PI includes, for instance, name, postal address, telephone number, or email address. In addition, some of our services involve using and making available “business to business” data, which is obtained from several sources, including public directories, filings, and publications, surveys, and subscriptions.

Capital Audience receives data from a variety of digital/online partners.  Specifically identifiers such as email addresses, online IDs, Internet Protocol (IP) addresses, device identifiers, or other similar identifiers; including device ID’s and Mobile Advertising IDs.  This data is sourced from partnerships that compile and aggregate the opt-in data via campaign deployments, contests, transactions, and affiliate marketing websites, apps, and digital-based services.

Capital Audience does not collect or use individual social security numbers, banking information, or information that we know was collected from persons under eighteen (18) years of age. We accept but do not store, credit card numbers for payment processing.

We also collect certain information when you visit our website,, as described in this Privacy Policy.


We use Personal Information for various purposes. We use it to create “audience data” – categories of personal interests that are grouped together based on common interests or preferences (“Data Segments”). These Data Segments may identify a person or, when used online, a unique online identifier, as, for instance, enjoying sports, traveling, living in a middle-class neighborhood, or having children. By permitting marketers to incorporate this information into how they send offers to their customers and others, it is more likely that marketers will send relevant and desired, rather than unwanted (and potentially annoying) offers, coupons, and ads.

We offer these Data Segments, in different forms, to marketers wishing to reach customers through online (e.g., web/mobile), email, and offline channels.

Using similar technology, we also help marketers to reach their own “CRM” lists – their proprietary “first party” lists of their own actual and prospective customers, along with their proprietary Data Segments. We help marketers reach audiences representing these lists through display media (for instance, working with partners that de-identify this data), email, and direct mail channels.


More specifically, we use Personal Information and Data Segments to provide the following services:

a.     Traditional Data and List Services. We use and make available to marketers PI and Data Segments, and work with marketers’ in-house data in order to help marketers target direct mail and other advertising campaigns and to analyze and understand their users;

b.     Email Services. We use and make available PI and Data Segments and work with marketers’ in-house data to help marketers target and analyze email campaigns. Our contracts making available email-based data services prohibit a wide range of illegal, inappropriate, and offensive advertising and content, and require strict compliance with CAN-SPAM and other emails best practices;

c. Providing online marketing services (“Online Ad Services”).   We work with other data distribution and online cookie networks to de-identify Data Segments for use with anonymous online cookies (or similar technology) so that marketers can send display media to users across the web and mobile platforms in a privacy-sensitive way. Further, when we help marketers target anonymous offers in this way, we do not place personal information into cookies, and only collect anonymous web browsing information (or tie that information to PI), and we require our data partners to similarly respect consumers’ privacy. We do not use or authorize other cookie platforms to use, “Flash Cookies” for purposes of ad targeting. The Data Segments used for this may be comprised of Capital Audience’s own proprietary data (such as when a customer wants to send ads to, e.g., sports fans or travel enthusiasts) or maybe our customers’ own proprietary data (such as when a customer wants to send special offers to its own customers).

In addition, we may help these customers to measure the effectiveness of display media campaigns – for instance, to determine which types of ads are most likely to be seen or opened by which types of customers, or which types of ads are most likely to lead to purchases. When we do this, we respect privacy as set forth above.

d.     Other Data Services. We sometimes use PI to provide other data services, such as verification, record look-ups, anti-fraud, and other analytics and database tools.

e.     Providing or Assisting in Cross-Channel Marketing. We may use PI and Data Segments to help marketers and other data platforms in “cross-channel” marketing – analyzing, locating, and creating potential marketing “audiences” through multiple channels, e.g., web and mobile.

f.      Improving Our Own Products. We may use certain PI and Data Segments to improve, analyze and develop our own products.


