Rokt & The CCPA

Updated March 10, 2021

Rokt is committed to helping our customers and clients understand and exercise their rights under the California Consumer Privacy Act.

For Our Clients

We have worked with top law firms to ensure ongoing compliance with the CCPA, including outlining Rokt’s position as a service provider or business depending on the type of data Rokt is handling. For more information, please reach out to

Exercising your consumer rights under the CCPA

You can exercise your consumer rights under the CCPA in the following ways:

  • Right to request access to your Personal Information that we have processed, controlled, collected, or shared about you
  • Right to request rectification of inaccurate Personal Information that we process or control
  • Right to the deletion of your Personal Information that we process or control (on legitimate grounds)
  • Right to process your Personal Information (on legitimate grounds)
  • Right to object the processing of your Personal Information (on legitimate grounds)
  • Right to request available information on the source of other personal information collected
  • Right to withdraw your consent in allowing us to use your Personal Information
  • Right to file a complaint with a Data Protection Authority regarding the processing of your Personal Information by us or on our behalf

What kinds of personal information does Rokt process?

Derived Data: Direct Data, Indirect Data (each as defined below) and any analyses and data (including segment data) about the User that Rokt has inferred through the User’s previous interactions with the Rokt placement.

  • Direct Data: Data that is collected by Rokt directly from the Users such as when Users opt into an offer, provide information via the placement, or participate in surveys that Rokt conducts on behalf of its clients.
  • Indirect Data: Data that Rokt automatically collects from the User’s device in order to facilitate the initial and subsequent display of advertising.

Partner Data: Data that Rokt receives from a Partner when the placement loads on the Partner’s site or app, and any data that a Partner shares with Rokt separate from the operation of the Rokt placement. This can include email address, first name, last name, transaction details, and a variety of other categories of information that a Partner chooses to pass to Rokt.

Brand Data: Data that a Brand provides to Rokt (most commonly hashed email addresses), which Rokt uses so that targeting includes/excludes certain audiences (e.g., current customers) or excludes individuals who have opted out of direct marketing and to confirm whether an individual that Rokt referred to a Brand converted into a customer, which in turn is used to optimize the Brand’s campaigns.

Steps we’ve taken to date: Rokt’s approach to privacy and data security

  • Audited our processes and practices to identify how our data handling fits within CCPA and GDPR frameworks
  • Ensured that the rights of data subjects and consumers are provided for in our products and systems
  • Updated our Privacy Policy and contractual commitments with Partners and Brands to ensure GDPR and CCPA compliance
  • Educated staff on privacy and security issues and generally elevating awareness
  • Closely monitoring CCPA and GDPR developments and guidance to support our clients’ compliance efforts
  • Continually work with best-in-class third party privacy and law firms
  • Conducting data privacy impact assessments to identify and reduce data protection risk within projects and systems
  • Partnering with third-party security providers to have our applications, network, infrastructure, and information security program regularly - audited and tested

Any more questions?

For any additional CCPA-related inquiries, please email

To learn more about Rokt’s privacy practices and how we handle personal information, please visit our Privacy Policy.

Partners: companies that display personalized marketing on websites or mobile applications Brands: advertisers that display offers through Rokt