AdProtektor

Privacy Policy

Last updated: May 20, 2026

1. Introduction

This Privacy Policy explains how AdProtektor Inc. (“AdProtektor,” “we,” “us,” or “our”) collects, uses, shares, and protects personal information in connection with our website at adprotektor.app, our application at app.adprotektor.app, and the services we provide (collectively, the “Service”).

AdProtektor provides AI-powered click fraud detection and prevention for digital advertising. Our Service involves two distinct roles in data processing, which are described throughout this policy.

If you have questions about this policy, contact us at support@adprotektor.app.

2. Information We Collect

2.1 Account Information

When you register for an account, we collect:

  • Name and email address
  • Password (stored in hashed form)
  • Company name (optional)
  • Domain names you register for protection

2.2 Payment Information

Payments are processed by a third-party payment provider. We do not store your credit card numbers, bank account details, or other sensitive financial information on our servers. The payment provider’s privacy policy governs the processing of your payment data.

2.3 Tracking Data from Customer Websites (Processed on Behalf of Customers)

When our customers install the AdProtektor tracking script on their websites, we collect the following data from their website visitors to detect and prevent click fraud. In this context, our customer is the data controller, and AdProtektor acts as a data processor. This data includes:

  • Network information: IP addresses
  • Device and browser information: user agent string, browser type and version, operating system, device type and model, screen resolution
  • Visitor identification: browser-based fingerprint identifiers used to detect repeat visitors across sessions
  • Behavioral signals: time spent on page, scroll depth, click count, mouse movement patterns, keystroke activity (no content captured), and engagement signals such as phone link clicks, email link clicks, form submissions, and the number of form fields interacted with
  • Session recordings: recordings of page interactions (DOM changes, mouse positions, scroll events) with input field values masked by default
  • Advertising parameters: Google Click ID (GCLID), WBRAID, GBRAID, Facebook Click ID (fbclid), UTM parameters, and keyword data
  • Page information: landing page URL and referrer URL
  • Geographic data: approximate location (country, city) derived from IP address

2.4 Google Ads & Meta (Facebook / Instagram) Ads Integration Data

If you connect your Google Ads account, we access your Google Ads account ID and campaign information to manage IP exclusion lists on your behalf. If you connect a Meta (Facebook / Instagram) ad account by partner-sharing it with AdProtektor’s Business Manager, we access your Meta ad-account metadata, campaign list, and audience identifiers to manage exclusion audiences on your behalf. We do not use Facebook Login and we do not store any login tokens for your account. We never read campaign performance metrics or creative content.

2.5 ConversionOS Data (Optional Add-on)

When you enable the ConversionOS add-on, our customer’s website passes conversion event data to AdProtektor — for example, order ID, order value, currency, and customer-supplied identifiers such as email address, phone number, and name. Before this data leaves our servers we hash these identifiers using SHA-256 in line with the matching requirements of Meta and Google. We then dispatch the hashed conversion event to the destinations you have configured for that domain (Meta Pixel + Conversions API, Google Analytics 4, and/or Google Enhanced Conversions for Web), using a shared event ID for de-duplication. We do not sell or retain this data for our own marketing.

3. How We Use Information

We use the information we collect to:

  • Provide and operate the Service, including fraud detection, visitor classification, and automated blocking
  • Build behavioral profiles to identify repeat offenders across IPs, devices, and browsers
  • Classify website visitors into categories (Real, Crawler, Bot, Competitor, or Click Farm)
  • Generate threat scores and make automated blocking decisions
  • Record and replay flagged visitor sessions for verification purposes
  • Manage Google Ads IP exclusion lists and Meta Custom Audience exclusions based on detected threats
  • Provide analytics, reporting, and AI-assisted analysis
  • Send notifications about detected threats and account activity
  • Process payments and manage subscriptions
  • Improve and develop our fraud detection capabilities
  • Respond to support requests

4. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), UK, or Switzerland, we process personal data under the following legal bases:

  • Contractual necessity: Processing necessary to provide the Service you have subscribed to
  • Legitimate interest: Processing for fraud prevention and security purposes, which constitutes a legitimate interest under GDPR Recital 47
  • Consent: Where required by law, such as for certain types of cookies or marketing communications
  • Legal obligation: Where processing is required to comply with applicable laws

5. Data Sharing and Third Parties

We share personal data with the following categories of service providers, solely as necessary to operate the Service:

  • Payment processor — payment processing (we plan to migrate to Tranzila; until that’s live, billing is handled manually by our team)
  • Google Ads API — IP exclusion list management (only when you connect your Google Ads account)
  • Meta Marketing API (Facebook) — Custom Audience exclusion management (only when you connect your Meta ad account)
  • Meta Conversions API, Google Analytics 4 Measurement Protocol, Google Enhanced Conversions for Web — conversion event delivery, only when the ConversionOS add-on is enabled and you have configured the corresponding destination for a domain
  • Google Gemini — AI-powered traffic analysis
  • GeoIP services — IP address geolocation
  • Hosting infrastructure — secure data storage and application delivery

We do not sell, rent, or trade your personal data to third parties for marketing or advertising purposes.

We may disclose information if required by law, regulation, or legal process, or to protect the rights, property, or safety of AdProtektor, our customers, or others.

6. Data Retention

We retain personal data for as long as necessary to provide the Service and fulfill the purposes described in this policy:

  • Account data: retained while your account is active and for a reasonable period afterward
  • Tracking event data: retained for up to 90 days from collection
  • Blocked IP and visitor records: retained for the duration of the blocking period configured in your settings
  • Session recordings: retained for up to 90 days
  • Payment records: retained as required by applicable tax and financial regulations

Upon termination of your account, we delete or anonymize your data within a reasonable timeframe, except where retention is required by law.

7. International Data Transfers

AdProtektor processes data on servers located in the United States. If you are accessing the Service from outside the United States, your data will be transferred to and processed in the United States.

For transfers of personal data from the EEA, UK, or Switzerland, we rely on appropriate transfer mechanisms, including Standard Contractual Clauses (SCCs) where applicable.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate data
  • Deletion: Request deletion of your personal data
  • Portability: Request your data in a portable format
  • Objection: Object to processing based on legitimate interest
  • Restriction: Request that we restrict the processing of your data
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, contact us at support@adprotektor.app. We will respond to your request within 30 days. If you connected a Meta ad account, you can revoke AdProtektor’s access at any time by removing us as a partner in your Meta Business Settings; doing so stops all further access to that ad account.

California Residents (CCPA/CPRA)

If you are a California resident, you have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information. To submit a request, contact us at support@adprotektor.app.

9. AdProtektor as a Data Processor

When AdProtektor collects data from the websites of our customers (via the tracking script), we act as a data processor on behalf of our customers, who are the data controllers.

Our customers are responsible for ensuring they have a lawful basis for the data collection performed by the tracking script, including providing appropriate privacy notices and obtaining consent from their website visitors where required.

The relationship between AdProtektor and our customers as data controllers is governed by our Data Processing Agreement.

10. Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit (TLS), access controls, input masking in session recordings, and regular security reviews.

No method of transmission over the internet or electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee its absolute security.

11. Children’s Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us at support@adprotektor.app and we will promptly delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a prominent notice on our website. Your continued use of the Service after such changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:

AdProtektor Inc.
Email: support@adprotektor.app