This repository provides a privacy-first toolkit for media mix modeling (MMM) that demonstrates how to build effective marketing analytics while respecting individual privacy through formal privacy-preserving mechanisms. Marketing teams and analysts can estimate the incremental impact of different marketing channels (e.g., TV, search, social, email) on key outcomes such as conversions or revenue without relying on user-level tracking.
This project serves as a proof-of-concept for building machine learning systems with privacy and safety constraints from the ground up. It aims to demonstrate that sophisticated analytics can be performed in a way that is both effective and ethically responsible, aligning with the growing need for AI systems that are trustworthy and aligned with human values.
This toolkit exemplifies a fundamental principle of AI safety: systems trained on data that has been ethically sourced and processed with strong privacy guarantees are inherently more aligned with human values. Privacy violations themselves represent a form of negative outcome or harm that a safe AI system should be designed to avoid from the ground up.
By building models that operate exclusively on aggregated data and employ formal differential privacy mechanisms, we reduce the risk of creating systems that could be used for surveillance, discrimination, or other harmful purposes. This proactive approach to privacy implements several core AI safety principles:
- Robustness: The system behaves as intended even under adversarial conditions by design, as it cannot access individual-level data
- Privacy and Confidentiality: Formal mathematical guarantees protect fundamental individual rights
- Transparency: Privacy parameters (ε, δ) can be made public, allowing independent verification of privacy claims
- Alignment by Design: Safety constraints are integrated into the modeling process from the ground up, not bolted on as an afterthought
This toolkit implements "privacy by design" as a core architectural philosophy, where privacy considerations are embedded into the entire system lifecycle:
-
Data Minimization (Layer 1): The system operates on aggregated summaries rather than individual records, inherently minimizing sensitive information processing. This reduces the attack surface and potential impact of data breaches.
-
Differential Privacy (Layer 2): A formal method providing mathematical guarantees of privacy by adding carefully calibrated statistical noise to aggregated data, making it impossible to determine whether any single individual's data was included in the analysis.
-
Proactive Risk Assessment: Potential harms are anticipated and mitigated before they can occur, rather than relying on post-hoc auditing or patching.
This multi-layered approach demonstrates how AI safety principles can be translated into concrete engineering practices, making the toolkit a valuable reference implementation for the responsible AI community.
This toolkit is positioned as a tangible proof-of-concept demonstrating that valuable analytics can be performed without compromising individual privacy. It is designed to inspire and guide developers and researchers building privacy-preserving and safe AI systems by showing:
- How advanced statistical methods (Bayesian hierarchical models) can be adapted to work within a privacy-preserving framework
- The practical trade-offs between privacy and utility, and how to navigate them responsibly
- That "privacy-first" design is not about perfect privacy at any cost, but about finding a pragmatic balance that provides useful insights while maintaining strong privacy guarantees
We acknowledge that adding noise to data for privacy reasons impacts model accuracy—this is an inherent property of differential privacy, not a flaw. The goal is to manage this trade-off effectively and transparently, demonstrating a mature, responsible approach to AI development.
-
Privacy Preservation: Built on a privacy-first architecture that operates exclusively on aggregated, non-user-level data. Employs formal differential privacy mechanisms (Laplace noise) with mathematically calibrated noise addition to provide quantifiable (ε, δ)-differential privacy guarantees. This ensures valuable marketing insights can be derived without compromising individual privacy.
-
Aggregated Data Pipelines: Ingest channel-level spend, impressions, and conversions aggregated over time, ensuring no personal data is collected. Aggregation serves as the foundational privacy measure.
-
Advanced Modeling Frameworks: Includes baseline linear models and sophisticated Bayesian hierarchical models that estimate channel contribution while accounting for:
- Saturation effects: Diminishing returns as spend increases (Hill function)
- Ad-stock effects: Carryover impact of advertising over time (geometric decay)
- Control variables: Seasonality and promotions to avoid misattribution
-
Visualization Tools: Generate charts showing marginal return curves, channel saturation, expected lift versus spend, and privacy-utility trade-offs to help stakeholders understand both media efficiency and privacy implications.
-
Extensible Design: Modular codebase allowing analysts to plug in their own data sources, priors, model structures, and privacy parameters.
-
Privacy-Utility Trade-off Analysis: Demonstrates how privacy parameter (ε) affects both privacy guarantees and model accuracy, with tools to find the optimal balance for your use case.
