The Trade Desk – Security & Privacy

Security, Data Privacy & Transparency with The Trade Desk

The Trade Desk (TTD) is built on a foundation of transparency, privacy, and enterprise-grade security. As an independent platform, TTD provides advertisers with full control over their data while maintaining rigorous standards for compliance and data protection. This page outlines the key principles and practices that govern security, privacy, and ethical standards when using The Trade Desk.

Security, Data Privacy & Transparency with The Trade Desk

Transparency & Data Control

The Trade Desk operates as a "Clear Box," providing full visibility into inventory costs, data fees, and auction mechanics. Clients retain complete ownership of their data, and every transaction is traceable – ensuring advertisers always know what they are buying and at what price.

Privacy & Ethical Standards

Privacy-first identity solutions like UID2 and EUID enable effective targeting without compromising consumer trust. Strict controls prevent the use of sensitive or discriminatory data categories, ensuring advertising remains both effective and responsible.

Platform Security & Governance

Enterprise-grade infrastructure, annual independent audits, rigorous personnel controls, and continuous third-party validation ensure the platform meets the highest standards for data protection, risk management, and regulatory compliance.

See what The Trade Desk security & privacy features and approaches are in place:

Data Sovereignty

The Trade Desk is built on the principle of being a "Clear Box," providing full transparency into costs for inventory and data. The platform maintains that all data collected on behalf of clients is the property of that client. It is classified as highly confidential and used only for the client's legitimate business purposes.

Privacy-Conscious Identity

Unified ID 2.0 (UID2) and its European counterpart, EUID, are open-source frameworks designed to provide relevant advertising while respecting consumer privacy. These solutions replace third-party cookies with pseudonymous identifiers built from hashed and salted email addresses or phone numbers. This allows for precise cross-device targeting and measurement while giving consumers better control through clear opt-out mechanisms.

Enterprise-Grade Platform Governance

The Trade Desk follows rigorous industry-standard practices for risk management and secure development. The platform is annually audited against SSAE18 SOC 1 and SOC 2 Type 2 standards by independent firms to ensure effective internal controls. Security is further bolstered by Multi-Factor Authentication (MFA) for all accounts and the option for SAML-based SSO, allowing clients to use their own identity providers for access management.

Proactive Compliance & Infrastructure Security

The platform integrates regulatory requirements directly into data handling rather than adding them as an afterthought. A hybrid public-cloud and colocation model with physical and logical separation of data ensures robust infrastructure security. All platform data is encrypted at rest using industry-standard protocols, and a dedicated Security Incident Response Team (SIRP) resolves potential threats in near-real time.

Ethical Data Usage and Sensitive Category Controls

The Trade Desk strictly prohibits the use of data categories deemed inappropriate or discriminatory, such as health conditions, sexual orientation, ethnicity, or minor status. The platform utilizes a sensitive segment flagging tool that automatically scans every data segment in near-real time, ensuring marketplace quality by flagging or denying segments that do not align with strict targeting policies.

Continuous Third-Party Validation & Proactive Testing

To provide objective assessment of its defenses, The Trade Desk engages independent security firms annually to conduct comprehensive network and web application penetration tests. These tests yield actionable recommendations for mitigating risks. The platform also maintains a bug bounty program and a dedicated channel for reporting vulnerabilities, allowing the global security community to assist in identifying potential threats.

Personnel Security & Accountability

All employees undergo rigorous background checks at the time of hire, including criminal history and employment verification, to the extent permitted by local laws. Every staff member signs non-disclosure and confidentiality agreements prohibiting the use of client data for anything other than legitimate business purposes. These confidentiality obligations continue even after employment has ended.

Supply Chain Integrity & Auction Transparency

Through the OpenAds framework, the platform incorporates a Sincera identity signature – an encrypted seal that exposes any tampering with metadata. This ensures that information associated with an ad impression has not been obfuscated or manipulated by sellers. Additionally, all third-party infrastructure suppliers are vetted through independent SOC reports and ISO certifications to ensure consistent security standards across the supply chain.

Frequently Asked Questions

Does The Trade Desk use my data to benefit other advertisers or competitors?

No. Because The Trade Desk operates on a conflict-free model - representing only the buy side and owning no inventory - it has no incentive to use advertiser data to enrich proprietary datasets or benefit competitors. This "Clear Box" approach ensures the buyer maintains total governance over their data assets.

How does The Trade Desk handle personally identifiable information (PII)?

The platform is designed to process pseudonymous data to manage and execute advertising campaigns. The Trade Desk generally contractually prohibits clients, data providers, and inventory suppliers from importing data that directly identifies individuals. For authenticated identity solutions like Unified ID 2.0 (UID2), directly identifying information such as email addresses is transformed into pseudonymous identifiers before being used.

How is my data separated from other clients in a multi-tenant environment?

The platform employs robust logical access controls, including authentication and role-based permissions, to ensure strict separation between data from different clients. Personnel are only granted access to resources relevant to their specific work duties.

What measures protect account access?

Account security is a primary focus, with Multi-Factor Authentication (MFA) required for all internal and customer accounts. For enhanced governance, enterprise clients have the option to use SAML-based SSO, allowing them to manage platform authentication via their own identity providers.

How is the infrastructure secured against external threats?

The platform utilizes a hybrid public-cloud and colocation-deployment model, where production infrastructure is physically and logically separated from corporate networks. All data is encrypted at rest using industry-standard protocols, and the environment is monitored 24/7 to identify and address unauthorized access in near-real time.

What happens in the event of a security or privacy incident?

The Trade Desk maintains a dedicated Security Incident Response Team (SIRP) composed of senior employees from various departments. This team follows a robust, six-phase industry-standard process - Identification, Triage, Containment, Eradication, Recovery, and Retrospective - to resolve potential threats efficiently and communicate with affected parties.