Legal

Privacy Policy

We take your privacy seriously. This policy explains what data we collect, why we collect it, and how we protect it. Written in plain English, not legalese.

Last updated: March 7, 2026

Introduction

Further Forward Innovation Ltd, trading as Click Guardian ("we", "us", "our"), operates the clickguardian.ai website and the Click Guardian click fraud protection platform. This privacy policy applies to all visitors of our website and all customers who use our services.

We are committed to protecting your personal data. We process data lawfully, fairly, and transparently. We collect only what we need, keep it only as long as necessary, and never sell it to anyone.

If you have questions about this policy, you can reach us at support@clickguardian.ai or by post at Office One, 1 Coldbath Square, London, EC1R 5HL, United Kingdom.

Information We Collect

The data we collect depends on whether you are a website visitor or a Click Guardian customer. Here is a breakdown of each.

Website Visitors

When you visit clickguardian.ai, we collect limited data to understand how people find and use our website. This includes:

  • Pages visited, time on page, and referral source
  • Browser type, operating system, and device type
  • Anonymised IP address (last octet removed)
  • Information you voluntarily provide via contact forms (name, email, company)

Click Guardian Customers

When you sign up for Click Guardian, we collect additional data required to provide our fraud detection service. This includes:

  • Account details: name, email, company name, billing address
  • Google Ads and/or Microsoft Ads account connection details (via OAuth)
  • Click data from your ad campaigns: IP addresses, device fingerprints, timestamps, user agents, referrer URLs, and click behaviour patterns
  • Payment information (processed securely by Stripe — we never store full card numbers)

Click data is collected from visitors to your website after they click on your ads. This data is used exclusively to identify and block fraudulent clicks.

How We Use Your Data

Website Visitors

  • To understand how visitors use our website and improve our content
  • To respond to enquiries submitted through contact forms
  • To send marketing communications (only with your explicit consent, and you can unsubscribe at any time)

Customers

  • To detect, analyse, and block fraudulent clicks on your ad campaigns
  • To generate fraud reports and dashboard analytics
  • To process your payments and manage your subscription
  • To improve our fraud detection algorithms using anonymised and aggregated click patterns
  • To provide customer support and communicate important service updates

What we never do with your data:

  • Sell your personal data or click data to third parties
  • Use your data for advertising or ad targeting
  • Share individual click data between customers
  • Retain data longer than necessary for the stated purpose

Data Retention

We keep data only for as long as we need it. Here are the specific retention periods for each data type:

Data Type Retention Period
Website analytics data 90 days
Contact form submissions 1 year
Customer account data Duration of account + 1 year after closure
Click fraud detection data 1 year from collection
Payment and billing records 7 years (legal requirement)
Marketing consent records Duration of consent + 1 year after withdrawal

When a retention period expires, data is permanently deleted or fully anonymised so it can no longer be linked to any individual. You can request early deletion at any time (see Your Privacy Rights).

Third-Party Data Sharing

We share your data only with trusted third-party services that are essential to running our business. We never sell data, and every third party we work with is bound by data processing agreements.

Stripe

Payment processing. Stripe handles all credit card data directly. We never see or store your full card number. Stripe Privacy Policy

Google Ads API

Used with your authorisation to manage IP exclusion lists on your Google Ads account for fraud blocking.

Microsoft Ads API

Used with your authorisation to manage IP exclusion lists on your Microsoft Ads account for fraud blocking.

Cloud Infrastructure

We use reputable cloud hosting providers with ISO 27001 certification to store and process data. All data is encrypted at rest and in transit.

Email Service Provider

We use a third-party email service to send transactional and marketing emails. Your email is shared only for the purpose of delivering those messages.

We may also disclose data if required by law, court order, or to protect the rights and safety of Click Guardian, our customers, or the public.

Cookies & Tracking

We use cookies and similar technologies on our website for essential functionality, analytics, and marketing. You can control which cookies you accept through our cookie consent banner.

On customer websites, our fraud detection script uses first-party cookies and local storage to fingerprint devices and track click behaviour. These cookies are essential to providing the fraud detection service and cannot be disabled while using Click Guardian.

For a full breakdown of every cookie we use, how long each lasts, and how to manage your preferences, see our Cookie Policy.

Your Privacy Rights

Depending on where you live, you have specific rights over your personal data. We honour all of these regardless of your location.

