Privacy Policy

1. Introduction

ClickDefender ("we", "our", or "us") is committed to protecting your privacy and the privacy of your website visitors. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our click fraud protection service.

ClickDefender is a UK-based company. We process data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data We Collect

2.1 Account Information

When you create an account, we collect:

• Email address
• Name (optional)
• Company name (optional)
• Billing information (processed securely by GoCardless)

2.2 Click Event Data

To detect click fraud, our tracking script collects the following data from visitors to your protected websites:

• IP addresses - Hashed and anonymized for privacy
• User agent strings - Browser and device information
• Browser fingerprint - A privacy-preserving hash of browser characteristics
• Click timestamps - When clicks occur
• Page URLs - The pages being visited
• Referrer information - Where traffic originates from
• Behavioral signals - Mouse movements, scroll patterns, dwell time
• Screen resolution and timezone - Device characteristics

2.3 Technical Data

We also collect technical data including VPN/proxy detection results, datacenter IP identification, and bot signature matching to accurately identify fraudulent traffic.

3. How We Use Your Data

We use the collected data for the following purposes:

• Fraud Detection - Analyzing click patterns to identify invalid, fraudulent, or bot traffic
• Service Provision - Generating fraud scores, blocklists, and reports for your account
• Service Improvement - Improving our detection algorithms and machine learning models
• Communication - Sending service updates, security alerts, and support responses
• Billing - Processing payments and managing your subscription
• Legal Compliance - Meeting our legal and regulatory obligations

4. Data Retention

We retain data for the following periods:

• Click event data - Retained for 90 days, then automatically deleted
• Aggregated statistics - May be retained longer in anonymized form
• Account data - Retained while your account is active, plus 30 days after deletion request
• Billing records - Retained for 7 years as required by UK tax law

The 90-day retention period for click data aligns with GDPR data minimization principles while providing sufficient time for fraud pattern analysis and Google Ads refund claims.

5. Legal Basis for Processing

We process personal data under the following legal bases:

• Contract - Processing necessary to provide our services to you
• Legitimate Interest - Fraud detection and prevention, which benefits both you and your legitimate website visitors
• Legal Obligation - Processing required by law (e.g., tax records)
• Consent - Where you have given explicit consent (e.g., marketing communications)

6. Your Rights

Under UK GDPR, you have the following rights:

• Right of Access - Request a copy of your personal data
• Right to Rectification - Request correction of inaccurate data
• Right to Erasure - Request deletion of your personal data
• Right to Restrict Processing - Request limitation of how we use your data
• Right to Data Portability - Receive your data in a machine-readable format
• Right to Object - Object to processing based on legitimate interests
• Right to Withdraw Consent - Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at privacy@clickdefender.app. We will respond within 30 days.

7. Cookies and Tracking

We use cookies and similar technologies for the following purposes:

• Essential Cookies - Required for authentication and security
• Functional Cookies - Remember your preferences and settings
• Analytics Cookies - Help us understand how you use our dashboard

Our fraud detection script uses a first-party cookie to track visitor sessions on your protected websites. This cookie is essential for accurate fraud detection and does not track users across different websites.

8. Third-Party Services

We use the following third-party services:

• GoCardless - Payment processing. GoCardless is authorised by the Financial Conduct Authority under the Payment Services Regulations 2017. Their privacy policy is available at gocardless.com/privacy
• IP Geolocation Services - To identify datacenter IPs and VPN providers
• Cloud Infrastructure - Secure hosting and data storage

We ensure all third-party providers meet appropriate data protection standards and have signed Data Processing Agreements where required.

9. Data Security

We implement appropriate technical and organizational measures to protect your data:

• All data transmitted using TLS 1.3 encryption
• IP addresses are hashed before storage
• Access controls and authentication for all systems
• Regular security audits and penetration testing
• Employee training on data protection
• Incident response procedures

10. International Data Transfers

We primarily store and process data within the United Kingdom and European Economic Area. Where data is transferred outside these regions, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK Information Commissioner's Office.

11. Children's Privacy

Our service is not directed at children under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through a notice on our website. The "Last updated" date at the top of this policy indicates when it was last revised.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: