Policies for Buying
Last updated July 16, 2019.
This page provides a detailed breakdown of policies that must be respected when buying media via Xandr, including prohibited and restricted content, and detailed information about individual policies.
To print or download these policies, go to ... above and click Export to PDF or Export to Word.
For policies that must be respected when selling media via Xandr, see Policies for Selling. Note that there is some overlap between policies for buying and selling.
- Generally Applicable Content Prohibitions
- Content Allowed But Restricted
- Prohibited Buy-Side Practices
- OFAC Restrictions
- Xandr Data Policy
"Content" includes ad creatives, landing pages, any inventory, or other content connected to advertising transacted in the Xandr platform.
Generally Applicable Content Prohibitions
|Dangerous hate speech|
Content that depicts, contains, or provides access to dangerous hate speech. Dangerous hate speech includes any gesture, conduct, writing, or display, including but not limited to anything that is intended to incite violence, intimidation, or a discriminatory response against a protected individual or group. The law may identify a protected individual or a protected group by race, gender, nationality, ethnicity, religion, sexual orientation or other characteristics.
Content that depicts, contains, or provides access to pornography, nudity, obscenity, and other “adult” content (Except risqué content as defined by and explicitly permitted by Xandr).
Content that contains, installs, links to, or prompts the download of any malware.
Customers must have reasonable procedures to prevent malware. For the complete policy and more information, see Malware Policy below.
Content that Xandr reasonably believes:
Content featuring the sale of or instructions to create bombs, guns, ammunition, or other weapons.
Content that depicts, contains, or provides access to violent content.
Content that depicts, contains, or provides access to defamatory content.
Content featuring the sale of drugs, pharmaceuticals, or drug paraphernalia that is illegal.
Content that depicts, contains, or provides access to any files that execute or download without intentional user interaction.
Content that automatically redirects to other sites or apps.
|Government forms or services|
Content that depicts, contains, or provides access to offers that charge for government forms or services that are available for a lesser charge or free from the government.
Content Xandr reasonably believes is likely to be in violation of any applicable law, regulation, or court order.
Content that Xandr reasonably deems to be (a) morally reprehensible or patently offensive, and (b) without redeeming social value.
|Flash Cookies and other LSOs||Do not use LSO's including flash cookies, browser helper objects, and HTML5 localStorage. Ad creatives hosted by or trafficked through the Xandr platform may not set Flash cookies or other local shared objects (LSO's) for purposes of online behavioral advertising, ad delivery and reporting, or multi-site advertising. Prohibited uses include, but are not limited to, storing user ID's, interest segments, user browsing history, or other unique user data.|
|Inadequate privacy notice or consent|
Content that does not provide notice and information or does not obtain necessary user consent for data collection and use or for material functionality of a site or software through which ads are delivered, or through which data are collected for subsequent use, in each case in accordance with applicable law.
|Interferes with navigation|
Content that causes interference with user navigation (e.g. preventing a user from leaving a page, by popping dialogs, pop-ups, new windows, etc.).
|Interferes with other ads|
Content that obscures, replaces, modifies, or otherwise interferes with another party’s ads or ad inventory.
Content with an unusually high click through rate, or content that automatically generates clicks on ad units.
Content that intends to, or does, induce user action through misleading appearance or behavior, including, but not limited to, creatives that mimic video players, functional buttons, errors or warnings about viruses, missing codecs, and corrupt disks.
Content Allowed But Restricted
Xandr allows gambling content, but with geographic and other restrictions. In general, Buyers are responsible for ensuring compliance with all applicable regulations. See the full Gambling Policy below.
|Risqué||Xandr will not allow pornographic or obscene content (inventory, ads, and landing pages) to be bought or sold over the Xandr platform, under any circumstances. However, with explicit permission, "white labeled" (CNAMED) customers may transact in sexually-oriented, non-pornographic, non-obscene content within their own direct relationships on their own managed inventory. Notwithstanding this policy, Xandr may remove or deactivate any content in its reasonable discretion.|
Toolbars, Plugins, Applications, and Similar Inventory Sources
For any inventory generated from a user-installed toolbar, plug-in, app, or other mechanism, if the mechanism inserts or otherwise adds advertising units to an inventory source, and such source is owned or operated by a third party that is unaffiliated with the seller of the inventory, and such advertising units are added without explicit authorization from the third party, the inventory may be sold on Xandr only under certain conditions, as described in our Policies for Selling.
