Free Data Audit Get Started
LEGAL[SYS::PRIVACY]

Privacy Policy

Last updated: May 19, 2026

Plain-language summary. CleanClicks is a behind-the-scenes analytics tool used by other businesses to measure their advertising. We do not run our own ad targeting and we do not build profiles of you to sell. When you visit a website that uses CleanClicks, we receive a small amount of data the website operator already collects (the click that brought you, a randomly generated identifier, and, when you submit a form, an irreversibly hashed version of your email address) for the sole purpose of helping that operator measure the effectiveness of their advertising. You can opt out at any time using the methods described in Section 9. This summary is provided for convenience; the full policy below is what governs.

1. Introduction

CleanClicks (“we,” “us,” or “our”) operates a first-party conversion tracking infrastructure deployed on a global edge network. This Privacy Policy describes how we collect, use, store, and share information when our technology is installed on a website operated by one of our customers (“Customer Sites”) and when you visit our marketing site at cleanclicks.io.

CleanClicks is operated by CJF & Associates LLC d/b/a ClickPath Consultants, a North Carolina limited liability company.

1.1 Our role under US privacy laws

When CleanClicks processes personal information collected through a Customer Site at the direction of that Customer, CleanClicks acts as a service provider under the California Consumer Privacy Act (Cal. Civ. Code §1798.140(ag)), a processor under the Virginia Consumer Data Protection Act (Va. Code §59.1-575), the Colorado Privacy Act (Colo. Rev. Stat. §6-1-1303), the Connecticut Data Privacy Act (Conn. Gen. Stat. §42-515 et seq.), and the comprehensive privacy statutes of Utah, Oregon, Texas, Florida, Delaware, Iowa, Indiana, Tennessee, New Hampshire, New Jersey, Maryland, Kentucky, Minnesota, Rhode Island, Nebraska, Montana, and any other state with a substantially similar designation now or hereafter in effect. The Customer is the business (CCPA) and the controller (other state laws) for that data and is responsible for determining the purposes and means of processing.

When you submit information directly to us through forms on cleanclicks.io, or when you sign up for a CleanClicks account, we act as the business (CCPA) and controller (other state laws) for that information.

1.2 Data Processing Addendum

Our processing of personal information on behalf of Customers is governed by a written Data Processing Addendum that incorporates the contractual terms required by Cal. Civ. Code §1798.140(ag)(1)(C) and the analogous provisions of other state privacy statutes. The current Data Processing Addendum is available on request from privacy@cleanclicks.io. Customers entering into a CleanClicks subscription are bound by the Data Processing Addendum as a term of service.

1.3 Visitor recourse on Customer Sites

Because the Customer is the business or controller for data collected on its own site, requests to access, correct, delete, port, or restrict the processing of personal information collected on a Customer Site should be directed to the Customer in the first instance. CleanClicks will assist the Customer in fulfilling such requests in accordance with the Data Processing Addendum and applicable law. If you are unsure who operates a site that uses CleanClicks, the privacy policy on that site will identify the operator; you may also contact us at privacy@cleanclicks.io and we will route your request to the Customer.

1.4 No HIPAA covered transactions

CleanClicks is not a “business associate” within the meaning of the Health Insurance Portability and Accountability Act, 45 C.F.R. §160.103, and CleanClicks’s services are not designed to receive, transmit, or maintain protected health information. Customers are contractually prohibited from deploying CleanClicks on web pages that capture or display protected health information without first executing a separate written business associate agreement, which CleanClicks does not offer at this time.

2. Information We Collect

2.1 On Customer Sites (tracking infrastructure)

When you visit a Customer Site that uses CleanClicks, we collect the categories of information described below through a lightweight first-party script served from the Customer’s own subdomain.

Statutory categories. For purposes of Cal. Civ. Code §1798.140(v) and the analogous provisions of other state privacy statutes, the personal information described in this Section 2.1 falls within the following statutory categories:

  • Identifiers — including the random visitor identifier (cc_pid), advertising click identifiers (gclid, fbclid, msclkid, ttclid, tbclid, wbraid, gbraid, li_fat_id, ad_id, um_cl), GA4 client and session identifiers, and the Usermaven anonymous identifier.
  • Internet or other electronic network activity information — pages visited (URL path), referral source, UTM campaign parameters, conversion events, User-Agent string, and inferred bot-or-human classification.
  • Geolocation data (non-precise) — country, region, city, and postal code derived from your IP address at the network edge. CleanClicks does not collect “precise geolocation” as defined by Cal. Civ. Code §1798.140(w) (a location identified within a radius of 1,850 feet or less).
  • Commercial information — conversion events configured by the Customer, including purchase value and currency where applicable.
  • Inferences — bot-or-human classification scores and traffic-quality categorizations.