Consumer privacy is of paramount concern to us. We respect user privacy in the following ways, which we believe meet the highest of industry standards. In addition to other privacy and security protections discussed in this Policy, we adhere to the following:

a.    As to our online marketing services, we avoid placing personal information into cookies, and when working with data partners we irreversibly “hash” into non-human readable, de-identified form any personal information they receive from us, before using or sharing it for ad targeting purposes. Recognizing the importance of fully separating online data (e.g., browsing data) from personal information, we employ other, sophisticated technical means to fully segregate databases containing PI from online data, e.g., campaigns that track user conversions.

b.       As to our email products, in addition to requiring strict compliance with CAN-SPAM and advertising and content guidelines, we permit users to opt-out of the Capital Audience email database directly through all campaigns we host;

c.        As to all data segments we offer, we do not work with financial or insurance account information, social security numbers, or information about individuals’ health or ailments;

d.       We provide multiple opt-out channels, as described below in Section 6.

e.       We contractually require our online partners to provide appropriate notice and choice to their own customers and users.


You may click here to send an email to us, or use our webform at  Do Not Sell My Personal Information to opt-out of Capital Audience’s database. You may access or delete your data by clicking If you do so, please include the following information in your email: (a) first and last name, and (b) current address.  You may also provide us with other addresses you have lived at during the previous five years, which may help us to opt you out even if we have not yet acquired your current address information.  If you decide to opt-out in this way, we will stop using data in Capital Audience’s proprietary database to help our customers send or tailor ads and content to you, including through email, direct mail, or online display marketing.  Doing so will not opt you out of our Clients’ databases, only data in Capital Audience’s own database – so other companies that we work with may still send ads, offers, and content to you.  We may also retain certain information for products that involve risk, compliance, or anti-fraud measures.

Opting Out of Online and Mobile Targeting. If you wish to opt-out of other third-party ad platforms and ad networks (including ones we work with and may have transferred data to in the past), we recommend visiting the opt-out pages offered by the DAA’s AboutAds program,, as well as the Network Advertising Initiative,

Opting out through the above methods will cause one or more opt-out cookies to be set on your browser or device, to indicate that you have opted out.  Opting out in this way won’t prevent you from seeing ads: but it will in many cases lead the companies listed to stop customizing ads based on inferences they have made about you or your interests.  Also, note that these “opt-outs” are browser-specific, so opting out on one browser will not affect a second browser or device that you use.  Thus, if you buy a new device, change browsers or clear all cookies, you’ll need to perform this opt-out task again.

Mobile Device Identifiers: To exercise your control over mobile device privacy settings, please visit the privacy settings of your Android or iOS device and select  “opt-out of interest-based ads” (Android) or “limit ad tracking” (Apple iOS).  This action prevents collecting information used for advertising by third parties.


Capital Audience may share data, including Personal Information, including PI and Data Segments, with agents and service providers who work on our behalf or to help us provide services requested by our customers. We may do so, for instance, for analytical purposes, to measure campaigns, or inform future campaigns. We may do so to facilitate the sending of display media, email, or other requested services. These agents and service providers do not have any independent right to use or share any Personal Information.

Partners: We may share data, including PI and Data Segments, with business and data partners to help provide more tailored advertising and for analytical purposes. However, Capital Audience does not share PI with ad networks, i.e., platforms that serve advertising on other, third-party websites.

More specifically, Capital Audience licenses personal information to our clients for the purpose of enabling marketing and advertising campaigns.  We also license personal information for the purpose of identity verification and fraud detection/prevention.  Capital Audience does not sell personal information to individual consumers.  In addition, Capital Audience does not receive, compile, aggregate, or collect any data/information about consumers younger than 18 for any purpose whatsoever.

Categories of third-party partners for which data was sold:

  • Automotive (for example, car manufacturers and dealerships)

  • Business Services/Agency (for example, data brokers)

  • Communications (for example, wireless carriers)

  • Consumer Packaged Goods (for example, companies that sell personal and household products)

  • Education (e.g., colleges and universities)

  • Entertainment (for example, movie and television studios and streaming services)

  • Financial Services (for example, banks and investment companies)

  • Insurance (for example, insurance carriers)

  • Media and Publishing (for example, magazines, retail catalogs)

  • Non-Profit (for example, charitable organizations)

  • Retail (for example, department stores, and hardware stores)

  • Services-Non Professional (for example, consulting firms)

  • Services-Professional (for example, advertising agencies and financial planners)

  • Sports (for example, professional sports teams)

  • Technology (for example, software and hardware providers, and social media platforms)

  • Transportation (for example, railway companies, airlines, and rental car companies)

  • Travel and Tourism (for example, cruise lines, hotels, and online travel services)

Third-Party Service Providers: Capital Audience may share data, including PI, with a variety of service providers in order to operate, protect and advertise various services. For instance, we may share data with Ad-tech and direct-to-consumer services providers, marketing and advertising providers, other data providers, security vendors, and consumer marketing companies.  The data may be used for printed mail campaigns, email marketing offers digital ad display, data enhancement, to verify/validate consumer information, as well as for analytical purposes.

