Privacy Policy

Last updated: March 2026

1. Introduction

MyClickShield is a click fraud protection service operated by VELJASMELE LTD, a company registered in England and Wales with its registered office at 128 City Road, London EC1V 2NX, United Kingdom. In this Privacy Policy, "we", "our", "us" and "MyClickShield" refer to VELJASMELE LTD. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. This policy complies with the requirements of Google, Meta (Facebook), and Microsoft advertising platforms, as well as GDPR and CCPA regulations.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your name, email address, company name, and billing information.

2.2 Click and Traffic Data

We collect data about clicks on your advertisements, including:

  • IP addresses (hashed for privacy where possible)
  • Device information and device identifiers
  • Browser type and version
  • Operating system
  • Click timestamps and frequency
  • Referrer URLs and landing page URLs
  • Behavioral patterns and mouse movements
  • Click identifiers (gclid, fbclid, msclkid)
  • Geographic location (country/region level)

2.3 Connected Advertising Account Data

When you connect your advertising accounts, we access:

  • Google Ads: Campaign IDs, ad group IDs, conversion data, and IP exclusion lists
  • Meta Ads: Ad account IDs, campaign data, pixel events, and custom audience information
  • Microsoft Ads: Account IDs, campaign data, and negative site lists

2.4 Usage Data

We collect information about how you interact with our platform, including pages visited and features used.

3. How We Use Your Information

We use the information we collect to:

  • Provide and maintain our click fraud protection service
  • Detect and block fraudulent clicks on your advertisements
  • Create and manage IP exclusion lists on your connected ad platforms
  • Report invalid click activity to advertising platforms
  • Generate reports and analytics for your account
  • Communicate with you about your account and our services
  • Improve our fraud detection algorithms using aggregated, anonymized data

4. Third-Party Advertising Platform Integration

4.1 Google Ads API Integration

MyClickShield uses the Google Ads API to help advertisers reduce wasted ad spend by identifying and excluding invalid traffic from their campaigns. We do not sell, rent, or share Google Ads data with any third parties. Data retrieved from the Google Ads API is used solely to provide click fraud protection services to the authenticated advertiser and is never combined with data from other customers for any commercial purpose.

Specifically, we call the following Google Ads API services:

  • CustomerService.listAccessibleCustomers — to list the Google Ads accounts the authenticated user has authorized us to manage during the OAuth connection flow.
  • GoogleAdsService.searchStream — to read the list of active (ENABLED) campaigns on the connected account, so we know where to apply IP exclusions.
  • CampaignCriterionService.mutate — to add (and remove) negative IP_BLOCK criteria to campaign-level exclusion lists. Every mutation is logged and reversible from the MyClickShield dashboard.
  • ConversionAdjustmentUploadService.uploadConversionAdjustments — to upload RETRACTION conversion adjustments for clicks the user has opted to report as invalid via the GCLID.

We do not use any Google Ads API services to read or modify ad content, budgets, billing information, targeting, or keywords. Our integration is limited to the four services above.

User control over automated actions: All automated actions — such as IP exclusions, offline conversion adjustments, and optional campaign auto-pause — are fully configurable by the user and can be reviewed, modified, or disabled at any time from the MyClickShield dashboard. The user can also revoke API access completely at any time via their Google Account settings or from within MyClickShield.

We access customer Google Ads accounts only via OAuth 2.0 with explicit user consent, requesting the minimum permissions necessary (ads_management scope). Refresh tokens are stored encrypted at rest and are never shared externally.

Data shared with Google: IP addresses identified as invalid, click identifiers (gclid, wbraid, gbraid), and conversion adjustment data. Google's privacy policy applies to data processed by Google: https://policies.google.com/privacy

4.2 Meta (Facebook) Ads Integration

When you connect your Meta Ads account, we:

  • Access your account via Facebook Login with your explicit consent
  • Create and manage Custom Audiences for exclusion of fraudulent traffic
  • Send invalid traffic events via the Meta Conversions API
  • Store your access token securely (encrypted at rest) to maintain the connection
  • Only request the minimum permissions necessary (ads_management, ads_read, business_management)

Data shared with Meta: Hashed IP addresses, click identifiers (fbclid), user agent data, event timestamps. Meta's privacy policy applies to data processed by Meta: https://www.facebook.com/privacy/policy/

4.3 Microsoft Ads Integration

When you connect your Microsoft Ads account, we:

  • Access your account via Microsoft Identity Platform with your explicit consent
  • Add fraudulent sources to your Negative Site Lists
  • Report invalid conversions via the Microsoft Ads Offline Conversion API
  • Store your refresh token securely (encrypted at rest) to maintain the connection

Data shared with Microsoft: IP addresses, click identifiers (msclkid), conversion data. Microsoft's privacy policy applies to data processed by Microsoft: https://privacy.microsoft.com/privacystatement

5. Data Sharing

We do not sell your personal information. We share information only as follows:

  • With your connected advertising platforms: To enable IP exclusions and invalid click reporting as described above
  • Service providers: Cloud hosting (encrypted data at rest and in transit), payment processing (Stripe)
  • Legal requirements: When required by law, court order, or to protect our legal rights
  • Business transfers: In connection with a merger, acquisition, or sale of assets (with notice to you)

6. Data Security

We implement industry-standard security measures to protect your data:

  • All data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • OAuth tokens stored with additional encryption layer
  • Regular security audits and penetration testing
  • Access controls and audit logging
  • Secure data centers with SOC 2 compliance

7. Data Retention

  • Click data: Retained for 90 days, then automatically deleted
  • Account information: Retained for the duration of your subscription plus 30 days
  • OAuth tokens: Retained until you disconnect your ad account or delete your account
  • Aggregated analytics: May be retained indefinitely in anonymized form

You can request deletion of your data at any time by contacting us or through your account settings.

8. Your Rights and Controls

You have the following rights regarding your data:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate data
  • Deletion: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a machine-readable format
  • Objection: Object to certain types of processing
  • Withdraw consent: Disconnect ad accounts at any time through your dashboard
  • Restriction: Request limitation of processing

To exercise these rights, contact us at [email protected] or use the controls in your account dashboard.

9. Cookies and Tracking

Our fraud detection script uses first-party cookies and local storage to:

  • Identify returning visitors for fraud pattern detection
  • Store session information for click analysis
  • Maintain fraud scores across page views

These are essential for our service and cannot be disabled while using MyClickShield protection.

10. GDPR Compliance (EU/EEA Users)

For users in the European Union and European Economic Area:

  • Legal basis: We process data based on your consent (for ad platform connections) and legitimate interest (for fraud detection)
  • Data transfers: Data may be transferred to the US where our servers are located, protected by Standard Contractual Clauses
  • DPO: Contact our Data Protection Officer at [email protected]
  • Supervisory authority: You have the right to lodge a complaint with your local data protection authority

11. CCPA Compliance (California Users)

For California residents under the California Consumer Privacy Act:

  • We do not sell personal information
  • You have the right to know what personal information we collect and how it's used
  • You have the right to delete your personal information
  • You have the right to opt-out of the sale of personal information (not applicable as we don't sell)
  • We will not discriminate against you for exercising your CCPA rights

12. Children's Privacy

Our service is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through our service. Your continued use after changes constitutes acceptance of the updated policy.

14. Contact Us

For privacy-related questions, to exercise your rights, or for complaints:

We will respond to all requests within 30 days.