You have the right to:

  • Access — Request a copy of all personal data we hold about you (GDPR Art. 15)
  • Rectification — Correct inaccurate personal data (GDPR Art. 16)
  • Erasure — Request deletion of your personal data (GDPR Art. 17)
  • Restriction — Restrict processing of your data in certain circumstances (GDPR Art. 18)
  • Data portability — Receive your data in a structured, machine-readable format (GDPR Art. 20)
  • Object — Object to processing based on legitimate interests or for direct marketing (GDPR Art. 21)
  • Withdraw consent — Withdraw consent at any time where consent is the legal basis for processing

To exercise any of these rights, email us at support@clickguardian.ai. We will respond within 30 days. There is no fee for making a request.

GDPR Compliance

Click Guardian complies with the General Data Protection Regulation (GDPR). Here is how we meet our obligations:

Lawful Basis for Processing

We process data under three lawful bases: consent (marketing emails, non-essential cookies), contract (providing our fraud detection service to customers), and legitimate interest (website analytics, improving our platform, and security).

Data Processing Agreements

We offer Data Processing Agreements (DPAs) to all customers. When Click Guardian processes click data on behalf of a customer, we act as a data processor. Contact us at support@clickguardian.ai to request a DPA.

Data Protection Officer

For any GDPR-related enquiries, contact our data protection team at support@clickguardian.ai.

International Transfers

Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) or adequacy decisions.

Supervisory Authority

You have the right to lodge a complaint with your local data protection authority. In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk.

CCPA Compliance

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) grant you additional rights.

Right to Know

You can request details about the categories and specific pieces of personal information we have collected about you over the past 12 months (CCPA §1798.100).

Right to Delete

You can request that we delete your personal information, subject to certain legal exceptions (CCPA §1798.105).

Right to Opt Out of Sale

We do not sell personal information. Since we never sell your data, there is no need to opt out — but the right is yours regardless (CCPA §1798.120).

Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights. You will receive equal service and pricing regardless of whether you exercise your rights (CCPA §1798.125).

Right to Correct

Under the CPRA, you may request correction of inaccurate personal information we hold about you.

To make a CCPA request, email support@clickguardian.ai with the subject line "CCPA Request". We will verify your identity and respond within 45 days.

Security & Data Protection

Protecting your data is core to what we do. We implement industry-standard and beyond-standard security measures to safeguard your information.

Encryption

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). All connections use HTTPS.

Access Controls

Role-based access, multi-factor authentication for all staff, and principle of least privilege across our systems.

Regular Backups

Automated daily backups with encryption. Backups are stored separately from production systems and tested regularly.

Breach Notification

In the unlikely event of a data breach, we will notify affected users and relevant authorities within 72 hours as required by GDPR.

Contact & Requests

If you have any questions about this privacy policy, want to exercise your rights, or need to report a data concern, here is how to reach us:

Post

Click Guardian, Office One, 1 Coldbath Square, London, EC1R 5HL, United Kingdom

Response Time

We aim to respond to all privacy-related requests within 30 days. Complex requests may take up to 60 days, and we will let you know if that is the case.

You can also visit our Contact page for general enquiries, or review our Terms of Service for additional details about our service agreement.

Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will update the "Last updated" date at the top of this page.

For material changes that significantly affect how we handle your data, we will notify customers by email at least 30 days before the changes take effect. If you continue to use our services after the updated policy becomes effective, you are agreeing to the revised terms.

We recommend reviewing this page periodically. You can always find the latest version at clickguardian.ai/legal/privacy.

Frequently Asked Questions

Does Click Guardian sell my data?

No. Click Guardian does not sell personal data to third parties. We use data only for fraud detection and service improvement.

How long do you keep my data?

Website visitor data is retained for 90 days to 1 year depending on type. Customer click data is retained for 1 year. See our privacy policy for details.

Is Click Guardian GDPR compliant?

Yes. Click Guardian is GDPR compliant with Data Processing Agreements available to customers.

Currently protecting 2,000+ businesses

Ready to stop wasting money on fake clicks?

Join thousands of businesses that save money every month with ClickGuardian. Setup takes less than 5 minutes.

Protect My Ads — Free Trial See How It Works
Dedicated support team 5 minute setup Cancel anytime