Affiliates, Parents, and Subsidiaries: Capital Audience we may share some or all of the data in our possession with affiliated or subsidiary companies.

As Required By Law or to Protect Any Party: Capital Audience may disclose data if we believe such disclosure is necessary to (a) comply with relevant laws or respond to subpoenas or warrants served on us; or (b) to protect or otherwise defend the rights, property or safety of Capital Audience or any other party.


A ‘cookie’ is a file that our web server or the webserver of one of our third-party partners may send to your computer when you access our website. This file is then stored on your computer. We use cookies and related technologies for the following purposes:

  • After you have visited certain pages on our website, cookies enable the site to ‘remember’ that information. Cookies and other passive information collection technologies enable us to deliver content that tailored to interests, browsing history and preferences based on your site activity.

  • Cookies and other passive information collection technologies enable us to compile aggregate statistics concerning use of the site, analyze trends, and otherwise administer the site.

In addition, most Internet browsers allow you to change your browser settings to notify you when you receive a cookie, which lets you choose whether to accept it or to automatically refuse all cookies. Please be aware that some functionality of our website that relies on the use of cookies may not be available should you choose to refuse all cookies.  We may work with third parties to enhance our Services (e.g. for purposes of retargeting and tailoring ads or placing browser cookies). These partners may set and access their own cookies, pixel tags, and similar technologies on your device, which may have cookies with a varying expiration period. Those partners may, likewise, collect various types of anonymous information about your browser, device, or browsing activities through the use of these cookies.


Capital Audience does not offer Data Segments containing or identifying personal information, financial records, health conditions or medical ailments, or data that we know (or learn) is obtained from children under eighteen (18) years of age.  This only applies to the data that Capital Audience itself directly provides – our customers, data partners, ad networks or other platforms with whom we work may use or make available their own, distinct sets of data.


Capital Audience takes significant steps to help ensure that the data we possess is housed and transmitted securely. We use multiple layers of physical and electronic security, including firewall protections, encryption of data during transfer, and strict access controls to personal information. While neither we nor any platform can guarantee 100 percent safety from hacks or illegal intrusion, we employ multiple, substantial efforts to ensure that this does not occur.


Capital Audience complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries transferred to the United States pursuant to Privacy Shield. If there is any conflict between the policies in this privacy policy and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, please visit   

With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Capital Audience is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.

Pursuant to the Privacy Shield Frameworks, EU individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to If requested to remove data, we will respond within a reasonable timeframe.

We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to 

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Capital Audience’s accountability for Personal Information that it receives under the Privacy Shield framework and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Capital Audience remains responsible and liable under the Privacy Shield Principles if third-party agents that we engage to process Personal Information on our behalf do so in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage.

In compliance with the Privacy Shield Principles, Capital Audience commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union individuals with Privacy Shield inquiries or complaints should first contact Capital Audience by email at

Capital Audience has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit for more information and to file a complaint. This service is provided free of charge to you. 

If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at

To learn more about the Privacy Shield program, please visit  To view our certification, please visit



For residents of the States of California, Colorado, Connecticut, Nevada, Utah, and Virginia: These Additional U.S. State Privacy Disclosures (“U.S. Disclosures”) supplement the information contained in our Privacy Notice by providing additional information about our personal data processing practices relating to individual residents of these States. For a detailed description of how we collect, use, disclose, and otherwise process personal data in connection with our services, please see the main body of this Privacy Notice. Unless otherwise expressly stated, all terms defined in our Privacy Notice retain the same meaning in these U.S. Disclosures.