For ads that promote, and directly or indirectly link to sites that contain software, the software must:
Xandr allows political advertising, but requires certain disclaimers, and prohibits placing political advertising in respect of elections in a country in which the buyer (or the party on whose behalf the advertising is being purchased) is foreign. Buyers are responsible for compliance with all applicable laws and regulations. See the full Political Advertising Policy below.
Prohibited Buy-Side Practices
|Interfere with the page||Ad creatives that display outside the designated space for the ad unit, e.g. in floating layers, are not permitted.|
|Lack functioning click or conversion tracking on CPC or CPA campaigns||All creatives purchasing on a CPC or CPA must have properly functioning click or conversion tracking, respectively.|
|Illegal or harmful||Content or practices not otherwise addressed in these policies that may violate any law, rule, or regulation, or may otherwise be harmful to Xandr or a third party.|
All clients are responsible for adhering to applicable privacy laws and self-regulatory codes in their use of the Xandr platform. In some cases the Xandr platform provides features that clients may find useful in furtherance of their own compliance.
Buyers must take steps to ensure that consumers are notified about the data collection and use practices taking place in association with their advertising, including by disclosing such practices to end users in Buyers' and Buyers' clients' websites. Exactly how and where such disclosures are provided will depend on the particular context. Consistent with self-regulatory requirements in the US and elsewhere, buyers that engage in behavioral advertising should use the Ad Choices icon in their ad creatives. Xandr does not provide a license for use of the icon, which must be licensed directly via the DAA or local equivalent.
Notice to consumers should include:
|Choice and Consent|
Buyers must take steps to ensure appropriate consent for their data collection and use on the platform, including on sites on which their ads are served, cookie usage, as applicable, that results from their buying of inventory on the Xandr platform, or otherwise from their use of Xandr Services, and with respect to any other data (first- or third-party) that they use on or in connection with the Services.
For users located in the EEA, Xandr is registered with and supports the IAB Europe Transparency and Consent Framework (the " Industry Framework" ). The Industry Framework is designed to allow Clients to provide dynamic transparency and choice to their users about the Client’s and the Client’s partners’ collection and processing of data from the Client’s sites and to give third parties the ability to understand what rights they have with respect to the data. In order for users to approve a Buyer to receive personal data (as defined by applicable law) in impression-level data from Xandr (e.g., in bid request data or in log-level data), the Buyer must register as a vendor under the Industry Framework’s Global Vendor List (the " Global Vendor List" ).
For users located in the EEA, if the Buyer is not registered for the Global Vendor List, personal data sent to them will be truncated or hashed, as applicable. Clients receiving truncated or hashed personal data are prohibited from re-identifying or attempting to re-identify such personal data.
For children located in the EEA, Clients must obtain consent from the holder of parental responsibility over any child under the age required for parental consent, as determined by the laws of the Member State in which the child resides.
|Personally Identifiable Information (PII)||Buyers must take steps to ensure appropriate consent for their data collection and use on the platform, including on sites on which their ads are served, cookie usage, as applicable, that results from their buying of inventory on the Xandr platform, or otherwise from their use of Xandr Services, and with respect to any other data (first- or third-party) that they use on or in connection with the Services.|
Xandr does not allow sensitive information about end users to be used on the platform. Sensitive information is information deemed as sensitive under applicable law or industry self-regulatory code, including, but not limited to information about users' health or finances, and information about children. For clarity, sensitive information includes “special categories of personal data” as defined under applicable laws.
