Registered data broker in every state it's required.
ActiveCalifornia, Texas, Oregon, and Vermont. We register proactively, not after receiving a notice. Standing is publicly verifiable through each state's official registry.
Privacy is a policy posture.
Most companies build privacy programs when regulations force them to. We built ours in the era of direct mail, one of the earliest data-driven industries to grapple with consumer consent at scale.
When a consumer opts out of Deep Sync, the request doesn't apply to one product or one dataset. It applies across all Deep Sync offerings, no exceptions, no loopholes. That's not a compliance response. That's the standard we hold ourselves to.
30+ yrs
Proactively honoring consumer opt-outs since 1994, before any law required it.
Opt-outs
130MM
Consumer notifications delivered in 2024, empowering privacy choice at scale.
Outreach
50 states
Opt-out rights honored, regardless of legislation.
Coverage
0
US data only. No cross-border complexity, no GDPR exposure.
US only
The shift
Policy is what you write. Posture is what you do.
CompetitorsA privacy
Policy.
Built when a regulator sends a letter. Layered on top of an existing data model. Tuned per-state, per-dataset, per-product. The protections begin when a law passes and end when a loophole opens.
Deep SyncA privacy
Posture.
Built into the data model from day one. One opt-out applies everywhere. Every state, every product, every channel. The protections exist because honoring consumer rights is the baseline, not the exception.
"We honor opt-outs from every US state, regardless of whether that state has enacted a privacy law, because doing the right thing shouldn't depend on a legislative deadline."
Deep Sync privacy charter
Coverage
All 50 states. No exceptions.
Today, we are fully compliant with all active US state-based consumer privacy laws. But here's what sets us apart: we extend those protections to all 50 states, not just the ones with active legislation. Every opt-out is treated as a full "do not sell" request, applied in its strictest form, across datasets and activation channels.
Registered data broker
Opt-outs honored
All 50 states · Coverage map
The details your legal team will ask for
The Deep Sync Privacy Standard
History tells you something about character. The details tell you about operations. Here's what Deep Sync's privacy and compliance program looks like at the level your procurement and legal teams will ask about.
Third-party providers, the same standard.
QuarterlyCompliance requirements are embedded in every provider agreement and reviewed in our quarterly governance cycle. Third-party compliance is an ongoing contractual obligation, not a one-time onboarding check.
Honoring opt-outs for 30+ years.
Since 1994Before it was required. Every opt-out is treated as a full "do not sell" request in its strictest form, applied across datasets and activation channels.
US data only. No cross-border complexity.
US-onlyWe operate exclusively with US consumer data, subject to US state and federal law. No GDPR exposure. No jurisdictional gray areas. Clean scope for clients managing their own compliance posture.
Quarterly compliance reviews.
Q1 / Q2 / Q3 / Q4A dedicated internal compliance team works alongside external privacy counsel, conducting quarterly reviews of systems and processes as regulations evolve.
SOC 2 Type II certified.
CertifiedSecurity controls, data-handling practices, and operational availability have been independently audited and validated through SOC 2 certification.
Proof of deletion, in writing.
DS_CODDOffboarding ends with an official Certificate of Destruction/Deletion (DS_CODD): a signed, witnessed record of what was destroyed, when, and how. All client-supplied data is purged within a documented 30-day window after contract expiration or termination.
The bottom line
Privacy by design isn't a tagline. It's the operational DNA.
Frequently asked
The questions due diligence always asks.
The most frequently asked privacy-related questions we see in security reviews and vendor questionnaires.
Data retention
We retain personal data only for as long as it is operationally necessary to provide active services, and timelines vary by data category and use case. Transient processing work (routine hygiene or matching projects) is held for under 30 days, active data compilations for 12 months, and data tied to an active commercial license for the 2-to-5-year license term, or until that term is terminated. Proprietary client data uploaded to our platforms is completely purged from our servers within 30 days of contract expiration or termination.
