GDPR Compliance
How ClickFortify protects ad budgets from click fraud while respecting EU data protection law — privacy-first detection, data minimization, and a DPA that stands behind it.
Overview
ClickFortify is built around a privacy-first principle: detecting click fraud requires technical signals about traffic, not personal profiles of people. This page explains how ClickFortify approaches the EU General Data Protection Regulation (GDPR) — what data is processed, on what legal basis, what our role is, and how to exercise data subject rights. It complements our Privacy Policy, Data Processing Agreement, and Data Security documentation.
What is the GDPR?
The GDPR is the European Union’s data protection law. It governs how organizations collect, use, store, and share personal data of people in the EU and EEA, regardless of where the organization itself is located. It defines roles (controller and processor), requires a lawful basis for every processing activity, and grants individuals rights over their data.
Controller and processor: who does what
In short: our customers control their data; ClickFortify processes it on their instructions.
- You (the advertiser) are the data controller for traffic and conversion data generated by your campaigns and website visitors.
- ClickFortify acts as a data processor, analyzing that traffic to detect invalid clicks and fraud, strictly for the purposes described in our DPA.
- For our own customer accounts (name, email, billing), ClickFortify is the controller, as described in the Privacy Policy.
What data ClickFortify processes — and what it never does
Fraud detection runs on technical traffic signals, processed with strict data minimization:
- Network signals: IP address, ASN, data-center / VPN / proxy indicators
- Device and browser characteristics used to form an anonymized device signature
- Behavioral signals: click velocity, session depth, engagement patterns
- Campaign context: which ad, campaign, and platform a click came from
Just as important is what ClickFortify does not do with this data:
- No advertising profiles are built on individuals
- Fraud signals are never repurposed for ad targeting or marketing
- Personal data is never sold
- No sensitive (special category) data is intentionally collected
Legal basis: fraud prevention as legitimate interest
Detecting and preventing click fraud is widely recognized as a legitimate interest under GDPR Article 6(1)(f): it processes technical signals rather than sensitive personal information, exists to stop abuse rather than to profile people, and applies data minimization throughout. Account and billing data is processed on the basis of contract performance, and any optional communications on the basis of consent.
The Data Processing Agreement (DPA)
Customers who process EU/EEA personal data through ClickFortify can rely on our Data Processing Agreement, which defines the scope, purpose, and duration of processing, confidentiality and security obligations, and the handling of deletion instructions. The DPA forms part of the service terms — if your compliance team needs a countersigned copy, contact us at app@clickfortify.com.
Data subject rights
GDPR grants individuals rights over their personal data, including:
- Access — request a copy of personal data held
- Rectification — correct inaccurate data
- Erasure — request deletion (“right to be forgotten”)
- Restriction and objection — limit or object to certain processing
- Portability — receive data in a structured, machine-readable format
Requests relating to your ClickFortify account can be sent to app@clickfortify.com. If you are a website visitor whose traffic was analyzed on behalf of one of our customers, the customer is the controller for that data — we support them in fulfilling such requests, including deletion instructions, as set out in the DPA.
Security measures
Data is encrypted in transit and at rest, access is restricted and logged, and the processing pipeline applies strict data minimization end to end. Our Data Security page describes these controls in more detail.
Questions about GDPR compliance
For GDPR questions, DPA requests, or data subject inquiries, contact app@clickfortify.com. For California-specific privacy rights, see our CCPA & CPRA compliance page.