OpenX Ad Exchange Supply Policy

Effective: December 19, 2023


For the purposes of this OpenX Ad Exchange Supply Policy (the “Supply Policy”), the term “site,” as used herein, means a website or a mobile or CTV app or any other digital property.

OpenX uses commercially reasonable efforts to provide participating buyers and sellers with a safe, transparent, and fair marketplace. Your use of OpenX’s advertising marketplace, known as either an exchange or a supply side platform (the “OpenX Ad Exchange”) is governed by your contract with OpenX, which requires compliance with this Supply Policy as it may be updated by OpenX from time to time. The obligations set forth herein are the minimum standards for publishers (“you”) wishing to participate in the OpenX Ad Exchange.

OpenX may update this Supply Policy at any time by posting notice of such changes on its website or by otherwise providing notice. By using the OpenX Ad Exchange following such posting or notice, you agree to any updated version of this Supply Policy.

With respect to ensuring compliance with the foregoing, please note that OpenX reserves the right to suspend or remove sites from the OpenX Ad Exchange if it reasonably suspects or determines, in its sole discretion, that any of the Supply Policies have been violated.

Content Guidelines

Minimum content requirements

In order to be a part of the OpenX Ad Exchange, sites must contain substantive, original content, and demonstrate signs of user engagement.

OpenX does not work with sites that:

  • Contain content of little to no value to the user (e.g., boilerplate text, text from Wikipedia, stale news stories, etc.);
  • Feature mainly links or content taken from other sites without meaningful commentary or curation;
  • Have little content other than ads;
  • Have little to no evidence of an engaged user base;
  • Appear designed primarily to display ads; and/or
  • Are parked or undeveloped domains.

Banned categories

In addition to the foregoing requirements, sites whose core function is to incentivize users to view ads, sites that are proxy sites, and sites featuring the following may not participate in OpenX Ad Exchange:

  • Pornographic or highly suggestive content or images;
  • Sales of weapons or ammunition;
  • P2P file-sharing, torrent, or anything that facilitates or promotes copyright infringement;
  • Extreme violence;
  • Hate content, including sites that advocate violence or discrimination against a specific race, religion, gender, sexual orientation, or nationality, or discrimination based on age, disability, or medical condition;
  • A pattern of false or misleading information or news;
  • Excessive profanity;
  • Promotion of illegal drugs or drug paraphernalia;
  • Promotion of black-hat hacking, cracking, or warez;
  • Any other content that is illegal, promotes illicit or harmful activity, or infringes on the rights of others, including sites that provide “how-to” information on bomb-making, lock-picking, and similar topics;
  • Defamatory or libelous content;
  • Distribution of viruses and/or malware;
  • Pay per click or pay per search programs;
  • Video chat and unmoderated live streaming;
  • Significant unmoderated UGC (user-generated content).

Restricted categories

Please also notify your Account Manager if your site contains any of the following content or collects from end users information about any of the following categories, as special restrictions or limitations may apply:

  • Adult humor;
  • Online gambling (including, in some jurisdictions, fantasy sports and/or daily fantasy sports);
  • Medical or health-related information, advice, or services;
  • Sexual health or history (including sexuality or dating history);
  • Significant user-generated content, adequately and proactively moderated;
  • Sale of alcohol; 
  • Sale of tobacco; and/or
  • Sale of prescription drugs.

Better Ads Standards

In order to be a part of the OpenX Ad Exchange, sites must be in compliance with the Better Ads Standards developed by the Coalition for Better Ads. For more information, see


A slideshow is a series of images or other content where the user may advance by selecting a forward icon, page number, or other similar link. The below guidelines apply to all webpages where slideshows are a prominent page feature (hereafter called “slideshow pages”). All of the following requirements apply for slideshow pages:

  • Each slideshow page may contain a maximum of three ads.
  • All ads must be positioned at or above the lowest part of the slideshow. For mobile implementations, a single ad may also appear immediately below the slideshow content.
  • Slideshow pages that automatically advance without a user click may not load new ads.
  • The content of each slide must differ materially from the previous slide’s content. For example, minor changes to the slide’s text or image do not constitute a material change and are not sufficient to load new ads.
  • Auto-refresh is not permitted on slideshow pages.