The hashed email address described below is collected but, as a one-way SHA-256 cryptographic hash that cannot be reversed to the underlying email, is processed under our internal practices as a pseudonymous identifier. We acknowledge that some regulators take the position that hashed email addresses remain “personal information” for purposes of state privacy statutes; we treat the hashed email accordingly and apply the same protections, retention limits, and visitor rights as we would to a non-hashed identifier.

Sources of personal information. We collect this information directly from your interactions with the Customer Site. We do not purchase, license, or otherwise obtain personal information about you from data brokers or other third-party sources.

Sensitive personal information. We do not collect “sensitive personal information” as defined by Cal. Civ. Code §1798.140(ae) (including, without limitation, government identifiers, account log-in credentials, precise geolocation, racial or ethnic origin, religious beliefs, union membership, contents of mail or electronic communications, genetic data, biometric identifiers, health data, or sex-life or sexual-orientation data). Customers are contractually prohibited from configuring CleanClicks to capture sensitive personal information.

Advertising click identifiers. We capture up to 10 click ID parameters from URL query strings when you arrive at a Customer Site from an advertising platform:

  • Google Ads: gclid, wbraid, gbraid
  • Meta (Facebook and Instagram): fbclid
  • TikTok: ttclid, tbclid
  • Microsoft Ads: msclkid
  • Other: ad_id, um_cl (Usermaven)

These identifiers are stored in first-party cookies on the Customer Site’s domain with a maximum lifespan of one year.

Visitor identifier. We generate a random universally unique identifier stored in a first-party cookie named cc_pid with a maximum lifespan of one year. This identifier contains no personally identifiable information and cannot be used to identify you across different websites.

Hashed email address. When you submit a form containing an email address on a Customer Site, the email address is processed as follows:

  1. The email is normalized using industry-standard rules consistent with advertising platform requirements.
  2. A one-way cryptographic hash is computed using the SHA-256 algorithm in your browser, before any data leaves your device.
  3. Only the resulting 64-character hexadecimal hash is transmitted to our servers from your browser.
  4. The raw email address is never transmitted from your browser to our servers, and our browser-facing API endpoints reject any request containing a raw email address (see Section 10 for the technical detail of how raw emails are handled on server-to-server endpoints).

The hashed email is used solely to match conversion events (such as a purchase) back to the advertising click that brought you to the Customer Site, enabling accurate attribution reporting for the Customer.

Device and browser information.

  • User-Agent string. Used for device-type classification and bot detection. Not stored permanently beyond the conversion record’s retention period.
  • IP address. Processed at the network edge for geographic classification (country, region, city, postal code). Geographic data is transmitted to advertising platforms in the format each platform’s official API requires. For platforms whose APIs support hashed location values (such as Meta), city, state or region, postal code, and country are SHA-256 hashed before transmission. For platforms whose APIs require unhashed location values (such as the Google Analytics 4 Measurement Protocol), the location values are transmitted in the format that platform’s specification requires. IP addresses are not retained in long-term storage; they appear in short-lived storage (conversion records and traffic analytics) for no longer than 90 days as described in Section 5.

Inferences and automated decision-making. We classify traffic as human, bot, or suspicious based on the User-Agent, IP, and behavioral signals described above at the network edge. This classification is used solely to suppress non-human events from being reported to the Customer’s advertising platforms. It does not affect your experience on the Customer Site, is not transmitted to advertising platforms about you individually, is not used for advertising targeting, and does not produce legal or similarly significant effects within the meaning of Va. Code §59.1-575 or analogous state statutes.

Browsing activity.

  • Pages visited on the Customer Site (URL path only)
  • Conversion events configured by the Customer (form submissions, purchases, button clicks, page views, DOM element appearances)
  • Referral source (the URL that brought you to the Customer Site)
  • UTM campaign parameters (utm_source, utm_medium, utm_campaign, utm_term, utm_content)

Analytics identifiers.