This toolkit implements ε-differential privacy using the Laplace mechanism, a well-established approach for providing formal privacy guarantees. The mathematical definition of ε-differential privacy is:
A randomized algorithm M is ε-differentially private if for all pairs of neighboring datasets D and D' (differing by at most one record), and for all possible outputs S:
Pr[M(D) ∈ S] ≤ e^ε × Pr[M(D') ∈ S]
This guarantee means that the presence or absence of any single individual's data has a bounded effect on the output of the analysis, making it nearly impossible to determine whether a specific individual's data was included.
Privacy protection in this toolkit is implemented through input perturbation: noise is added to aggregated data before it is used for modeling. The data flow is:
-
Aggregation: Individual-level data (e.g., user_id, timestamp, channel, conversion) is aggregated by summing total impressions, spend, and conversions for each marketing channel per day/week.
-
Noise Addition: The Laplace mechanism adds random noise to these aggregated sums. The noise is drawn from a Laplace distribution with scale parameter
b = sensitivity / ε, where:sensitivityis the maximum change in the aggregate from adding/removing one individualε(epsilon) is the privacy budget controlling the privacy-utility trade-off
-
Modeling: The resulting "noisy" aggregates serve as input to the Bayesian hierarchical model.
This approach is modular and allows the use of standard modeling algorithms without modification. The privacy guarantee is provided by the pre-processing step.
The toolkit uses the Laplace distribution for adding noise because:
- It provides tight privacy guarantees for numerical data
- It has a sharp peak at its mean with exponential tails, making it well-suited for adding noise to counts or sums
- It is computationally efficient and straightforward to implement
The scale of the noise is calibrated to the sensitivity of the query (the maximum change in output from adding/removing one individual's data). For simple sums or counts, the sensitivity is typically 1 or a small constant.
This toolkit provides (ε, δ)-differential privacy where:
- ε (epsilon): The privacy budget or privacy parameter. Smaller values mean stronger privacy but more noise. Typical values range from 0.1 (very strong privacy) to 10 (weaker privacy).
- δ (delta): A small probability (e.g., 10⁻⁶) that the privacy guarantee does not hold, used in approximate differential privacy. In many practical applications, δ is set to a negligibly small value.
Choosing ε: The choice of ε involves balancing privacy and utility:
- High privacy (ε ≤ 1): Suitable for highly sensitive data (health, financial)
- Moderate privacy (ε = 1-5): Good balance for many applications
- Lower privacy (ε ≥ 5): More utility, weaker privacy guarantees
Users should experiment with different ε values and evaluate the impact on both privacy and model accuracy, documenting their reasoning for transparency and regulatory compliance.
This toolkit adopts a "privacy-first" philosophy, not "privacy-only":
- Privacy-first means privacy is a primary consideration from the beginning, influencing architectural decisions and feature design. The goal is to build systems that are both effective and ethical.
- Privacy-only would mean optimizing solely for privacy, potentially resulting in a system that is perfectly private but analytically useless.
The toolkit seeks a practical balance: performing valuable media mix modeling while maintaining strong privacy protections. This aligns with responsible AI principles that acknowledge inherent trade-offs and make them transparent.
This approach is part of the broader ecosystem of Privacy-Enhancing Technologies (PETs), specifically:
- Input Perturbation / Query-based Differential Privacy: Adding noise to data before analysis
- Compared to other PETs:
- Secure Multi-Party Computation (SMPC) and Homomorphic Encryption: Provide very strong guarantees but are computationally expensive
- Federated Learning: Trains on decentralized data but adds complexity
- This toolkit's approach: Simpler, more efficient, and practical for centralized aggregated data
A fundamental property of differential privacy is that adding noise to data for privacy reasons inevitably impacts model accuracy. This is not a flaw—it is an inherent characteristic of the technique. The goal is to manage this trade-off effectively:
- Smaller ε (more privacy) → More noise → Lower model accuracy
- Larger ε (less privacy) → Less noise → Higher model accuracy
When noise is added to the aggregated input data, the Bayesian model is trained on a "noisy" version of the data, which can lead to less accurate predictions. The magnitude of this impact depends on:
- Dataset size: Larger datasets dilute the impact of noise
- Model complexity: More complex models may be more sensitive to noise
- Amount of noise added: Controlled by ε
The toolkit's use of Bayesian models helps mitigate noise impact by quantifying uncertainty in predictions, which is a key advantage of this design.
Finding the right balance is context-dependent. Consider:
- What is the potential harm if an individual's data is revealed?
- What are the legal and regulatory requirements in your jurisdiction?
- How accurate do predictions need to be for business needs?