Implementation Guidelines

Basic guidelines

  • The publisher site may not initiate a download or change settings without the user’s knowledge and consent.
    • App installations may not trigger additional app installs (i.e., bundling) without explicit disclosure and user consent.
  • The publisher may not mask or cloak the site’s URL, or employ any means to obscure the true source of traffic.
  • The publisher may not artificially inflate impressions, clicks, or requests, or source traffic from pop-ups, pop-unders, forced redirects, or similar means.
  • The publisher site may not install or distribute malware, viruses, or other similar malicious code.
  • The publisher may not include or launch fake error messages or system flags.
  • A substantial portion of the publisher’s site must be accessible without a login or without requiring a user to provide an email address or other type of verification.
  • The publisher must not employ any means to induce, encourage or trick the user (i) into clicking on an ad or (ii)  granting consent to the placement of cookies on their browser or personal data collection. Placing arrows or text such as “Click here” next to an ad is strictly prohibited.
  • Publisher sites deemed unsafe by reputable third party malware-detection services may be suspended without further notice, at OpenX’s sole discretion, from the OpenX Ad Exchange until all user safety issues are addressed to the satisfaction of OpenX.
  • Publisher sites must clearly and conspicuously post a privacy policy that complies with all applicable law and, if required by applicable law, a cookie policy.
  • The publisher’s inventory specifications and criteria provided to the OpenX Ad Exchange must be true and accurate.
  • The publisher must comply with all industry group guidelines/principles that the publisher claims to abide by (as well as any guidelines/principles that are required by the industry groups of which the publisher is a member or in which the publisher participates).
  • The publisher must collect, obtain, disclose, and use data in compliance with its posted privacy policy and all applicable laws (including all applicable privacy laws), including by acquiring all necessary and required permissions to collect, use, transfer, and otherwise process data using cookies or other identifiers.
  • The publisher must comply with any applicable Digital Advertising Alliance Self-Regulatory Principles (for Online Behavioral Advertising; for Multi-Site Data; for Application of Self-Regulatory Principles to the Mobile Environment; for Application of the DAA Principles of Transparency and Control to Data Used Across Devices; and for Application of the DAA Principles of Transparency & Accountability to Political Advertising), including provisions related to obtaining consent for the collection, use, and transfer of precise geolocation data, and with the IAB Europe OBA Framework if applicable. The publisher must further reasonably support OpenX in efforts to ensure its and its demand side partners’ compliance with each of the foregoing principles and frameworks, as applicable, and with OpenX’s Anti-Discrimination Policy and Political Advertising Policy, as applicable.

Ad number and position

  • The publisher must not edit or modify ads in any way, including but not limited to, by resizing the ads.
  • Ads must be clearly separated from other page content. It must always be clear to the user what is an ad and what is site content.
  • Ads may not be obscured or altered in any way. For ads shown in iframes, the iframe must allow the entire creative to be fully visible to the user.
  • Ads may not appear in pop-up or pop-under windows.
  • Ads may not appear in the body of emails.
  • Ads must appear within standard web pages or mobile apps. Ads may not appear in other downloadable applications.
    • For mobile apps, ads may not appear outside of the publisher’s app (e.g., on the user’s lockscreen).
  • Apps must be hosted on one of these official app stores: Apple iTunes store, Google Play Store, Amazon App Store, or Microsoft App Store.
  • The page may not contain an excessive number or density of ads. For most pages, no more than 3-4 ads is appropriate.

Ad Refresh

  • Publishers may load new ads only when:
    • the user navigates to a new page or screen; or
    • the current page is substantially updated with new content AND at least 1 minute has passed since the last refresh; or
    • The ad unit has remained in view for at least 30 seconds, as measured by an MRC-accredited verification company.
  • In no event may a publisher refresh an ad unit more than 20 times per user session.


The publisher must acquire traffic primarily from organic sources and shall use best efforts to ensure that none of the traffic is fraudulent.

Site ownership

  • The publisher must either:
    • own each site on which the publisher places ads; or
    • have a direct, contractual relationship with the owner of each site on which the publisher places ads. If the site in question has published an ads.txt file, the publisher’s OpenX account must be listed there as an authorized seller.
  • Inventory from applications, including browser plug-ins and toolbars, that insert advertisements into the body of third party web pages or other online properties without the website’s permission, is not acceptable.


  • Video ads may not serve within display banner ad units.
  • Suppliers of video inventory are required to ensure no more than one video plays on a page at a time.
  • VAST video content should maintain a reasonable balance between content and advertising (e.g., a 30 second ad should not accompany a video with only 15 seconds of content).

