OpenX Ad Exchange Supply Policy

Effective: October 21, 2021


For the purposes of this OpenX Ad Exchange Supply Policy (the “Supply Policy”), the term “site,” as used herein, means a website or a mobile or CTV app or any other digital property.

OpenX uses commercially reasonable efforts to provide participating buyers and sellers with a safe, transparent, and fair marketplace. Your use of OpenX’s advertising marketplace, known as either an exchange or a supply side platform (the “OpenX Ad Exchange”) is governed by your contract with OpenX, which requires compliance with this Supply Policy as it may be updated by OpenX from time to time. The obligations set forth herein are the minimum standards for publishers (“you”) wishing to participate in the OpenX Ad Exchange.

OpenX may update this Supply Policy at any time by posting notice of such changes on its website or by otherwise providing notice. By using the OpenX Ad Exchange following such posting or notice, you agree to any updated version of this Supply Policy.

With respect to ensuring compliance with the foregoing, please note that OpenX reserves the right to suspend or remove sites from the OpenX Ad Exchange if it reasonably suspects or determines, in its sole discretion, that any of the Supply Policies have been violated.

Content Guidelines

Minimum content requirements

In order to be a part of the OpenX Ad Exchange, sites must contain substantive, original content, and demonstrate signs of user engagement.

OpenX does not work with sites that:

  • Contain content of little to no value to the user (e.g., boilerplate text, text from Wikipedia, stale news stories, etc.);
  • Feature mainly links or content taken from other sites without meaningful commentary or curation;
  • Have little content other than ads;
  • Have little to no evidence of an engaged user base;
  • Appear designed primarily to display ads; and/or
  • Are parked or undeveloped domains.

Banned categories

In addition to the foregoing requirements, sites whose core function is to incentivize users to view ads, sites that are proxy sites, and sites featuring the following may not participate in OpenX Ad Exchange:

  • Pornographic or highly suggestive content or images;
  • Sales of weapons or ammunition;
  • P2P file-sharing, torrent, or anything that facilitates or promotes copyright infringement;
  • Extreme violence;
  • Hate content, including sites that advocate violence or discrimination against a specific race, religion, gender, sexual orientation, or nationality, or discrimination based on age, disability, or medical condition;
  • A pattern of false or misleading information or news;
  • Excessive profanity;
  • Promotion of illegal drugs or drug paraphernalia;
  • Promotion of black-hat hacking, cracking, or warez;
  • Any other content that is illegal, promotes illicit or harmful activity, or infringes on the rights of others, including sites that provide “how-to” information on bomb-making, lock-picking, and similar topics;
  • Defamatory or libelous content;
  • Distribution of viruses and/or malware;
  • Pay per click or pay per search programs;
  • Video chat and unmoderated live streaming;
  • Significant unmoderated UGC (user-generated content).

Restricted categories

Please also notify your Account Manager if your site contains any of the following content or collects from end users information about any of the following categories, as special restrictions or limitations may apply:

  • Adult humor;
  • Online gambling (including, in some jurisdictions, fantasy sports and/or daily fantasy sports);
  • Medical or health-related information, advice, or services;
  • Sexual health or history (including sexuality or dating history);
  • Significant user-generated content, adequately and proactively moderated;
  • Sale of alcohol; 
  • Sale of tobacco; and/or
  • Sale of prescription drugs.

Better Ads Standards

In order to be a part of the OpenX Ad Exchange, sites must be in compliance with the Better Ads Standards developed by the Coalition for Better Ads. For more information, see


A slideshow is a series of images or other content where the user may advance by selecting a forward icon, page number, or other similar link. The below guidelines apply to all webpages where slideshows are a prominent page feature (hereafter called “slideshow pages”). All of the following requirements apply for slideshow pages:

  • Each slideshow page may contain a maximum of three ads.
  • All ads must be positioned at or above the lowest part of the slideshow. For mobile implementations, a single ad may also appear immediately below the slideshow content.
  • Slideshow pages that automatically advance without a user click may not load new ads.
  • The content of each slide must differ materially from the previous slide’s content. For example, minor changes to the slide’s text or image do not constitute a material change and are not sufficient to load new ads.
  • Auto-refresh is not permitted on slideshow pages.