  • GA4 client identifier (from the _ga cookie, if present)
  • GA4 session identifier
  • Usermaven anonymous identifier

2.2 On cleanclicks.io (marketing site)

Our marketing site uses HubSpot forms for contact and audit requests. Information you voluntarily provide (name, email, company, website URL) is processed by HubSpot under their privacy policy.

We act as the business (CCPA) and controller (other state laws) for personal information you submit to us through forms on cleanclicks.io.

  • Categories. Identifiers (name, business email, company name, website URL), commercial information (your interest in our services), and internet activity information (pages viewed on cleanclicks.io, UTM parameters, referral source).
  • Sources. Directly from you when you complete a form, and from our analytics tools when you browse the marketing site.
  • Purposes. Responding to your inquiry, providing the requested audit, and ongoing sales and marketing communications regarding CleanClicks. You may opt out of marketing communications at any time via the unsubscribe link in any marketing email.
  • Recipients. HubSpot (CRM); Encharge (marketing automation); Stripe (only if you proceed to a paid subscription); Resend (transactional email delivery); and our infrastructure providers. We do not sell or share this information for cross-context behavioral advertising.
  • Retention. Marketing leads are retained for 24 months from your last engagement with us, after which they are deleted unless you have become a paying customer. Paying customer records are retained for the duration of the subscription plus 7 years for tax and accounting purposes. Retention is enforced by an automated workflow that deletes leads meeting these criteria on a recurring basis.

2.3 GA4 OAuth access (audit tool)

If you sign up for a CleanClicks audit on cleanclicks.io and grant CleanClicks permission to access your Google Analytics 4 property, we use Google OAuth to read traffic and configuration data from your property for the purpose of comparing what GA4 reports to you against what your first-party tracking captures. This is the basis of the GA4 Reality Check feature on your audit dashboard.

What we access. When you click “Connect Google Analytics” during an audit, you are taken to Google’s consent screen and asked to grant CleanClicks the following scopes:

Scope What it permits Why we request it
https://www.googleapis.com/auth/analytics.readonly Read sessions, conversions, channel data, and property configuration Power the audit comparison and the GA4 Reality Check report
https://www.googleapis.com/auth/analytics.edit Create a Measurement Protocol secret on the property you select Allow server-side first-party tracking to write conversion events into your existing GA4 property only if you later become a paying customer and choose this mode

We do not request user-management access (analytics.manage.users) or any ads-targeting scope. We never modify your reports, audiences, conversion goals, custom dimensions, or any other configuration on your property except to create the Measurement Protocol secret described above, and that creation only happens at your explicit request inside the CleanClicks dashboard.

Google API Services Limited Use. CleanClicks’s use and transfer to any other application of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, CleanClicks:

  • uses information received from Google APIs solely to provide and improve the GA4 Reality Check feature, the optional Measurement Protocol delivery feature, and related user-facing functionality;
  • does not transfer information received from Google APIs to others except as necessary to provide or improve those user-facing features, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to affected users;
  • does not use or transfer information received from Google APIs for serving advertisements, including retargeted, personalized, or interest-based advertising;
  • does not allow humans to read information received from Google APIs unless we have your affirmative agreement to view specific data, the access is necessary for security purposes (such as investigating abuse), the access is required to comply with applicable law, or the data is aggregated and used for internal operations in accordance with applicable privacy and other jurisdictional legal requirements; and
  • does not use information received from Google APIs to develop, improve, or train generalized or non-personalized AI or machine-learning models.

What we read. Aggregate metrics only: session counts, conversion counts, channel groupings, and property metadata (account name, property ID, time zone, currency). We do not read individual user records, hit-level event data, audiences, or user IDs.

How we store the access. We exchange the authorization code Google returns for a long-lived refresh token. That refresh token is encrypted at rest using AES-256-GCM with a per-account key derived via HKDF, and stored in our customer-state database. Short-lived access tokens (1-hour validity) are fetched as needed and never persisted. The HKDF input key material is held in a Cloudflare Workers Secret bound only to the cc-saas Worker, with rotation procedures documented in our internal security operations playbook. Database backups containing encrypted refresh tokens cannot be decrypted without access to the Worker Secret.

Effect of revocation. When you revoke CleanClicks’s access (Section 9.4), the encrypted refresh token is deleted from our database and revoked with Google in the same operation. Aggregate comparison reports we generated during your audit are retained as part of your audit history; you may request deletion of those reports as described in Section 9.

