Skip to main contentSkip to primary navigation
Trust & security

What ClickReport stores, why, and who can touch it

Plain answers for the person who has to approve this tool: what data we collect, how long we keep it, how exclusion decisions are made, and what we deliberately do not claim.

What we collect and why

ClickReport records each visit to your instrumented landing pages: timestamp, visitor identifier, IP address, user agent, referrer, and the campaign context carried by your ad URLs (campaign tag, GCLID). That is the evidence chain — it is what lets a suspicious pattern be tied to the campaign and keyword that paid for it.

Raw IP addresses are stored because Google Ads IP exclusions require exact addresses. Deployments that do not need exclusion workflows can run in hashed or dropped IP modes instead.

Retention and deletion

Tracking data is purged automatically after 395 days by default (a daily job; the floor is 30 days, and the window is configurable per deployment). Deleting your account erases its tracking records — visitor rows, click events, conversions, and rollups — through database-enforced cascades, not a best-effort script.

Evidence exports you generate expire and are removed from storage on a schedule. Visitor-erasure requests from the public privacy request form are reviewed by a human before action — an unauthenticated “erase this IP” endpoint would let an attacker destroy someone else's evidence, so we deliberately do not offer one.

How exclusion decisions are made

Detection is explainable, not a black box: every flagged click carries reason codes (repeat visitor, IP spike, no engagement, tracking-parameter anomalies) and a risk score you can inspect. Recommendations in the review queue use the same grading as the automation, so what you see is what the system would do.

  • Automation acts only on sources the risk engine grades critical — a risk score of at least 75 with corroborating reason codes, never a raw click counter alone.
  • A source must repeat at least 6 times before automation may act, regardless of configured thresholds.
  • Private, carrier-grade NAT, and reserved ranges are never auto-excluded, and shared public IPs with several distinct visitors are held for human review.
  • Automated exclusions are capped at 25 per account per day, fail closed, and queue to human review when stale.
  • Every exclusion — manual or automated — is recorded with its trigger, campaign scope, and result, and can be reversed from the same screen.
  • Sources with recorded conversions or engaged sessions are skipped: a converting visitor is a customer, not fraud.

Google Ads enforces its own platform limits (up to 500 IP exclusions per campaign); the workflow surfaces those limits where you make the decision.

Account access and Google Ads authorization

Google Ads is connected through OAuth with the Google Ads API scope only — ClickReport never sees your Google password. Refresh tokens are encrypted at rest with a dedicated key, and you can disconnect the integration at any time, which removes the stored token.

Support access to a customer account requires a signed, time-limited grant tied to a named support actor, and is logged. Sessions can be revoked account-wide on password change. Login history is recorded and visible to the account owner.

Subprocessors

  • Amazon Web ServicesApplication hosting, database, and report storage (US region).
  • StripeSubscription billing and invoices. Card details never touch ClickReport servers.
  • SendGrid (Twilio)Transactional email: signup, alerts, reports, and digests.
  • TwilioSMS alert delivery on plans that include it.
  • GoogleGoogle Ads API access for cost import and IP exclusions you authorize.

Reliability and incidents

A public status page and health endpoint report availability. Operational incidents are captured by an internal incident reporter, and the database runs on a managed service with automated backups. Landing-page uptime monitoring (five-minute cadence on monitored pages) alerts you when paid traffic is being sent to a broken page.

What we do not claim

No tool stops all click fraud, and we do not claim to. Google detects and credits much invalid traffic on its own; ClickReport's job is the layer Google does not give you — first-party evidence on your landing pages, a documented decision workflow, and safe, reversible exclusions for the repeat offenders Google's filters miss. Cost figures are always labeled with their source: imported Google Ads cost where connected, clearly-marked estimates where not.

A formal data-processing addendum is being prepared; contact us for data-processing questions in the meantime.