Privacy Policy

Last updated: 17 April 2026

ClickClickBlock ("we," "us," or "our") provides click fraud protection services for online advertisers. This policy explains what data we collect, how we use it, and your rights.

    The short version: We collect the minimum data needed to detect click fraud. We don't sell your data. We don't use it for advertising. We don't share it with third parties except to provide the service.
  

1. What We Collect

From you (our customers)

Account information: name, email address, and password (hashed, never stored in plain text)
Billing information: handled entirely by Stripe. We never see or store your card number.
Usage data: dashboard logins, settings changes, support requests

From your website visitors (via the tracking snippet)

When you install the ClickClickBlock snippet on your website, we collect the following from each visitor to detect click fraud:

IP address — to identify datacenter/VPN traffic and repeat visitors
Browser fingerprint — a hash derived from the visitor's browser characteristics (screen size, timezone, language, canvas rendering). This is not personally identifiable.
User agent string — browser type, version, and operating system
Page URL and referrer — which page they visited and where they came from
Click behaviour — click timing, mouse movement patterns, and session duration (used to distinguish human visitors from bots)
Approximate location — country and city, derived from the IP address

    We do not collect: names, email addresses, phone numbers, form submissions, credit card details, or any other personal information from your website visitors. We cannot identify individual people — only browser sessions.
  

2. How We Use This Data

Fraud detection: analysing visitor behaviour patterns to identify bots, click farms, datacenter traffic, and competitor clicks
Blocking: preventing identified fraudulent visitors from wasting your ad budget
Reporting: showing you who visited your site, whether they were blocked, and why
Service improvement: improving our detection algorithms based on aggregate, anonymised patterns

3. Data Sharing

We do not sell, rent, or share your data or your visitors' data with any third party, with the following exceptions:

Google Ads / Microsoft Ads: if you enable IP exclusion sync, we push blocked IP addresses to your Google or Microsoft Ads account to prevent those IPs from seeing your ads. This is done at your request and only to your own ad accounts.
Stripe: processes payments on our behalf. See Stripe's privacy policy.
Resend: sends transactional emails (welcome, reports, alerts) on our behalf. See Resend's privacy policy.
Legal requirements: if required by law, regulation, or valid legal process.

4. Data Retention

Event data (pageviews, clicks, blocks): retained for 90 days, then automatically deleted
Visitor records (fingerprint, IP, block status): retained while your account is active
Account data: retained while your account is active. Deleted within 30 days of account closure on request.

5. Cookies and Local Storage

The ClickClickBlock snippet uses localStorage (not cookies) to store a session identifier in the visitor's browser. This is used solely to track click patterns within a single session for fraud detection. It contains no personal information and cannot be used to track visitors across other websites.

Our dashboard uses localStorage to store your authentication token so you stay logged in. No third-party cookies are used anywhere on clickclickblock.com.

6. GDPR and Data Processing

If you are based in the UK or EU:

We act as a data processor on your behalf. You (our customer) are the data controller for the visitor data collected on your website.
Our legal basis for processing visitor data is your legitimate interest in protecting your advertising investment from fraud.
We process data on servers in the United States (via Render.com). By using our service, you consent to this transfer.
You can request a Data Processing Agreement (DPA) by emailing us.

7. Your Rights

You have the right to:

Access your account data and export your visitor data (CSV export is available in the dashboard)
Correct any inaccurate information
Delete your account and all associated data
Object to processing — you can remove the tracking snippet from your website at any time to stop data collection

8. Security

We take reasonable measures to protect your data, including:

Passwords hashed with bcrypt (12 rounds)
All connections encrypted via HTTPS/TLS
API authentication via JWT tokens and API keys
Super-admin access restricted by separate token

9. Children's Privacy

ClickClickBlock is a business-to-business service. We do not knowingly collect data from children under 16. Our service is intended for use by businesses and website operators.

10. Changes to This Policy

We may update this policy from time to time. If we make significant changes, we'll notify you by email. The "last updated" date at the top of this page will always reflect the most recent revision.

11. Contact Us

If you have questions about this privacy policy or your data, contact us at:

Email: hello@clickclickblock.com