3. How We Use Information

Information collected through Customer Sites is used exclusively for the following purposes:

  • Conversion attribution. Matching conversion events to the advertising click or campaign that generated the visit.
  • Server-side delivery. Transmitting conversion data to advertising and analytics platforms via their official server-side APIs on behalf of the Customer.
  • Bot filtering. Identifying and excluding non-human traffic using proprietary bot detection, configurable filtering rules, and network-level traffic scoring.
  • Deduplication. Preventing the same conversion from being counted multiple times.
  • Traffic quality analysis. Providing Customers with aggregate visibility into their traffic composition (human vs. bot vs. suspicious).
  • Privacy compliance. Detecting and honoring Global Privacy Control signals and managing platform-specific privacy flags.

Use restrictions. We do not (a) sell personal information for monetary or other valuable consideration; (b) share personal information for cross-context behavioral advertising; (c) use personal information collected on a Customer Site for our own marketing or advertising purposes; (d) use personal information to make decisions that produce legal or similarly significant effects concerning you; or (e) use personal information collected on a Customer Site to train, develop, or improve generalized or non-personalized artificial intelligence or machine-learning models.

4. Third-Party Data Sharing

When a conversion event occurs on a Customer Site, we transmit conversion data to the advertising and analytics platforms configured by the Customer via each platform’s official server-side API. The platforms and data transmitted are:

Platform Data transmitted
Google Ads (Click Conversions API) Click identifier (gclid, wbraid, or gbraid); hashed email; conversion action resource name; conversion value; currency code; conversion timestamp; order ID (when present)
Meta (Conversions API) Hashed email; IP address (unhashed, required by Meta’s Conversions API specification); User-Agent (unhashed, required by Meta’s Conversions API specification); Facebook click cookie (fbc, derived from fbclid); pseudonymous external identifier (populated from the CleanClicks visitor ID cc_pid); hashed city, state or region, postal code, and country; event name; event timestamp; event ID; event source URL; commercial information (value, currency, order ID, line items)
TikTok (Events API) Hashed email; IP address (unhashed, required by TikTok’s Events API specification); User-Agent (unhashed, required by TikTok’s Events API specification); ttclid (click identifier); hashed external identifier (hashed cc_pid); event name; event timestamp; event ID; commercial information (value, currency, order ID, line items)
Microsoft Ads (Offline Conversions API) msclkid (click identifier); hashed email; conversion name; conversion time; conversion value; currency code; pseudonymous external attribution identifier (populated from cc_pid)
Google Analytics 4 (Measurement Protocol — server-side event delivery) GA4 client identifier (or, when not present, the CleanClicks visitor ID cc_pid as fallback); GA4 session identifier; user ID (when set by the Customer); event name and parameters (value, currency, transaction ID, page URL, page title, page referrer, line items, session ID, engagement time); user_location (country, region, city — transmitted unhashed per the Google Analytics 4 Measurement Protocol specification); event timestamp
Usermaven (Server-to-Server API) Hashed email (used as user.id); Usermaven anonymous identifier; event type; commercial information (value, currency, order ID, line items with product metadata); page URL, page path, page title, document host; IP address (unhashed); User-Agent; language; UTM attribution (utm_source, utm_medium, utm_campaign, utm_term, utm_content, referrer)
Google Analytics 4 (Admin / Data API — audit accounts only, on OAuth grant) Account ID; property ID; aggregate session and conversion counts; channel groupings; property configuration metadata. No visitor personal data is transmitted to Google through this access path — see Section 2.3.

Categories of third parties. For purposes of Cal. Civ. Code §1798.110 and analogous provisions of other state privacy statutes, the categories of third parties to whom we disclose personal information are: (a) advertising platforms (Google, Meta, TikTok, Microsoft) at the direction of the Customer for attribution and measurement; (b) analytics platforms (Google Analytics 4, Usermaven, Plerdy) at the direction of the Customer for measurement; (c) infrastructure providers (Cloudflare for compute, storage, and edge network; Stripe for payment processing on cleanclicks.io); (d) communications and CRM providers (HubSpot, Encharge, Resend) for marketing-site interactions only; and (e) legal, accounting, and professional advisors as necessary, and government or law-enforcement entities where required by law. We do not disclose personal information to data brokers or to any third party for cross-context behavioral advertising.