Compliance with Laws and Data Privacy

General Compliance

  • You will comply, and ensure all your sites comply, with all applicable laws and regulations as related to your use of the OpenX Ad Exchange. This includes any applicable privacy and data protection laws and regulations, including but not limited to (as applicable) the EU General Data Protection Regulation (“GDPR”) and U.S. federal and state privacy legislation including the Children’s Online Privacy Protection Act (“COPPA”), California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA”) and U.S. state privacy laws in Connecticut, Colorado, Virginia, and Utah (together with the CCPA, the “U.S. State Privacy Laws”), and any regulations issued thereunder. Any definitions used in this section and not otherwise defined have the meaning given to them, or substantially similar terms, in the GDPR and the U.S. State Privacy Laws, as applicable.
  • You must have a privacy notice that clearly discloses any data collection, sharing and usage that takes place on your site as a consequence of your use of OpenX Ad Exchange. This notice must disclose to consumers that third parties, including advertising partners like OpenX, may be placing and reading cookies on their browsers or devices, or using other similar technologies to collect information to facilitate ad serving on your website.
  • You shall not transfer or provide the personal data of an individual you know or suspect to be a minor or child (being any data subject under the age of 18) unless you have ensured that an appropriate Year of Birth or relevant IAB OpenRTB flag related to age is included within the ad request to allow OpenX and its demand partners to comply with restrictions on collecting personal data from or advertising to minors.
  • You shall not transfer or provide any of the following personal data to OpenX or make use of such data within the OpenX Ad Exchange:
    • full name;
    • direct contact information including address, telephone number, or email address (but excluding device identifiers);
    • social security number, driver’s license number, other state or government identification number, biometric data, or account or payment card number; and
    • sensitive or special categories of personal data (as defined in applicable privacy and data protection laws and regulations).
  • Without limitation of the foregoing you will comply, as applicable, with the United States Digital Advertising Alliance Self-Regulatory Principles published at (“DAA Self-Regulatory Principles”) and the corresponding DAA-designated self-regulatory frameworks established in other countries and/or regions.  You will also comply, as applicable, with the enhanced notice obligations applicable to First Parties as defined in the DAA Self-Regulatory Principles.
  • You agree that OpenX will do one or more of the following, subject to the terms of our agreement with you and our Ad Exchange Privacy Policy:
    • Receive and store personal data made available to us by you;
    • Transmit information (including personal data) to third parties;
    • Take additional administrative actions in order to make your inventory available to potential buyers in the OpenX Ad Exchange;
    • Create segments, and permit our data partners to create segments subject to use restrictions and compliance obligations similar to those in this Supply Policy, of consumers using information made available to us by you, including combining this information with data from our other partners;
    • Provide reports to you through our user interface or otherwise;
    • Facilitate accounting, collection, and disbursement of payments to you; and
    • Take other actions to fulfill the Services that may be more particularly described in our agreement with you.
  • As part of OpenX’s monetization services, OpenX will maximize and promote the value and sale of your inventory by sharing data (including personal data) you choose to send us in ad requests with potential buyers that may be interested in purchasing your inventory.  Subject to any limitations included in our agreement with you, this Supply Policy, or applicable law, you have sole discretion to determine what information you collect and send to OpenX, provided however (i) this information must be in a format compliant with the IAB OpenRTB specification or other relevant integration, as approved by OpenX, and limited to the data fields mentioned by that specification or integration and (ii) to the extent any such information constitutes personal data and as required by applicable law, you are responsible for obtaining a valid consent from consumers and/or offering consumers an easily accessible means to opt out of the sharing of their personal data for purposes of cross-context behavioral and targeted advertising.