- What is the dataset size, and how does it affect noise impact?
Practical Guidelines:
- Start with ε between 1 and 10 for a moderate balance
- Highly sensitive data (health, financial): Use ε ≤ 1
- Less sensitive data: Consider ε = 5-10
- Experiment and evaluate: Run the model with different ε values and measure impact on both privacy (the ε value itself) and utility (model accuracy metrics like R², MSE)
- Document your choice: Always explain your reasoning for transparency and regulatory compliance
The toolkit includes visualization tools to help understand the privacy-utility trade-off empirically.
Core Privacy-First MMM Files:
advanced_mmm.py- Main privacy-first media mix modeling implementation with differential privacyrequirements.txt- Python dependencieseffort_mix_modeling.md- Additional MMM guidelines and methodologymmm_output_advanced/- Output directory for analysis results
Note: This repository also contains some customer churn analysis scripts (PRO_*.py, analysis_summary.py, telco.csv) from a separate analytics project. These are not part of the privacy-first MMM toolkit and can be ignored or removed for production use.
-
Clone the repository:
git clone https://github.com/yourusername/privacy-first-media-mix-modeling-toolkit.git cd privacy-first-media-mix-modeling-toolkit -
Install dependencies:
pip install -r requirements.txt
-
Run the advanced MMM example with differential privacy enabled:
python advanced_mmm.py
This will:
- Generate synthetic marketing data
- Apply differential privacy with ε=1.0 (configurable in script)
- Fit a Bayesian hierarchical model
- Generate visualizations and summary statistics
-
Customize privacy settings by editing
advanced_mmm.py:CONFIG = { "enable_privacy": True, # Set to False to disable "epsilon": 1.0, # Adjust privacy budget "delta": 1e-5, # Failure probability # ... other settings }
-
Explore outputs in the
mmm_output_advanced/directory:mmm_summary.csv: Estimated parameters and marginal ROIresponse_curves.png: Saturation curves for each channelpredicted_vs_actual.png: Model fit qualitycontribution_breakdown.png: Channel contribution over time
To use your own marketing data:
-
Format your data as aggregated weekly/daily summaries with columns:
weekordate: Time periodspend_<channel>: Aggregated spend per channelrevenue: Total revenuepromotions: Binary promotion indicator (optional)
-
Modify the
generate_weekly_data()function to load your data instead of generating synthetic data -
Adjust sensitivity parameters in CONFIG based on your data characteristics
By modeling marketing spend at an aggregated level and applying privacy-preserving techniques, this toolkit allows companies to:
- Optimize media budgets without violating consumer trust or privacy regulations
- Identify the most efficient channels and reallocate budgets to maximize ROI
- Comply with privacy laws (GDPR, CCPA, etc.) while maintaining analytical capabilities
- Build trust with customers through transparent, privacy-respecting analytics
- Future-proof marketing analytics as privacy regulations continue to evolve
This approach represents a paradigm shift toward a privacy-first engineering culture where systems are more resilient to data breaches, less susceptible to certain adversarial attacks, and more likely to maintain public trust—crucial for long-term AI adoption and success.
When making multiple queries on the same dataset, privacy budgets compose:
- Sequential composition: If you run k queries each with ε/k, total budget is ε
- The toolkit implements this by splitting ε across channels and metrics
- Be mindful of privacy budget depletion when running multiple analyses
The modular design allows for:
- Custom privacy mechanisms: Implement Gaussian mechanism or advanced variants
- Alternative models: Plug in different statistical models (e.g., time-series models)
- Additional PETs: Combine with techniques like federated learning or secure aggregation
We welcome contributions that extend the toolkit's privacy-preserving capabilities, improve documentation, or add new analytical features. Please ensure any changes maintain the privacy-first philosophy and include appropriate documentation of privacy implications.
This project is licensed under the Apache License 2.0 - see the LICENSE file for details.
- Dwork, C., & Roth, A. (2014). "The Algorithmic Foundations of Differential Privacy"
- Differential Privacy: A Primer for a Non-technical Audience (NIST)
- Google's Differential Privacy Library: https://github.com/google/differential-privacy
- Privacy-Preserving Machine Learning: Threats and Solutions (IEEE)
This toolkit demonstrates principles from the AI safety and privacy-preserving machine learning research communities. It is designed as an educational resource and proof-of-concept for responsible AI development.
Note: This is a proof-of-concept toolkit for educational and research purposes. For production deployments, consult with privacy and security experts, conduct thorough privacy audits, and ensure compliance with applicable regulations.