Clients may not, on or in connection with the Xandr services, use personal data, including in segments, that relates to or attempts to target children (i) under the age of 13 if the child is located in the US, (ii) under the age required for parental consent, as determined by the laws of the Member State in which the child resides, if the child is located if the EEA, or (iii) under the age defined by the laws or regulations of the given jurisdiction if the child is located outside the US and EEA. Additionally, Xandr does not allow Buyers to use behavioral targeting based on prior visits to child-directed inventory or to collect or use unique identifiers in association with ads served on child-directed inventory.
|Self-regulation||Buyers should ensure that their campaigns are consistent with applicable self-regulatory codes (e.g., the NAI Code of Conduct, the DAA Principles for OBA, the EDAA OBA Framework in the EU, or other relevant program).|
All clients are responsible for compliance with any applicable economic sanctions programs, including those administered by the Office of Foreign Assets Control (“OFAC”). In connection with the OFAC compliance program:
The Xandr platform isn’t permitted for use by clients who are in countries or territories that are subject to comprehensive sanctions by OFAC, including Crimea, Cuba, Iran, North Korea and Syria (such countries or territories, the “Embargoed Regions”) or are otherwise subject to sanctions by OFAC. If a client is based in a location that has recently become subject to comprehensive OFAC sanctions or is otherwise subject to sanctions by OFAC, such client’s account may be immediately suspended. We will notify you by e-mail if we suspend your account, but no grace periods or exceptions are possible.
Even if a client is not based in an Embargoed Region or not otherwise subject to OFAC sanctions, it is forbidden to use the Xandr services or platform on behalf of partners or clients based in any of the Embargoed Regions or who are otherwise subject to OFAC sanctions.
|Account Access within Embargoed Regions|
Even if a client is not based in the Embargoed Regions or not otherwise subject to OFAC sanctions, if a user is physically present in an Embargoed Region, they may not be able to sign in to their account.
|Geo Targeting||Clients are not permitted to run ad campaigns that specifically and primarily target the Embargoed Regions on the Xandr platform.|
Xandr Data Policy
In connection with the Xandr Services, buyers may be able to access and use certain data provided by, from, or related to Xandr, which Xandr has independently obtained, collected, or curated. A buyer (and any third party acting on its behalf) is prohibited from using such Xandr data to do any of the following:
- Segment, re-target, create, supplement or amend user or inventory profiles, interest categories, or syndication or other distribution to third parties; or
- Misappropriate, reverse engineer, decompile, disassemble, reproduce, steal, modify, damage, translate, enhance or create derivative works of any Xandr data.
Third-Party Seller Policies
In addition to Xandr's content policies, certain sellers have additional policies that apply to buyers of those sellers' inventory and certain data providers have additional policies that apply to buyers of those data providers’ data. Xandr clients wishing to purchase such inventory or data are responsible for understanding and adhering to any such additional policies. These links to third-party policy documents are offered below as a convenience. However, these links are not guaranteed by Xandr to be up to date or all inclusive. Other policies may apply.
Ad Inventory Seller Policies
- Creative Acceptance Policy: http://advertising.microsoft.com/creative-acceptance-policy
- For Xandr policies regarding buying ad Inventory from Microsoft (including Windows Apps Inventory), see Additional Microsoft Inventory Policies .
- Additionally, buyers may use data received from MoPub or collected during the delivery of ads to MoPub inventory solely to bid on inventory provided by MoPub and to deliver the applicable ad.
Data Provider Policies
Expanded Versions of Select Xandr Policies
Gambling is susceptible to many definitions throughout the world, and generally refers to risking something of value upon an uncertain outcome in the hopes of receiving something of value beyond the amount placed at risk. It usually, but not always, involves at least some element of chance.
Gambling may include activities commonly referred to as gaming, wagering, betting, and bookmaking. It also may include activities involving casinos, games of chance, lotteries, raffles, sweepstakes, and penny auctions.
