CCPA Notice at Collection & Privacy Rights

1. Who This Notice Applies To

This notice is provided pursuant to the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, “CCPA”), Cal. Civ. Code §§ 1798.100 et seq. It applies to California residents (“consumers”) whose personal information is collected or processed by CleanClicks technology, whether as visitors to cleanclicks.io or as visitors to websites operated by CleanClicks customers (“Customer Sites”).

CleanClicks, operated by CJF & Associates LLC d/b/a ClickPath Consultants, is located at Raleigh, North Carolina. Where CleanClicks acts as a service provider (data processor) on behalf of a Customer, this notice supplements the Customer’s own CCPA disclosures.

2. Categories of Personal Information Collected

The following table identifies the categories of personal information CleanClicks collects, the sources, the business purposes, and whether each category is sold or shared as those terms are defined under CCPA.

CCPA Category	Specific Data Elements	Source	Business Purpose	Sold or Shared?
Identifiers (§1798.140(v)(1)(A))	Random visitor UUID (cc_pid cookie); SHA-256 hashed email address; advertising click identifiers (gclid, fbclid, ttclid, li_fat_id, msclkid, wbraid, gbraid, tbclid, ad_id, um_cl)	Automatically collected from browser; email hash derived from form submissions	Conversion attribution; deduplication; server-side delivery to ad platforms	Not sold. Shared with advertising platforms at Customer’s direction for cross-context behavioral advertising measurement.
Internet or electronic network activity (§1798.140(v)(1)(F))	Pages visited (URL path); conversion events; referral URL; UTM parameters; user-agent string	Automatically collected from browser	Conversion attribution; bot detection; traffic quality analysis	Not sold. Conversion events shared with ad platforms at Customer’s direction.
Geolocation data (§1798.140(v)(1)(G))	Country, region/state, city, postal code (derived from IP address at the network edge; IP address itself is not stored)	Derived from IP address at the network edge	Geographic traffic filtering; ad platform compliance fields (hashed before transmission to Meta)	Not sold. Hashed geo data shared with Meta CAPI at Customer’s direction.
Inferences (§1798.140(v)(1)(K))	Bot classification (human, known_bot, google_bot, suspicious); device type (desktop, mobile, tablet)	Derived from user-agent analysis and network-level bot scoring	Traffic quality filtering; excluding non-human conversions	Not sold or shared.

3. “Sale” and “Sharing” Under CCPA

CleanClicks does not sell personal information as defined by CCPA (Cal. Civ. Code § 1798.140(ad)). We do not receive monetary or other valuable consideration in exchange for personal information.

CleanClicks shares personal information (as defined by CCPA § 1798.140(ah)) with third-party advertising platforms for the purpose of cross-context behavioral advertising measurement. This sharing occurs solely at the direction of our Customers and only with the specific advertising platforms each Customer has configured. The shared data consists of:

• Advertising click identifiers (matching a conversion event to the ad click that generated it)
• SHA-256 hashed email addresses (for enhanced conversion matching)
• Conversion event data (event name, value, timestamp)
• Hashed geographic data (to Meta only, for matching purposes)

4. Right to Opt Out of Sharing

You have the right to opt out of the sharing of your personal information for cross-context behavioral advertising. CleanClicks provides the following opt-out mechanisms:

4.1 Global Privacy Control (GPC)

CleanClicks recognizes and honors the Global Privacy Control signal as a valid opt-out request under Cal. Civ. Code § 1798.135(b)(1). When your browser sends a GPC signal, CleanClicks automatically:

• Sets the Meta Limited Data Use (LDU) flag on all Meta CAPI transmissions
• Sets the TikTok limited_data_use flag
• Configures Google Consent Mode v2 to deny ad_storage, ad_user_data, and ad_personalization

No action is required beyond enabling GPC in your browser. The opt-out is applied in real time, before any data is transmitted to advertising platforms.

4.2 Cookie-Based Opt-Out

On any Customer Site using CleanClicks, you may visit the privacy choices page at /__cc/privacy on the Customer’s tracking subdomain and click the opt-out button. This sets a first-party opt-out cookie that persists for one year and applies the same platform-specific restrictions described above.

5. Right to Know

You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you. Because CleanClicks identifies visitors using pseudonymous identifiers (a randomly generated UUID and hashed email addresses), we may require you to provide sufficient information to verify your identity and locate your records.

To submit a request to know, email privacy@cleanclicks.io with the subject line “CCPA Right to Know.” We will respond within 45 days, as required by law. If reasonably necessary, we may extend this period by an additional 45 days, in which case we will notify you of the extension and the reason for it.

6. Right to Delete

You have the right to request deletion of your personal information. Because all CleanClicks data is stored with automatic expiration, data is deleted automatically according to the following schedule:

• Conversion records: 90 days
• Hashed email-to-click-ID mappings: 90 days
• Visitor identity records: 30 days
• Audit logs: 180 days
• Deduplication records: 24 hours

If you require deletion before the automatic expiration, email privacy@cleanclicks.io with the subject line “CCPA Deletion Request.” We will process your request within 45 days. If reasonably necessary, we may extend this period by an additional 45 days with notice to you.

Note: Deletion of data already transmitted to third-party advertising platforms must be requested directly from those platforms under their respective privacy policies.

7. Right to Correct

You have the right to request correction of inaccurate personal information. Given the nature of the data we collect (pseudonymous identifiers, hashed values, and automatically captured browsing data), correction requests are unlikely to be applicable. If you believe we hold inaccurate information, contact us at privacy@cleanclicks.io.

8. Right to Non-Discrimination

CleanClicks will not discriminate against you for exercising your CCPA rights. We will not:

• Deny you access to the Service
• Charge you different prices or rates
• Provide you with a different level or quality of service
• Suggest that you will receive a different level of service

9. Sensitive Personal Information

CleanClicks does not collect sensitive personal information as defined by CCPA § 1798.140(ae). We do not collect social security numbers, driver’s license numbers, financial account information (beyond what Stripe processes for billing), precise geolocation, racial or ethnic origin, religious beliefs, biometric data, health information, sexual orientation, or contents of communications.

10. Retention

Personal information is retained only as long as necessary for the business purposes described in Section 2, subject to the automatic TTL-based deletion schedule. All retention periods are enforced by the storage infrastructure and cannot be overridden. See our Privacy Policy, Section 5, for the complete retention schedule.

11. Authorized Agents

You may designate an authorized agent to submit CCPA requests on your behalf. The authorized agent must provide written authorization signed by you. We may also require you to verify your identity directly before processing the request. Submit authorized agent requests to privacy@cleanclicks.io.

12. Minors

CleanClicks does not have actual knowledge that it collects or shares the personal information of consumers under the age of 16. CleanClicks does not sell personal information of any consumer, including minors.

13. Financial Incentive Programs

CleanClicks does not offer financial incentive programs related to the collection, sale, or deletion of personal information.

14. Metrics (Prior Calendar Year)

As required by CCPA regulations (Cal. Code Regs. tit. 11, § 7102), CleanClicks will publish annual metrics regarding consumer rights requests. Metrics for the most recent calendar year will be published by April 1 of the following year.

No requests were received in the prior calendar year (CleanClicks launched in 2026).

15. Contact

To exercise your California privacy rights or ask questions about this notice:

CleanClicks
Operated by CJF & Associates LLC d/b/a ClickPath Consultants
Email: privacy@cleanclicks.io
4030 Wake Forest Rd, Ste 349
Raleigh, North Carolina 27609, United States

You may also contact the California Attorney General’s office at oag.ca.gov/privacy if you believe your rights have been violated.