GDPR Compliance 

  • Although OpenX Poland sp. z o.o (“OpenX Poland”) is not a billing entity of OpenX, it is the OpenX entity that is responsible for making decisions related to OpenX’s processing of personal data collected in the EEA, Switzerland, and UK. Irrespective of the OpenX entity identified in your terms with OpenX, you acknowledge that OpenX Poland is a controller of EEA and UK personal data processed within the OpenX Ad Exchange, and that obligations on you under this Supply Policy to notify OpenX or to provide information to data subjects relating to the processing carried out by OpenX shall be owed to OpenX Poland where this relates to data subjects in the EEA or UK. OpenX Technologies Inc. will be a business, controller or equivalent entity of personal data in regions other than EEA or UK, processed within the OpenX Ad Exchange.
  • Because OpenX Poland is the data controller of EEA, Swiss and UK data, it is responsible for any onward transfer of that data outside of the EEA, Switzerland or UK. Where it is required to enter into appropriate data transfer terms, for example where it sends data to OpenX Technologies Inc., then OpenX Poland has ensured that appropriate and adequate data transfer measures are in place. Where OpenX transfers EEA, Swiss, or UK personal data to you (for example, if personal data is provided to you through the OpenX Exchange as part of the delivery of an advertisement), and where you are located in a country where OpenX is required to enter into a data transfer agreement with you to ensure this personal data is adequately protected, you must comply with the applicable obligations under our European Data Transfer Terms, which make up part of this Supply Policy.
  • You shall comply with the then-current IAB Standard Terms and Conditions for Internet Advertising, including where applicable the IAB European Transparency & Consent Framework Policies (“TCF”) and the IAB’s Global Privacy Platform (“GPP”), and where necessary shall obtain and pass through a valid, specific, and informed consent for the processing by OpenX and the partners listed here of the personal data you transfer in your use of the OpenX Ad Exchange as evidenced by providing a valid consent string in connection with all personal data transferred to OpenX. This consent must name OpenX as a party that processes data obtained from your site for the purposes for which OpenX is registered under TCF from time to time.
  • Both you and OpenX are controllers of personal data processed within the OpenX Ad Exchange. OpenX is responsible for the processing of personal data once it has been passed to OpenX, and for its sharing and processing within the OpenX Ad Exchange, including  (where applicable) the international transfer of data between OpenX Poland and OpenX Technologies Inc., whereas you are responsible for the valid notice and consent (meeting requirements set by applicable laws and regulations) to share the data with OpenX, and ensuring the accuracy of information that is passed to OpenX. 

U.S. State Law Compliance 

  • Under U.S. State Privacy Laws, as they may be implemented and amended from time to time, you are a “controller” or “business” and OpenX is a “controller” or “third party business” of the personal data you transfer or provide to OpenX.
    • To the extent that OpenX has executed a written contract in which OpenX agrees to act as your “processor” or “service provider” (collectively, “Processor”) for certain personal data you provide or make available to OpenX, then the OpenX Data Processor Terms will apply to such personal data instead of this U.S. State Law Compliance section of this Supply Policy. All other sections of this Supply Policy will continue to apply. 
  • You must provide consumers with (a) notice of OpenX’s processing activities, including processing for purposes of cross-context behavioral and targeted advertising, and (b) an opportunity to opt out of such processing activities, including via industry standard global privacy controls where required. When a consumer elects to opt out of such processing activities, you must pass to OpenX an industry standard opt out signal (i.e., an opt out signal endorsed by the IAB and transmitted via the IAB OpenRTB specification) (an “Opt Out Signal”). When OpenX receives such an Opt Out Signal, OpenX will comply by (a) restricting our processing activities and not engaging in cross-context behavioral or targeted advertising  (i.e., only engaging in first party and contextual advertising on your behalf), (b) passing to our demand-side partners an Opt Out Signal with any personal data to inform them that they must similarly comply with the consumer’s opt out by restricting their processing activities with respect to the transaction, and (c) not otherwise selling personal data received from you.
  • Whenever you or OpenX (the “Sender”) shares personal data subject to U.S. State Privacy Laws with the other (the “Recipient”), the Recipient agrees to the following terms:
    • it will use the personal data only for the limited purposes specified in this Supply Policy and any written agreement entered into with the Sender;
    • it will comply with its obligations under U.S. State Privacy Laws and provide the same level of privacy protection as is required by U.S. State Privacy Laws, including by complying with Opt Out Signals;
    • it will allow the Sender to take reasonable and appropriate steps to help to ensure that it uses the personal data in a manner consistent with the Sender’s obligations under U.S. State Privacy Laws, such as by asking the Recipient to provide an attestation to this effect;
    • it will notify the Sender if it makes a determination that it can no longer meet its obligations under U.S. State Privacy Laws;
    • it will grant the Sender the right, upon prior notice, to take reasonable and appropriate steps to stop and remediate unauthorized use of the personal data.

If there is any conflict between this Supply Policy and any other agreement between OpenX and you, the Supply Policy will prevail.