Privacy Policy

Last updated: 16 March 2026

1. Introduction

BlackFry Ltd ("ClickLens", "we", "us") is committed to protecting your privacy. This policy explains how we collect, use, and safeguard information when you use our website (clicklens.io) and ad fraud detection service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your name, email address, and authentication credentials via Google OAuth. If you subscribe to a paid plan, Stripe processes your payment information — we do not store credit card numbers.

2.2 Visitor Session Data

Our tracking tag collects technical signals from visitors to your websites for fraud detection purposes. This includes:

  • Browser type, version, and language settings
  • Device type, screen resolution, and hardware characteristics
  • Canvas and WebGL fingerprints (hashed, not raw images)
  • Canvas stability verification (whether re-renders produce identical output)
  • Audio context fingerprint (hash only, not raw audio data)
  • Speech synthesis voice count (count only, not voice names)
  • Mouse movement, click, and scroll patterns
  • Keystroke timing patterns (no key content is captured)
  • Paste event count
  • Connection type and network performance metrics (round-trip time, DNS and connection timing)
  • Font enumeration count (count only, not font names)
  • JavaScript engine detection
  • Navigation performance timing
  • IP address and approximate geolocation (city-level)
  • Referring URL and landing page
  • Automation markers (e.g., headless browser indicators)
  • Interaction with hidden page elements used to identify automated visitors (honeypot detection)

Raw coordinate data (mouse positions, click positions) is processed in real time and only statistical summaries are stored — not individual coordinates. These summaries cannot be reversed to reconstruct individual movements.

We do not collect personal information from your website visitors such as names, email addresses, form inputs, or browsing history beyond the landing page.

2.3 Usage Data

We collect information about how you use the ClickLens dashboard, including pages visited, features used, and actions taken. This helps us improve the Service.

2.4 Verification Data

When sessions are verified (via honeypot, conversion tracking, or manual review), we store the verified classification (human or bot), the verification method, and a timestamp. This data improves the accuracy of our scoring engine.

  • Conversion tracking: If you call our conversion endpoint from your website, the associated session is marked as a verified human visitor. No additional data is collected beyond the session identifier.
  • Dispute feedback: Dashboard users may submit feedback disputing a session's classification. We store the suggested correction, the reason category, optional details text, and the submitter's account ID.

3. How We Use Information

  • Fraud detection: Visitor session data is processed by our scoring engine to classify traffic as human, suspect, or bot.
  • Service delivery: Account information is used to provide access to the dashboard, send reports, and manage subscriptions.
  • Communication: We send transactional emails (welcome emails, weekly reports, fraud alerts) and may send product updates. You can opt out of non-essential communications at any time.
  • Improvement: Aggregated, anonymised data may be used to improve our scoring algorithms and service quality.

4. Data Sharing

We do not sell your data. We share data only with:

  • Supabase: Database hosting and authentication
  • Stripe: Payment processing
  • Resend: Transactional email delivery
  • IPInfo: IP geolocation and network reputation data
  • AbuseIPDB: IP threat intelligence and abuse confidence scoring (when enabled)
  • Sentry: Error monitoring and performance tracking
  • Google Ads: Campaign spend and exclusion list syncing (only when you connect your Google Ads account)
  • Meta Ads: Campaign spend and exclusion list syncing (only when you connect your Meta Ads account)
  • Microsoft Ads: Campaign spend and exclusion list syncing (only when you connect your Microsoft Ads account)
  • TikTok Ads: Campaign spend and exclusion list syncing (only when you connect your TikTok Ads account)

We may also disclose information if required by law or to protect our rights and safety.

5. Data Retention

Session data is retained according to your plan: 7 days (Free), 30 days (Starter), 90 days (Growth), or 1 year (Pro). Account data is retained while your account is active and for 30 days after account deletion. Aggregated, anonymised statistics may be retained indefinitely.

6. Cookies

The ClickLens dashboard uses essential cookies for authentication and session management. We do not use advertising or third-party tracking cookies on our website. The ClickLens tracking tag installed on your websites does not set cookies — it uses sessionStorage and fingerprint-based session identification.

7. Security

We implement industry-standard security measures including encryption in transit (TLS 1.3), encryption at rest, regular security audits, and access controls. The API is designed to prevent information leakage. Fingerprint data is hashed before storage. For a detailed breakdown of tag security, data collection, and Subresource Integrity verification, see our Tag Security & Data Disclosure page.

8. Your Rights

Under applicable data protection laws (including GDPR), you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict processing of your data
  • Data portability — receive your data in a machine-readable format
  • Withdraw consent at any time

To exercise any of these rights, contact us at privacy@clicklens.io .

9. Responsibilities of ClickLens Customers

If you install the ClickLens tag on your website, you are the data controller for the visitor data collected. You are responsible for providing appropriate privacy notices to your website visitors and obtaining any required consent. ClickLens acts as a data processor on your behalf for this data. We recommend updating your website's privacy policy to disclose the use of ClickLens for fraud detection.

10. International Data Transfers

Data may be processed in countries outside your jurisdiction. We ensure appropriate safeguards are in place, including standard contractual clauses, for any international transfers of personal data.

11. Children's Privacy

The Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

12. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or through the Service. The "Last updated" date at the top of this page indicates when the policy was last revised.

13. Contact

For privacy-related enquiries, contact us at privacy@clicklens.io or visit our contact page .

BlackFry Ltd
United Kingdom