Implementation Guidelines

Basic guidelines

  • The publisher site may not initiate a download or change settings without the user’s knowledge and consent.
    • App installations may not trigger additional app installs (i.e., bundling) without explicit disclosure and user consent.
  • The publisher may not mask or cloak the site’s URL, or employ any means to obscure the true source of traffic.
  • The publisher may not artificially inflate impressions, clicks, or requests, or source traffic from pop-ups, pop-unders, forced redirects, or similar means.
  • The publisher site may not install or distribute malware, viruses, or other similar malicious code.
  • The publisher may not include or launch fake error messages or system flags.
  • A substantial portion of the publisher’s site must be accessible without a login or without requiring a user to provide an email address or other type of verification.
  • The publisher must not employ any means to induce, encourage or trick the user (i) into clicking on an ad or (ii)  granting consent to the placement of cookies on their browser or personal data collection. Placing arrows or text such as “Click here” next to an ad is strictly prohibited.
  • Publisher sites deemed unsafe by reputable third party malware-detection services may be suspended without further notice, at OpenX’s sole discretion, from the OpenX Ad Exchange until all user safety issues are addressed to the satisfaction of OpenX.
  • Publisher sites must clearly and conspicuously post a privacy policy that complies with all applicable law and, if required by applicable law, a cookie policy.
  • The publisher’s inventory specifications and criteria provided to the OpenX Ad Exchange must be true and accurate.
  • The publisher must comply with all industry group guidelines/principles that the publisher claims to abide by (as well as any guidelines/principles that are required by the industry groups of which the publisher is a member or in which the publisher participates).
  • The publisher must collect, obtain, disclose, and use data in compliance with its posted privacy policy and all applicable laws (including all applicable privacy laws), including by acquiring all necessary and required permissions to collect, use, transfer, and otherwise process data using cookies or other identifiers.
  • The publisher must comply with any applicable Digital Advertising Alliance Self-Regulatory Principles (for Online Behavioral Advertising; for Multi-Site Data; for Application of Self-Regulatory Principles to the Mobile Environment; for Application of the DAA Principles of Transparency and Control to Data Used Across Devices; and for Application of the DAA Principles of Transparency & Accountability to Political Advertising), including provisions related to obtaining consent for the collection, use, and transfer of precise geolocation data, and with the IAB Europe OBA Framework if applicable.

Ad number and position

  • The publisher must not edit or modify ads in any way, including but not limited to, by resizing the ads.
  • Ads must be clearly separated from other page content. It must always be clear to the user what is an ad and what is site content.
  • Ads may not be obscured or altered in any way. For ads shown in iframes, the iframe must allow the entire creative to be fully visible to the user.
  • Ads may not appear in pop-up or pop-under windows.
  • Ads may not appear in the body of emails.
  • Ads must appear within standard web pages or mobile apps. Ads may not appear in other downloadable applications.
    • For mobile apps, ads may not appear outside of the publisher’s app (e.g., on the user’s lockscreen).
  • Apps must be hosted on one of these official app stores: Apple iTunes store, Google Play Store, Amazon App Store, or Microsoft App Store.
  • The page may not contain an excessive number or density of ads. For most pages, no more than 3-4 ads is appropriate.

Ad Refresh

  • Publishers may load new ads only when:
    • the user navigates to a new page or screen; or
    • the current page is substantially updated with new content AND at least 1 minute has passed since the last refresh; or
    • The ad unit has remained in view for at least 30 seconds, as measured by an MRC-accredited verification company.
  • In no event may a publisher refresh an ad unit more than 20 times per user session.


The publisher must acquire traffic primarily from organic sources and shall use best efforts to ensure that none of the traffic is fraudulent.

Site ownership

  • The publisher must either:
    • own each site on which the publisher places ads; or
    • have a direct, contractual relationship with the owner of each site on which the publisher places ads. If the site in question has published an ads.txt file, the publisher’s OpenX account must be listed there as an authorized seller.
  • Inventory from applications, including browser plug-ins and toolbars, that insert advertisements into the body of third party web pages or other online properties without the website’s permission, is not acceptable.


  • Video ads may not serve within display banner ad units.
  • Suppliers of video inventory are required to ensure no more than one video plays on a page at a time.
  • VAST video content should maintain a reasonable balance between content and advertising (e.g., a 30 second ad should not accompany a video with only 15 seconds of content).

Compliance with Laws and Data Privacy

The terms “controller”, “data subject”  “personal data”, “processing”, “processor” and “special categories of personal data” shall have the meaning set out in General Data Protection Regulation (EU) 2016/679 (“GDPR”) or, where the GDPR does not apply, shall have the meaning of equivalent definitions set out in other applicable privacy or data protection laws.

