Privacy Policy

Last updated: February 2025

1. Introduction

MyClickShield ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our click fraud protection service. This policy complies with the requirements of Google, Meta (Facebook), and Microsoft advertising platforms, as well as GDPR and CCPA regulations.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your name, email address, company name, and billing information.

2.2 Click and Traffic Data

We collect data about clicks on your advertisements, including:

  • IP addresses (hashed for privacy where possible)
  • Device information and device identifiers
  • Browser type and version
  • Operating system
  • Click timestamps and frequency
  • Referrer URLs and landing page URLs
  • Behavioral patterns and mouse movements
  • Click identifiers (gclid, fbclid, msclkid)
  • Geographic location (country/region level)

2.3 Connected Advertising Account Data

When you connect your advertising accounts, we access:

  • Google Ads: Campaign IDs, ad group IDs, conversion data, and IP exclusion lists
  • Meta Ads: Ad account IDs, campaign data, pixel events, and custom audience information
  • Microsoft Ads: Account IDs, campaign data, and negative site lists

2.4 Usage Data

We collect information about how you interact with our platform, including pages visited and features used.

3. How We Use Your Information

We use the information we collect to:

  • Provide and maintain our click fraud protection service
  • Detect and block fraudulent clicks on your advertisements
  • Create and manage IP exclusion lists on your connected ad platforms
  • Report invalid click activity to advertising platforms
  • Generate reports and analytics for your account
  • Communicate with you about your account and our services
  • Improve our fraud detection algorithms using aggregated, anonymized data

4. Third-Party Advertising Platform Integration

4.1 Google Ads Integration

When you connect your Google Ads account, we:

  • Access your account via OAuth 2.0 with your explicit consent
  • Add fraudulent IP addresses to your campaign exclusion lists
  • Report invalid clicks via the Google Ads API Conversion Adjustment feature
  • Store your refresh token securely (encrypted at rest) to maintain the connection
  • Only request the minimum permissions necessary (ads_management scope)

Data shared with Google: IP addresses identified as fraudulent, click identifiers (gclid), conversion adjustment data. Google's privacy policy applies to data processed by Google: https://policies.google.com/privacy

4.2 Meta (Facebook) Ads Integration

When you connect your Meta Ads account, we:

  • Access your account via Facebook Login with your explicit consent
  • Create and manage Custom Audiences for exclusion of fraudulent traffic
  • Send invalid traffic events via the Meta Conversions API
  • Store your access token securely (encrypted at rest) to maintain the connection
  • Only request the minimum permissions necessary (ads_management, ads_read, business_management)

Data shared with Meta: Hashed IP addresses, click identifiers (fbclid), user agent data, event timestamps. Meta's privacy policy applies to data processed by Meta: https://www.facebook.com/privacy/policy/

4.3 Microsoft Ads Integration

When you connect your Microsoft Ads account, we:

  • Access your account via Microsoft Identity Platform with your explicit consent
  • Add fraudulent sources to your Negative Site Lists
  • Report invalid conversions via the Microsoft Ads Offline Conversion API
  • Store your refresh token securely (encrypted at rest) to maintain the connection

Data shared with Microsoft: IP addresses, click identifiers (msclkid), conversion data. Microsoft's privacy policy applies to data processed by Microsoft: https://privacy.microsoft.com/privacystatement

5. Data Sharing

We do not sell your personal information. We share information only as follows:

  • With your connected advertising platforms: To enable IP exclusions and invalid click reporting as described above
  • Service providers: Cloud hosting (encrypted data at rest and in transit), payment processing (Stripe)
  • Legal requirements: When required by law, court order, or to protect our legal rights
  • Business transfers: In connection with a merger, acquisition, or sale of assets (with notice to you)

6. Data Security

We implement industry-standard security measures to protect your data:

  • All data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • OAuth tokens stored with additional encryption layer
  • Regular security audits and penetration testing
  • Access controls and audit logging
  • Secure data centers with SOC 2 compliance

7. Data Retention

  • Click data: Retained for 90 days, then automatically deleted
  • Account information: Retained for the duration of your subscription plus 30 days
  • OAuth tokens: Retained until you disconnect your ad account or delete your account
  • Aggregated analytics: May be retained indefinitely in anonymized form

You can request deletion of your data at any time by contacting us or through your account settings.

8. Your Rights and Controls

You have the following rights regarding your data:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate data
  • Deletion: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a machine-readable format
  • Objection: Object to certain types of processing
  • Withdraw consent: Disconnect ad accounts at any time through your dashboard
  • Restriction: Request limitation of processing

To exercise these rights, contact us at [email protected] or use the controls in your account dashboard.

9. Cookies and Tracking

Our fraud detection script uses first-party cookies and local storage to:

  • Identify returning visitors for fraud pattern detection
  • Store session information for click analysis
  • Maintain fraud scores across page views

These are essential for our service and cannot be disabled while using MyClickShield protection.

10. GDPR Compliance (EU/EEA Users)

For users in the European Union and European Economic Area:

  • Legal basis: We process data based on your consent (for ad platform connections) and legitimate interest (for fraud detection)
  • Data transfers: Data may be transferred to the US where our servers are located, protected by Standard Contractual Clauses
  • DPO: Contact our Data Protection Officer at [email protected]
  • Supervisory authority: You have the right to lodge a complaint with your local data protection authority

11. CCPA Compliance (California Users)

For California residents under the California Consumer Privacy Act:

  • We do not sell personal information
  • You have the right to know what personal information we collect and how it's used
  • You have the right to delete your personal information
  • You have the right to opt-out of the sale of personal information (not applicable as we don't sell)
  • We will not discriminate against you for exercising your CCPA rights

12. Children's Privacy

Our service is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through our service. Your continued use after changes constitutes acceptance of the updated policy.

14. Contact Us

For privacy-related questions, to exercise your rights, or for complaints:

We will respond to all requests within 30 days.