For the purposes of these U.S. Disclosures, personal information does not include publicly available information or deidentified, aggregated or anonymized information that is maintained in a form that is not capable of being associated with or linked to you. Additionally, the Additional Disclosures set out in this Section do not describe our practices when we process Customer Data as a service provider on behalf of our Customers in accordance with our contractual agreements with our Customers.

California-specific disclosures are at



Depending on your state of residency, you may be able to exercise the following rights in relation to the personal information about you that we have collected (subject to certain limitations at law):

  • The Right to Know. The right to confirm whether we are processing personal data about you and, under California law only, to obtain certain personalized details about the personal data we have collected about you in the last 12 months, including:

    • The categories of personal data collected;  the categories of sources of the personal data; the categories of personal data disclosed, shared, or sold, to third parties (if any), and the categories of recipients to whom the personal data were disclosed.

  • The Right to Access and Portability. The right to obtain access to the personal data we have collected about you and, where required by law, the right to obtain a copy of the personal data in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance.

  • The Right to Request Deletion. You have the right to request the deletion of personal information that we have collected from you, subject to certain exceptions.

  • The Right to Correction. You have the right to request that any inaccuracies in your personal information be corrected, taking into account the nature of the personal information and the purposes of the processing of your personal information.

  • The Right to Control over Sensitive Information. You have the right to exercise control over our collection and processing of certain sensitive information.

  • Right to Control over Automated Decision-Making/Profiling. The right to direct us not to use automated decision-making or profiling for certain purposes.

  • The Right to Opt-Out of Sales or Sharing for Targeted Advertising. You have the right to direct us not to “sell” personal information we have collected about you to third parties for monetary or other valuable consideration, or “share” your personal information with third parties for cross-context behavioral advertising purposes.

  • Right to Appeal. In the event that we decline to take action on a request exercising one of your rights set forth above, you have the right to appeal our decision.

    • Colorado Residents: If your appeal is denied, you may contact the Colorado Attorney General to address your concerns here.

    • Connecticut Residents: If your appeal is denied, you may contact the Connecticut Attorney General to submit a complaint here.

    • Virginia Residents: If your appeal is denied, you may contact the Virginia Attorney General to submit a complaint here.


How To Excercist Your Privacy Rights

To submit a request to exercise one of the privacy rights identified above with regards to your personal information collected or otherwise processed, please submit a request by:

We will need to verify your identity before processing your request, which may require us to request additional personal information from you or require you to log into your account, if you have one. We will only use personal information provided in connection with a Consumer Rights Request to review and comply with the request.

In certain circumstances, we may decline a request to exercise the rights described above, particularly where we are unable to verify your identity or locate your information in our systems. If we are unable to comply with all or a portion of your request, we will explain the reasons for declining to comply with the request.

Exercise Your Right to Opt-Out of Personal Information Sales or Sharing for Targeted Advertising

You do not need to create an account with us to exercise your Right to Opt-Out. However, we may ask you to provide additional personal information so that we can properly identify you to track compliance with your opt-out request. We will only use personal information provided in an opt-out request to review and comply with the request. If you choose not to provide this information, we may only be able to process your request to the extent we are able to identify you in our data systems.  To exercise the Right to Opt-Out, please fill out the applicable Consumer Rights Form at


Authorized Agents

In certain circumstances, you are permitted to use an authorized agent (as that term is defined by the applicable privacy law) to submit requests on your behalf through the designated methods set forth in these U.S. Disclosures where we can verify the authorized agent’s authority to act on your behalf.

For requests to know, delete, or correct personal information, we require the following for verification purposes: (a) a power of attorney valid under the laws of the state where you reside from you or your authorized agent; or (b) sufficient evidence to show that you have: (i) provided the authorized agent signed permission to act on your behalf, and (ii) verified your own identity directly with us pursuant to the instructions set forth in these U.S. Disclosures, or directly confirmed with us that you provided the authorized agent permission to submit the request on your behalf.

For requests to opt-out of personal information “sales” or “sharing”, we require a signed permission demonstrating your authorized agent has been authorized by you to act on your behalf.


If you have questions, concerns, or complaints about Capital Audience’s privacy efforts or data products, please contact us at:

Capital Audience

9169 W State St. Ste: 701, Garden City, ID, 83714

Or, you may email us at