  • You will comply, and ensure all your sites comply, with all applicable laws and regulations as related to your use of the OpenX Ad Exchange, including any applicable data protection legislation.
  • This Supply Policy governs your use of the Services (as defined in our agreement with you). By using our Services, you agree that we will do one or more of the following, subject to the terms of our agreement with you:
    • Receive and store personal data made available to us by you;
    • Transmit information (including your personal data) to third parties as necessary to provide the Services to you;
    • Take additional administrative actions in order to make your inventory available to potential buyers in the OpenX Ad Exchange;
    • create segments of users using information made available to us by you, including combining this information with data from our other partners;
    • Provide reports to you through our user interface or otherwise;
    • Facilitate accounting, collection, and disbursement of payments to you; and
    • Take other actions to fulfill the Services that may be more particularly described in our agreement with you.
  • Although OpenX Poland sp. z o.o is not a billing entity of OpenX, it is the OpenX entity that is responsible for taking decisions related to OpenX’s processing of personal data collected in the EEA, Switzerland and UK. Irrespective of the OpenX entity identified in your terms with OpenX, you acknowledge that OpenX Poland sp. z o.o. is a controller of EEA and UK personal data processed within the OpenX Ad Exchange, and that obligations on you under this Supply Policy to notify OpenX or to provide information to data subjects relating to the processing carried out by OpenX shall be owed to OpenX Poland where this relates to data subjects in the EEA or UK. OpenX Technologies Inc. will be a business, controller or equivalent entity of personal data in regions other than EEA or UK, processed within the OpenX Ad Exchange.
  • Because OpenX Poland sp z o.o. is the data controller of EEA, Swiss and UK data, it is responsible for any onward transfer of that data outside of the EEA, Switzerland or UK. Where it is required to enter into appropriate data transfer terms, for example where it sends data to OpenX Technologies Inc., then it has ensured that appropriate and adequate data transfer measures are in place. Where OpenX transfers EEA, Swiss or UK personal data to you (for example, if personal data is provided to you through the OpenX Exchange as part of the delivery of an advertisement), and where you are located in a country where OpenX is required to enter into a data transfer agreement with you to ensure this personal data is adequately protected, you must comply with the applicable obligations under our European Data Transfer Terms, which make up part of this Supply Policy.
  • You shall comply with the then-current IAB Standard Terms and Conditions for Internet Advertising, including where applicable the IAB European Transparency & Consent Framework Policies (“TCF”), and where necessary shall obtain a valid, specific, and informed consent for the processing by OpenX and the partners listed here of the personal data you transfer in your use of the OpenX Ad Exchange as evidenced by providing a valid TCF consent string in connection with all personal data transferred to OpenX. This consent must name OpenX as a party that processes data obtained from your site for the purposes for which OpenX is registered under TCF from time to time.
  • You must have a privacy notice that clearly discloses any data collection, sharing and usage that takes place on your site as a consequence of your use of OpenX Ad Exchange. This notice must disclose to users that third parties may be placing and reading cookies on their browsers or devices, or using other similar technologies to collect information to facilitate ad serving on your website.
  • Without limitation of the foregoing you will comply with the applicable United States Digital Advertising Alliance Self-Regulatory Principles published at (“DAA Self-Regulatory Principles”) and, as applicable, with the corresponding DAA-designated self-regulatory frameworks established in other countries and/or regions.  You shall also comply with the enhanced notice obligations applicable to First Parties as defined in the DAA Self-Regulatory Principles.
  • Both you and OpenX are controllers for personal data processed within the OpenX Ad Exchange. OpenX is responsible for the processing of personal data once it has been passed to OpenX, and for its sharing and processing within the OpenX Ad Exchange, including  (where applicable) the international transfer of data between OpenX Poland and OpenX Technologies Inc., whereas you are responsible for the valid notice and consent (meeting requirements set by applicable laws and regulations) to share the data with OpenX, and ensuring the accuracy of information that is passed to OpenX. When you receive a request from a data subject to exercise their rights under data protection law in relation to the processing of their personal data within the OpenX Ad Exchange, you shall pass this request to OpenX to resolve.
  • As part of OpenX’s monetization services, OpenX will maximize and promote the value and sale of your inventory by sharing data (including personal data) you choose to send us in ad requests with potential buyers that may be interested in purchasing your inventory.  Subject to our contract and applicable law, you have sole discretion to determine what information you collect and send to OpenX, however (i) this information must be in a format compliant with the IAB OpenRTB specification or other relevant integration, as approved by OpenX, and limited to the data fields mentioned by that specification or integration and (ii) to the extent any such information constitutes personal data, you are responsible for obtaining a valid consent from the users, in compliance with the obligations set out in this Supply Policy, ensuring that those users have consented to the sharing of the relevant categories of personal data shared with OpenX, including any precise geolocation data regarding users or their devices.
  • You shall not transfer or provide the personal data of an individual you know or suspect to be a child (being any data subject under the age of 18) unless you have ensured that an appropriate Year of Birth or relevant IAB OpenRTB flag related to age is included within the ad request to allow OpenX and its demand partners to comply with restrictions on advertising to minors.
  • You shall not transfer or provide any of the following personal data to OpenX or make use of such data within the OpenX Ad Exchange:
    • full name;
    • direct contact information including address, telephone number, or email address (but excluding device identifiers);
    • social security number, driver’s license number, other state or government identification number, biometric data, or account or payment card number; and
    • special categories of personal data (as defined in the GDPR or equivalent terms in other applicable data protection or privacy laws).
  • If OpenX transfers “personal information” (“PI”) as defined by the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA”) to you, you agree the following terms (and, if you transfer PI to OpenX, OpenX agrees to reciprocal terms): 
    • you will only use the PI for purposes specified in any written agreement you’ve entered into with OpenX;
    • you will comply with applicable obligations under the CCPA and provide the same level of privacy protection as is required by CCPA;
    • you will allow OpenX to take reasonable and appropriate steps to help to ensure that you use the PI transferred in a manner consistent with OpenX’s obligations under the CCPA;
    • you will notify OpenX if you make a determination that you can no longer meet your obligations under the CCPA;
    • you will grant us the right, upon prior notice, to take reasonable and appropriate steps to stop and remediate the unauthorized use of PI.

If there is any conflict between this Supply Policy and any other agreement between OpenX and you, the Supply Policy will prevail.