Privacy flags applied to opted-out visitors. When a visitor has opted out (via a Global Privacy Control signal or a cookie-based opt-out), the following platform-specific restrictions are applied:

  • Meta. Limited Data Use flag is set; Meta processes the conversion under restricted terms and cannot use it for ad targeting or profiling.
  • TikTok. limited_data_use flag is set.
  • Google. Consent Mode v2 defaults are set to deny ad_storage, ad_user_data, and ad_personalization; Google processes conversions through privacy-preserving browser signals.

For Customers who have granted OAuth access to their Google Analytics 4 property (Section 2.3), our communication with the GA4 Admin and Data APIs is performed server-side under the access token issued to the Customer’s account. Google’s own privacy policy and Workspace data processing terms govern that communication.

No sale or share for cross-context behavioral advertising. For purposes of Cal. Civ. Code §1798.140(ad) (sale) and §1798.140(ah) (share), CleanClicks does not “sell” or “share” personal information. Transmissions to advertising and analytics platforms occur solely at the direction of the Customer (the business or controller) and pursuant to written contracts that meet the service-provider or processor standards of Cal. Civ. Code §1798.140(ag) and the analogous provisions of other state statutes. To the extent that the act of transmitting hashed identifiers or click data to an advertising platform could be deemed a “share” for cross-context behavioral advertising under any state privacy statute, you may opt out of such sharing using the methods described in Section 9.

5. Data Storage and Retention

All server-side data is stored in encrypted, globally distributed edge storage. Visitor-collected data is automatically and permanently deleted upon expiration of the following retention periods:

Data category Retention period
Conversion records (identifiers, internet activity, commercial information) 90 days
Email-to-click-ID mappings (hashed identifiers) 90 days
Visitor identity records (identifiers, internet activity) 30 days
Audit logs (security and access logs; identifiers, internet activity) 180 days
Deduplication records (identifiers) 24 hours
First-party cookies (browser-side; identifiers) Up to 1 year
Encrypted GA4 OAuth refresh tokens — paid customers (identifiers) Held while the subscription is active. Removed on subscription cancellation as part of the 90-day account data purge described below.
Encrypted GA4 OAuth refresh tokens — audit accounts that never convert (identifiers) Auto-revoked and deleted by a scheduled daily job 30 days after the audit signup date if no paid subscription has started.
Marketing-site lead records (HubSpot; identifiers, commercial information) 24 months from last engagement, enforced by automated workflow
Paying-customer billing and account records (Stripe + cc-saas; identifiers, commercial information) Term of subscription plus 7 years (tax and accounting recordkeeping)

Customer-configured data. Allowlist configurations, encrypted OAuth credentials, and account metadata persist for the duration of the active subscription. Upon cancellation, all such data is scheduled for deletion by the 90-day post-cancellation purge described below.

90-day post-cancellation purge. When a paying customer cancels their subscription, all account-scoped data will be permanently deleted on or before the 91st day following cancellation. This includes encrypted OAuth refresh tokens, domain registrations, audit logs, and associated configuration. The 90-day window is intended to allow the customer to request data export and will be enforced by an automated purge process. The post-cancellation purge applies to all account-scoped data regardless of its individual retention period above. For example, audit log rows tied to a cancelled account are removed within the 90-day window even though their normal-operation retention is 180 days.

Statutory criteria for retention. Each retention period above is set to the shortest period reasonably necessary to fulfill the disclosed purpose, consistent with Cal. Civ. Code §1798.100(a)(3) and 11 CCR §7002(d). The 90-day conversion-record retention reflects the typical advertising-platform attribution window plus a buffer for late-arriving conversions and reconciliation. The 30-day visitor-identity retention reflects the typical session-stitching window. Tax and accounting record retention reflects IRS guidance and applicable state recordkeeping rules.

6. International Data Transfers

CleanClicks processes data on a globally distributed edge network. This means your data may be processed in the country where you are located, in the United States, or in any other country where our infrastructure provider operates. For transfers of personal data from the European Economic Area, the United Kingdom, or Switzerland, we rely on the data processing agreements and Standard Contractual Clauses maintained by our infrastructure provider. Customers (as data controllers) are responsible for ensuring that an appropriate transfer mechanism is in place for data originating from their users.