Xandr does not apply a singular definition to gambling. Rather, as explained below, gambling may include any number of activities promoted in ads. Xandr reserves the right, in its sole and absolute discretion, to amend or expand the activities that it deems to be gambling.
For purposes of this policy, “gambling ad” means the following:
- Any type of advertisement that promotes, directly or indirectly, online (internet and mobile) and offline (land-based or “bricks and mortar” casinos, betting shops, card rooms or other gambling establishments) gambling, gaming, betting or wagering of any kind, whether for cash prizes or other things of value, including but not limited to casino games, poker, sports betting (whether individual or parlay wagering), pari-mutuel wagering or "betting pools" (including horse racing, dog racing, and jai alai), lotteries, raffles, sweepstakes, penny auctions, and fantasy sports.
- Any type of advertisement that otherwise relates in any way to the foregoing activities, including advertisements for promotional products, services or materials, including education, “learn to play,” “practice” and other free simulation sites affiliated with online or offline gambling or wagering sites or facilities.
Notwithstanding any other provision in this policy, Xandr prohibits gambling ads of any kind targeted to serve in the following countries through the Xandr platform:
- Hong Kong
- United Arab Emirates
Restrictions on Gambling Ads
Subject to the preceding prohibitions, Xandr generally permits gambling ads to be targeted to serve in jurisdictions where such ads are not prohibited so long as Xandr clients, on behalf of themselves and the advertisers whose ads they are trafficking, comply with the following requirements:
- The ad complies with all applicable laws, rules and regulations in any jurisdiction where the client's ad targets to serve.
- The buyer and the advertiser currently hold all required licenses, permits, registrations, waivers, consents or other governmental approvals (collectively, “licenses”) to operate in the jurisdictions in which the ad is served and in any other jurisdictions in which you and the advertiser operate.
- The buyer and the advertiser are in compliance and agree to remain in compliance with all applicable laws and the terms of all applicable licenses.
- The buyer and the advertiser agree not to serve gambling ads targeted to serve in any jurisdiction specifically prohibited by this policy, as such may be updated from time to time.
- The buyer is approved by Xandr to serve gambling ads.
- The buyer acknowledges that approval does not guarantee that ads can be served. Xandr reserves the right to conduct appropriate due diligence on the buyer and/or the advertiser and, in its sole and absolute discretion, may prohibit any ad from serving for any reason whatever.
To “target ads to serve in a country” or “jurisdiction” means to target advertising based on the geographic location of an Internet user (according to the IP address associated with the requesting browser, as determined by Xandr).
Advertising for government-sponsored lotteries is permitted, so long as the ads comply with the following requirements:
- The advertiser is a government entity or agency, such as a state, provincial or national lottery commission or authority, or a licensee or agent contractually authorized to operate or advertise lottery games on behalf of a government entity.
- The lottery ads must only target the jurisdiction that controls the lottery commission or authority, or in which the government-sponsored lottery is authorized.
- The lottery ads otherwise comply with all applicable laws, rules, regulations.
We may change this policy from time to time, including by revising the list of Prohibited Countries above, as well as the types of ads subject to this policy. If we make any material changes to this policy and you have elected to receive email notifications of “Policy Updates,” we will notify you by email. To learn how to add your email address to the notifications list, see Xandr Email Communications.
For more information about how to prevent gambling ads from serving on publisher inventory, see Opt Out of Gambling Ads.
Malware is malicious software designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, gain unauthorized access to system resources, and other abusive behavior.
Xandr makes proactive efforts to prevent malware from being served in the Xandr ecosystem. Xandr retains discretion to take any reasonable action to address malware issues.
Policies and Procedures Required
Customers of the Xandr platform must make every reasonable effort to prevent malvertising. Xandr has no tolerance for lax policies and procedures for preventing malvertising.
Although customers are responsible to ensure their own policies and procedures are sufficient, Xandr may at any reasonable time -- including as a pre-requisite to any campaign -- review a customer’s policies and procedures, and make recommendations to strengthen them. If Xandr’s recommendations are not reasonably evaluated and implemented, or if at any time Xandr finds a customer’s policies or procedures are lacking, an account may be paused until the customer makes improvements.