Our privacy framework recognizes a limited set of legitimate business exceptions: protecting against fraudulent activity, debugging system functionality, exercising free speech, complying with law enforcement, or maintaining an ongoing customer relationship. The retention duration under these carve-outs is determined by the data category and prevailing statutory guidelines, following the same baseline windows: 30 days for active workloads, 12 months for active compilation cycles, and 2-to-5 years for an active, unterminated license term.
Enforcement combines programmatic data pipelines with manual compliance checkpoints. Opt-out and deletion requests received by email or webform are automatically processed by an internal API, assigned a unique request ID, and routed to a compliance dashboard. Suppressions are applied programmatically during the monthly identity graph refresh, excluding suppressed records from all downstream data builds. Before delivering data to any customer, our Data and Foundational Engineering teams are required to open a downstream deletions ticket with IT.
No. Consumer deletion requests are systematically applied across three layers: data collected directly from consumers, data collected from external compilers, and all internally derived data. Contractually, we also delete all customer-supplied data from our systems within 30 days of contract end. Clients who license our records may retain their own derived information, such as internal linkages not supplied by Deep Sync, under a limited, revocable license whose usage and privacy restrictions remain binding in perpetuity.
We issue an official Certificate of Destruction/Deletion (DS_CODD), established in April 2023. The certificate logs the organization name, authorized contact, exact date of destruction, project and billing numbers, and a description of the deleted datasets. It certifies that all digital copies were permanently erased from all controlled systems, workstations, hard drives, and remote file destinations, documents the physical destruction method used (overwriting, incineration, degaussing, or shredding), and carries formal sign-offs from both the individual who executed the deletion and an internal Deep Sync witness.
Opt-outs
We honor opt-out requests from residents of all 50 US states, regardless of whether a state has active privacy legislation. Consumers can submit requests via our secure webform or by emailing privacy.compliance@deepsync.com. Every request is treated as a strict "Do Not Sell" and "Do Not Share" directive: the record is permanently removed from all commercial marketing use, targeted advertising, cross-contextual profiling, and automated decision-making pipelines. Requests are acknowledged within 10 days and fully processed within 30. A minimal offline record is kept on a rolling suppression file, provided to data licensees at no cost, so the preference holds permanently.
Opt-outs are managed at the Deep Sync Identity (DS_ID) graph level. When a request matches a profile, the entire unified record, including offline PII and its known digital linkages, is flagged for commercial exclusion, and our graph pipelines break those digital linkages on verification. The daily suppression file delivered to partners is structured around offline PII attributes (create date, name, postal address, phone, and email) and does not surface alternative digital tokens such as UID2s or MAIDs.
Yes, internally across our core architecture. Our identity graph maps offline records to digital identifiers including hashed emails, IP addresses, MAIDs, CTV IDs, and UID2s. When an opt-out matches a profile, engineering scripts systematically break those linkages and purge the entire entity profile from active customer deliverables. Because linked digital tokens are not exposed in the client-facing suppression file schema, clients do not receive a list of matching UID2s or MAIDs to suppress in their own environments.
We forfeit all rights to use the consumer's records for commercial, targeting, profiling, or revenue-generating purposes. The only continued use is a minimal record in our isolated suppression file, which acts solely as a negative matching layer to prevent re-ingestion from external compilers. Statutory carve-outs, such as ongoing fraud detection, debugging, or law enforcement compliance, permit narrow internal retention, but strictly prohibit re-entry into active marketing pipelines.
Through a standardized, automated workflow. Requests are captured by an internal API, assigned a unique request ID, and pushed to our compliance dashboard. Verified matches flag the profile for removal from commercial delivery paths, and during the monthly graph refresh those identities are structurally excluded from core data builds, so standard deliveries are clean without manual client filtering. Unmatched requests are staged in a negative holding repository and trigger automatically if a later ingestion links them to an active profile. The rolling suppression file is updated daily and provisioned in CSV format via a secure S3 bucket.