If you are located in the European Economic Area, the United Kingdom, or Switzerland, please be aware that CleanClicks is operated from the United States and is not actively marketed to European data subjects. Personal data submitted through forms on cleanclicks.io is transferred to and processed in the United States. The transfer mechanism for this processing is the Standard Contractual Clauses maintained by our infrastructure provider (Cloudflare, Inc.). If you are an EEA, UK, or Swiss resident, we recommend that you contact CleanClicks directly at privacy@cleanclicks.io rather than submit information through our marketing-site forms. With respect to data we process as a service provider on behalf of our Customers, EEA, UK, and Swiss data subject rights should be exercised against the Customer in the first instance; CleanClicks will assist as required by our Data Processing Addendum.

7. Cookies

CleanClicks sets the following first-party cookies on Customer Site domains:

Cookie name Purpose Duration
cc_pid Random visitor identifier (UUID). Contains no personal information. 1 year
cc_click_ids Stores advertising click identifiers captured from the URL on arrival. Up to 1 year
cc_attribution Stores attribution data needed to match conversions to the originating click. Up to 1 year
cc_session_id Session-scoped identifier for stitching events within a single browsing session. Session
cc_sid Session continuity identifier for GA4 attribution. HttpOnly cookie set on the CleanClicks tracking subdomain (cleanclicks.{customer-site}). Used to stitch GA4 sessions when third-party cookies are blocked or expire mid-session. Set only when the Customer has enabled the GA4 Session Recovery feature. 30 minutes (sliding)
cc_ss_optout Records your opt-out preference for the sale or sharing of personal information. 1 year

A hashed email identifier may also be stored in browser session storage for conversion matching during your visit. CleanClicks does not use third-party cookies, does not perform cookie syncing, and does not track visitors across different websites.

Cookie classification. The cc_pid, cc_click_ids, cc_attribution, cc_session_id, and cc_sid first-party storage items are classified as functional (or strictly necessary) under common cookie taxonomy because they are required for CleanClicks’s first-party attribution and session-continuity features to operate and for the visitor’s opt-out preference to be honored on subsequent visits. The cc_ss_optout cookie is classified as strictly necessary because it records and enforces your opt-out preference and operates regardless of consent state. CleanClicks does not set any cookies in the statistics, marketing, or preferences categories on Customer Sites.

8. Global Privacy Control and Universal Opt-Out

CleanClicks detects and honors the Global Privacy Control signal as defined by the Global Privacy Control specification. When a Global Privacy Control signal is detected:

  • We treat it as a valid opt-out request under the California Consumer Privacy Act, Cal. Civ. Code §1798.135.
  • Platform-specific privacy flags are applied to all downstream data transmissions (see Section 4).
  • Google Consent Mode v2 defaults are set to deny ad storage, ad user data, and ad personalization.

Global Privacy Control is detected automatically at both the browser and server level.

Universal opt-out mechanisms. In addition to Global Privacy Control, CleanClicks honors any universal opt-out mechanism that is recognized by the California Privacy Protection Agency (11 CCR §7025), the Colorado Department of Law (4 CCR 904-3, Rule 5), the Connecticut Attorney General, or the equivalent regulator in any state in which a universal opt-out mechanism is required. As of the effective date of this policy, Global Privacy Control is the only such mechanism in widespread browser-side deployment.

Do Not Track. Some browsers transmit a “Do Not Track” signal. There is no industry or legal consensus on what websites must do in response. CleanClicks does not respond to Do Not Track signals at this time, but, as described above, we do honor the more current Global Privacy Control signal.

9. Your Rights

9.1 All visitors

You may opt out of CleanClicks tracking on any Customer Site by:

  • Enabling Global Privacy Control in your browser
  • Visiting the /__cc/privacy page on the Customer Site’s tracking subdomain and clicking the opt-out button
  • Clearing your browser’s cookies for the Customer Site domain

9.2 California residents (CCPA / CPRA)

Under the California Consumer Privacy Act and California Privacy Rights Act, California residents have the right to:

  • Know what personal information is collected, used, and shared
  • Delete personal information held about them
  • Opt out of the sale or sharing of personal information
  • Non-discrimination for exercising privacy rights
  • Correct inaccurate personal information
  • Limit use of sensitive personal information

How to submit a request. California residents may submit a request to know, delete, correct, or opt out by:

  1. Emailing privacy@cleanclicks.io with “California Privacy Request” in the subject line; or
  2. Completing the web form at cleanclicks.io/privacy/request.

We will acknowledge receipt within 10 business days and will respond substantively within 45 days, with one 45-day extension permitted as authorized by Cal. Civ. Code §1798.130(a)(2).