When malvertising is detected
Immediate deactivation for investigation: Any creative, landing page, domain, or other resource we identify as a malware threat or a source of malware will be deactivated immediately and investigated jointly with the customer. Xandr may also deactivate or block any additional resources, including a campaign, or a customer’s entire account, for purposes of preventing malvertising or investigating the incident.
To respond to blocked resources or to raise other malvertising issues, please contact us via customer support to open a ticket.
Laws in various jurisdictions regulate the collection and use of data from or about children, including based on activity on Child Sites. By Child Site we mean a site or app that is directed to or intended for children under (i) the age of 13 if the user is located in the US, (ii) the age required for parental consent, as determined by the laws of the Member State in which the child resides, if the child is located if the EEA, or (iii) the age defined by the laws or regulations of the given jurisdiction if the child is located outside the US and EEA.
In the US, the Children’s Online Privacy Protection Act of 1998 (COPPA) regulates the online collection and use of personal information from or about children. Under US Federal Trade Commission (FTC) rules implementing COPPA, it is prohibited (i) to create or update a user profile based on an activity (such as a click or a visit) on a child-directed site or app and/or (ii) to deliver an ad based on prior online activity to a user on a Child Site.
In the EEA, the General Data Protection Regulation (EU) 2016/679 (GDPR) regulates the processing of personal data from or about children. Under the GDPR, the processing of the personal information of a child is prohibited where the child is younger than 16 (or the age required for parental consent as determined by the laws of the Member State in which the child resides) unless consent is given or authorized by the holder of parental responsibility of the child.
For COPPA or other applicable laws, rules, and regulations, including GDPR, Xandr regulates the collection and use of data on Child Sites:
- Ads served on sites identified as child-directed on the Xandr platform may not be targeted based on prior online activity, i.e. behaviorally targeted or retargeted. Contextual ads may continue to be served on Child Sites. Targeting an ad based on prior online activity to a Child Site is prohibited.
- In connection with your use of the Xandr platform, you may not:
- Associate any behavioral or interest-based information about an impression from a Child Site with a user or unique identifier.
- Target an ad based on prior online activity to a user on a Child Site.
- Create segments specifically targeting children under the age of 13 without parental consent.
- Collect or use personal identifiers or other personal information, e.g. cookie IDs, IP addresses, device IDs, or precise geolocation information, related to impressions on Child Sites.
Identifying Child Sites
- Xandr, in the course of its standard inventory auditing process (i.e., for sites submitted for Xandr audit), will use reasonable procedures designed to identify and categorize Child Sites.
- Xandr provides configuration parameters for sellers to self-identify Child Sites.
Political Advertising Policy
Xandr permits political advertising, but requires that such advertising include disclaimers in compliance with applicable law. In the United States, for any advertisement run by a political committee, and any advertisement making reference to a clearly identified federal candidate, expressly advocating for or against a candidate, or soliciting funds in connection with a federal election (each of the foregoing, a "Political Advertisement"), Xandr requires that you include a disclaimer stating who paid for the Political Advertisement and that it was authorized by the relevant candidate.
For example, a Political Advertisement for the candidate John Smith could read:
"Paid for by the Smith for Congress Committee"
"Paid for by the ABC Committee and authorized by the Smith for Congress Committee"
If a Political Advertisement is not paid for or authorized by the candidate, the disclaimer must include information about the person who paid for the communication, and state that the communication is not authorized by any candidate or candidate’s committee. At a minimum, you must include one of the following:
- The permanent street address
- The telephone number, or
- The World Wide Web address of the person who paid for the communication.
"Paid for by the ABC Committee (www.ABCCommittee.org) and not authorized by any candidate or candidate’s committee”
Xandr supports the DAA guidelines on Political Advertisements, and recommends that buyers follow those guidelines as a best practice.
