Remerge is a privacy-first mobile demand-side platform (DSP) operating as a data processor under GDPR Article 6(1)(b). We process only pseudonymised mobile advertising identifiers (IDFA, GAID), IP addresses, click IDs, and app event data on behalf of our advertiser customers — no PII, no sensitive categories, no profile linkage outside the contracted advertiser. Headquartered in Berlin with offices in New York, Tokyo, Singapore, and Seoul, Remerge maintains an ISMS aligned with ISO/IEC 27001:2022, conducts annual third-party penetration testing, and publishes its DPA, subprocessor list, and Technical & Organisational Measures (TOMs) publicly at remerge.io.
Subprocessors
Subprocessors
Asset Management
Asset Management
We have strict asset management policies in place to ensure that all assets are accounted for and secure.
- Is Remerge GDPR-compliant?
- When was your most recent penetration test, and who performs it?
- How is data encrypted at rest?
- What security training and confidentiality obligations apply to employees?
- How are production and corporate environments separated?