Identity verification. To protect your information from unauthorized access, we will verify your identity before fulfilling a request to know, delete, or correct. For most requests, we verify by matching the information you provide in the request (such as the email address you submitted to a Customer Site) against the records we hold. For sensitive or high-risk requests, we may require additional information or, where you have an account on cleanclicks.io, may require that the request be submitted from the authenticated account.

Authorized agents. You may designate an authorized agent to submit a request on your behalf. To verify the agent’s authority, we require (a) a written authorization signed by you, or (b) a valid power of attorney. We may also require you to verify your own identity directly with us before we act on the agent’s request, except where you have provided the agent with a power of attorney pursuant to California Probate Code §§4000 to 4465.

Non-retaliation. We will not deny goods or services, charge a different price, provide a different level of service, or suggest that we will do any of these things because you exercised a privacy right.

Do Not Sell or Share / Limit Use of Sensitive Personal Information. To opt out of the sale or sharing of your personal information, follow the methods in Section 9.1, submit a request through the methods above, or use the link titled “Do Not Sell or Share My Personal Information” in the footer of cleanclicks.io and on the privacy page of any Customer Site. CleanClicks does not collect sensitive personal information for the purpose of inferring characteristics about you, so the right to limit the use of sensitive personal information does not currently apply; if our practices change, this section will be updated and an opt-out link will be provided.

9.3 Other US state residents

If you are a resident of Virginia, Colorado, Connecticut, Texas, Oregon, Montana, Utah, Delaware, Iowa, Indiana, Tennessee, New Hampshire, New Jersey, Maryland, Kentucky, Minnesota, Rhode Island, or Nebraska, you have the following rights with respect to personal information that CleanClicks processes about you. (For personal information that CleanClicks processes solely as a service provider or processor on behalf of a Customer, please contact the Customer.)

  • Right to confirm whether we are processing your personal information and to access that information
  • Right to correct inaccurate personal information
  • Right to delete personal information we have collected from you (subject to statutory exceptions)
  • Right to data portability — to receive a copy of your personal information in a portable, readable format
  • Right to opt out of (a) the sale of personal information for monetary or other valuable consideration, (b) targeted advertising, and (c) profiling in furtherance of decisions producing legal or similarly significant effects

To exercise these rights, contact us using the methods in Section 9.2.

Right to appeal. If we deny your request, you may appeal our decision by replying to our denial within 60 days, or by emailing appeals@cleanclicks.io with the original request reference. We will respond to the appeal in writing within 60 days. If we deny the appeal, you may contact your state Attorney General to submit a complaint.

We will not retaliate against you for exercising any of these rights.

9.4 GA4 OAuth revocation

If you connected your Google Analytics 4 property to a CleanClicks audit, you can revoke our access at any time by either:

  • Inside CleanClicks. Sign in at platform.cleanclicks.io and use the Disconnect button on the Connections page. This deletes the encrypted refresh token from our database and revokes the token with Google in the same operation.
  • From your Google Account. Visit https://myaccount.google.com/permissions, find CleanClicks in the list, and click Remove access. Google’s revocation takes effect immediately.

Revoking access does not delete the comparison data we already produced during your audit. To request deletion of that data, contact us at the address in Section 13.

9.5 Additional state-specific notices

California Shine the Light (Cal. Civ. Code §1798.83). California residents may request information about our disclosures of personal information to third parties for those third parties’ direct-marketing purposes. We do not disclose personal information to third parties for their own direct-marketing purposes.

Nevada (NRS 603A.340). Nevada residents have the right to direct CleanClicks not to sell certain “covered information” for monetary consideration. CleanClicks does not sell covered information as defined by Nevada law. To submit a verified request, contact us at the address in Section 13.