Unless specifically authorized by Xandr, buyers are prohibited from serving Political Advertisements, or ads in respect of state or local elections in Maryland; New Jersey; New York; and Washington, and any federal elections in Canada.
Xandr reserves the right to implement screening procedures for buyers that wish to serve Political Advertisements on the Xandr platform at its discretion, and may decline to allow Political Advertisements from any buyer at its discretion. Buyers who wish to serve Political Advertisements in respect of any election on the Xandr platform must be located in the country in which such election is taking place, and may be required to verify their identity and location and certify to their compliance with the relevant laws governing political advertising in that jurisdiction.
Xandr is committed to maintaining a high standard of quality across our platform.
|Xandr may take any reasonable action to enforce policies||Xandr may, in its discretion, take any reasonable action to protect the health and safety of our platform, our customers, and end users. This includes that Xandr may disable, block, or otherwise ban, any content, and in some cases suspend or terminate member accounts, to address content or practices it reasonably believes do not conform with its Service Policies.|
|Customers must have policies and procedures||Customers of the Xandr platform must have policies and procedures in place to ensure compliance. While individual efforts may vary depending on the circumstances, all members are responsible for actively monitoring and policing any inventory that they make available for sale, and must promptly respond to any violations. Xandr may review a member’s policies and procedures, and request improvements, including as a requirement to sell through the platform.|
|Withholding payment for violations||Xandr generally reserves the right to withhold payment to sellers for any inventory sold on our platform that violates our Service Policies.|
While, as stated above, Xandr reserves the right to take any reasonable action to enforce the Service Policies, Xandr may consider the following:
- Whether the member has reasonable policies and procedures in place.
- Whether the member’s existing policies and procedures were followed.
- Whether and how the member has implemented prior recommendations from Xandr.
- The degree to which the incident was preventable or purposeful.
- The severity of the incident.
If you believe your content has been blocked or incorrectly categorized in our system, please contact us via customer support.
- If your ad creative was banned: Select the "Creative Auditing" request type and include creative IDs in the request description.
- If your content was flagged for malvertising: Select the "Anti-Malvertising" request type.
- If your inventory was suspended: Select the "Inventory Quality" request type.
Supplemental Policy Information
This section is intended as a source of supplemental information to aid clients in the understanding of concepts and questions relating to Xandr policies. Please note that the content below does not contain official Xandr policy or legal advice. Official Xandr policies are detailed in the sections above.
Fake Errors and Warnings, and Software Downloads FAQs
Does this policy apply only to audited creatives?
No. This applies to all content introduced to the Xandr platform.
We can still do whatever we want on our own managed inventory, right?
No. Xandr’ prohibited content policies apply to all content introduced to the platform.
What else besides the examples – viruses, missing codecs, and corrupt disks – is covered by this policy?
The policies apply generally to the use of fake errors or warnings to induce user action. If you have an example and are unsure if it is affected by this policy, please contact us via customer support.
What is COPPA?
The Children’s Online Privacy Protection Act of 1998 (COPPA) regulates privacy around the online collection and use of personal information of children. The US Federal Trade Commission (FTC) implements and enforces rules pursuant to COPPA, and provides a set of FAQs to further explain how the rules apply.
What about non-US sites?
The FTC has indicated that COPPA does apply to foreign-based sites that are directed to children in the US or that knowingly collect personal information from children in the US. However, other jurisdictions may have their own similar rules.
How do we know if a site is a Child Site?
The FTC has provided guidance on identifying Child Sites in the new rule, in the additional guidance in the COPPA FAQs, and in the FTC's history of the its COPPA enforcement actions.
What do I do if I become aware of inventory on the platform that might be a Child Site?
Contact us via customer support.
What do I do if I become aware of inventory that appears not to be child-directed but that is classified as a Child Site?
Contact us via our via customer support.
For children located in the EEA, Clients must obtain consent from the holder of parental responsibility over any child under the age required for parental consent, as determined by the laws of the Member State in which the child resides.