Unified ID 2.0 (UID2) is an open-source, interoperable identity framework developed by The Trade Desk that creates a deterministic identifier from a user's hashed and salted email address or phone number, enabling addressable advertising in a post-third-party cookie ecosystem. The framework relies on explicit user consent, with consumers granting permission to publishers to create a UID2 token that is regularly rotated to prevent unauthorized tracking.
Glossary
Unified ID 2.0 (UID2)

What is Unified ID 2.0 (UID2)?
An open-source, interoperable identity framework that relies on hashed and salted email addresses or phone numbers to enable targeted advertising without third-party cookies.
The architecture operates through a decentralized network of authorized operators who manage the cryptographic salting and token generation process, ensuring no single entity controls the identity infrastructure. When a user authenticates, their PII is hashed with a rotating salt, creating a temporary UID2 token that demand-side platforms can use for frequency capping and targeting, while the raw identifier remains opaque throughout the bid stream.
Core Characteristics of UID2
An open-source, interoperable identity framework that replaces third-party cookies with hashed and salted email addresses or phone numbers for deterministic, privacy-conscious targeting.
Deterministic, Not Probabilistic
UID2 relies on hashed and salted email addresses or phone numbers to create a definitive identity token. Unlike probabilistic methods that infer identity from IP addresses or browser fingerprints, UID2 provides absolute certainty in user recognition. This deterministic foundation eliminates the guesswork and confidence scores inherent in statistical matching, ensuring that the user on a mobile device is the same user on a desktop when they authenticate with the same email.
Open-Source Transparency
The entire UID2 framework is publicly accessible and auditable. The source code, operator specifications, and cryptographic protocols are available on GitHub, allowing any organization to inspect the security model or run their own private operator instance. This transparency is a direct counterpoint to the opaque, proprietary nature of third-party cookies, fostering trust among publishers, advertisers, and privacy regulators.
Salted and Hashed Pseudonymization
UID2 never exposes a raw email address. The framework applies a one-way cryptographic hash combined with a rotating salt to transform the email into a pseudonymous identifier. The salt is regularly refreshed, requiring re-authorization and preventing the creation of a permanent, static identifier. This process ensures that even if a UID2 token is intercepted, it cannot be reversed to reveal the original personally identifiable information (PII) without the transient decryption key.
User Transparency and Consent
A core tenet of UID2 is explicit user control. Consumers are presented with a clear, standardized interface explaining how their email is being used for advertising. They can view the specific advertisers targeting them and revoke their consent at any time. This opt-out mechanism is built directly into the protocol, creating a direct value exchange between the user and the publisher, rather than the hidden tracking of third-party cookies.
Decentralized Operator Model
UID2 is not a single, centralized database controlled by The Trade Desk. It operates through a network of independent administrative operators who manage the cryptographic keys and the salting process. This decentralized architecture prevents any single entity from monopolizing the identity layer and allows for private operator instances, where a brand or publisher can manage their own UID2 ecosystem in complete isolation from the broader network.
Token Refresh and Lifecycle Management
A UID2 token is not a permanent identifier. It has a finite lifespan and must be continuously refreshed using a refresh token. This lifecycle management ensures that identity data does not become stale. If a user revokes consent or stops engaging with a publisher, the token simply expires and cannot be regenerated, automatically enforcing privacy preferences without requiring manual data deletion by downstream vendors.
Frequently Asked Questions
Clear answers to the most common technical and strategic questions about The Trade Desk's open-source identity framework.
Unified ID 2.0 (UID2) is an open-source, interoperable identity framework that replaces third-party cookies with hashed and salted email addresses or phone numbers as deterministic identifiers. When a user authenticates on a publisher's site, their email is cryptographically hashed and salted, then sent to a UID2 operator. The operator generates an advertising token—a transient, encrypted identifier that demand-side platforms (DSPs) can use for targeted bidding. This token is refreshed frequently, preventing persistent tracking. The framework relies on a distributed trust model with independent operators, administrators, and a transparent governance structure, ensuring no single entity controls the identity spine.
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Related Terms
Explore the core mechanisms, privacy safeguards, and operational dependencies that define the Unified ID 2.0 framework.
Hashed & Salted Email Key
The foundational identifier of UID2. A user's plaintext email is transformed using a one-way cryptographic hash combined with a randomly generated salt before transmission. This ensures the raw personally identifiable information (PII) is never exposed. The salt is rotated regularly to prevent re-identification through rainbow table attacks, creating a privacy-compliant deterministic anchor for identity resolution.
UID2 Operator Service
A distributed network of trusted administrators responsible for running the core UID2 infrastructure. Operators manage cryptographic key generation, salt rotation, and access control. By decentralizing the operator role, the framework avoids a single point of failure or control, allowing multiple independent entities to maintain the system's integrity and transparency.
Transient Token Lifecycle
UID2 generates short-lived, rotating tokens to prevent persistent tracking. The lifecycle includes:
- UID2 Token: A temporary identifier generated from the hashed email, valid for a limited time.
- Refresh Token: A longer-lived token used to request new UID2 tokens without re-submitting the email. This rotation mechanism inherently limits the lifespan of any single identifier, reducing the risk of long-term user profiling.
Opt-Out Transparency
A core privacy requirement where users must be provided a clear mechanism to withdraw consent. When a user opts out, their hashed email is added to a global opt-out list propagated to all operators. The system then ceases generating new UID2 tokens for that identifier, and existing tokens are invalidated at their next refresh cycle, effectively halting all targeted advertising tied to that identity.
Deterministic Match Rate
Unlike probabilistic methods that infer identity with a confidence score, UID2 relies on an exact match of the hashed email. This provides a 100% match rate for authenticated users, eliminating the ambiguity of IP-based or fingerprinting techniques. For advertisers, this guarantees that the bid request represents a verified human identity rather than a statistical guess, drastically reducing wasted ad spend.
DII Normalization
Before hashing, the raw email or phone number must undergo strict Directly Identifying Information (DII) normalization. This process standardizes the input by:
- Lowercasing all characters
- Removing whitespace and periods (for Gmail addresses)
This ensures that
[email protected]and[email protected]generate the identical hash, preventing fragmentation of the identity graph.

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us