10. Data Security

  • Infrastructure. CleanClicks runs on serverless edge infrastructure with no origin servers, virtual machines, or traditional hosting to compromise.
  • Encryption in transit. All data is transmitted over TLS 1.2 or higher. The tracking script is served from the Customer’s own subdomain via HTTPS.
  • Encryption at rest. All stored data is encrypted at rest.
  • PII handling. Browser-facing endpoints (/__cc/conv, /__cc/identify) reject any request containing a raw email address; only SHA-256 hashed representations are accepted from browsers. Server-to-server endpoints (/__cc/inbound, Shopify webhook, WooCommerce webhook) accept raw email addresses transmitted over TLS from authenticated Customer-side servers and hash them via SHA-256 immediately upon receipt, before any persistence or logging occurs. Raw email values are not written to persistent storage, are not retained in application logs, and are not transmitted to third parties; only the SHA-256 hash is retained or onward-transmitted.
  • API authentication. All administrative and webhook endpoints use secure authentication mechanisms.
  • Automatic deletion of visitor-collected data. Conversion records, hashed email-to-click-ID mappings, visitor identity records, audit logs, and deduplication records expire automatically per the retention periods in Section 5. Expiration is enforced by the storage infrastructure’s native time-to-live mechanism and cannot be extended without a code change.
  • Customer-configured data. Allowlist configurations, encrypted OAuth credentials, and account metadata persist for the duration of the active subscription. Upon cancellation, all such data is scheduled for deletion by the 90-day post-cancellation purge described in Section 5.

Security incident notification. In the event of a security incident affecting personal information, CleanClicks will (a) notify affected Customers without unreasonable delay and in no event later than is required to allow the Customer to comply with its own legal notification obligations, (b) cooperate with the Customer’s investigation and notification efforts, and (c) where CleanClicks is itself the business or controller (for example, with respect to cleanclicks.io marketing-site data), notify affected individuals and applicable regulators in accordance with the breach-notification statutes of all applicable jurisdictions, including, where applicable, the California Customer Records Act (Cal. Civ. Code §1798.82) and the North Carolina Identity Theft Protection Act (N.C. Gen. Stat. §75-65).

No representation of perfect security. No security program can guarantee that personal information will never be accessed, used, or disclosed in an unauthorized manner. CleanClicks maintains the security program described above as commercially reasonable for a service of its type and risk profile, but does not warrant that the program will prevent all possible incidents.

11. Children’s Privacy

CleanClicks’s services are not directed to children. CleanClicks does not knowingly collect personal information from children under the age of 13 within the meaning of the Children’s Online Privacy Protection Act (“COPPA”), 15 U.S.C. §6501 et seq., and the implementing regulations at 16 C.F.R. Part 312. Customers are contractually prohibited from deploying CleanClicks on web pages directed to children under 13.

With respect to California residents between the ages of 13 and 15, CleanClicks does not “sell” or “share” personal information for cross-context behavioral advertising and accordingly the opt-in consent requirement of Cal. Civ. Code §1798.120(c) does not apply. If our practices change, an age-appropriate opt-in mechanism will be implemented before any such sale or share occurs.

Parents or guardians who believe a child under 13 has provided personal information through a Customer Site or through cleanclicks.io may contact us at the address in Section 13 to request deletion. We will respond to verified parental requests promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with a revised “Last updated” date.

We will provide additional notice of material changes by (a) email to the address associated with your CleanClicks account, if you have one, and (b) a prominent notice on cleanclicks.io for at least 30 days following the change. Your continued use of any Customer Site or of cleanclicks.io after a change becomes effective constitutes your acknowledgment of the updated policy. Prior versions of this policy are archived and available on request to privacy@cleanclicks.io.

13. Contact

For privacy inquiries, data subject requests, or questions about this policy:

CleanClicks Operated by CJF & Associates LLC d/b/a ClickPath Consultants Email: privacy@cleanclicks.io Web form: cleanclicks.io/privacy/request Appeals (state-DSAR denials): appeals@cleanclicks.io 4030 Wake Forest Rd, Ste 349 Raleigh, North Carolina 27609 United States

14. Miscellaneous

Governing law and venue. This Privacy Policy and any dispute arising out of or relating to it are governed by the laws of the State of North Carolina, without regard to its conflict-of-laws principles. The exclusive venue for any such dispute is the state and federal courts located in Wake County, North Carolina, except where the law of the consumer’s state of residence requires otherwise (in which case the law and venue of the consumer’s state of residence will apply to the extent required).

Severability. If any provision of this Privacy Policy is held to be invalid or unenforceable, the remaining provisions will continue in full force and effect.

No waiver. Our failure to enforce any provision of this Privacy Policy is not a waiver of that provision or of our right to enforce it later.

Relationship to other agreements. This Privacy Policy supplements, and does not supersede, any other written agreement between CleanClicks and a Customer or other counterparty. In the event of conflict between this Privacy Policy and a written Data Processing Addendum or Master Services Agreement signed by both parties, the signed agreement controls.

Accessibility. This Privacy Policy is available in alternative formats on request to accommodate visual or other impairments. Contact privacy@cleanclicks.io.