Terms of Service

1. Introduction

Welcome to ClickFreak.

This Privacy Policy explains how ClickFreak Technologies Inc. ("ClickFreak," "we," "us," or "our") collects, uses, discloses, stores, and protects personal information when you visit our website, use our software, or interact with our services. We are committed to maintaining the highest standards of privacy, transparency, and data protection.

ClickFreak is a PPC performance tracking and optimization platform designed for advertisers and marketing agencies. Our tools help users analyze ad account performance, generate insights, receive automated alerts, and manage optional modules such as lead qualification and offline conversion uploads.

This Privacy Policy applies to:

• our website at clickfreak.ai and any related subdomains
  
• our web application and dashboard
  
• our integrations with advertising platforms and APIs
  
• any additional features, modules, or services we provide
  
  

ClickFreak Technologies Inc. is legally incorporated in the Province of Alberta, Canada. We provide services to users globally, and personal information may be processed in any country where we or our trusted service providers operate.

‍

Definitions

To help you better understand this Privacy Policy, here are some key terms:

• “Service” or “Services” refers to the ClickFreak website, application, platform, modules, analytics tools, integrations, and all related offerings we provide.
  
  
• “User” refers to any individual accessing or using the Services, including account owners, administrators, employees, and authorized representatives.
  
  
• “Client” refers to any business, agency, or individual who creates an account with ClickFreak to manage advertising data or use our tools for their own purposes or on behalf of their clients.
  
  
• “Lead Data” refers to consumer information optionally uploaded or processed through ClickFreak’s Leads or offline conversion modules, such as first name, last name, email, phone number, postal code, country, and conversion value.
  
  
• “Personal Information” means any information that identifies, relates to, describes, or can reasonably be linked with an identifiable individual, whether provided by Users or collected automatically during service usage.
  
  

Please read this Privacy Policy carefully. By accessing or using the Services, you acknowledge that you have read, understood, and agreed to the practices described.

‍

2. Who We Are

ClickFreak is operated by ClickFreak Technologies Inc., a corporation legally incorporated in the Province of Alberta, Canada. We develop and maintain advanced PPC performance tracking and optimization tools for advertisers and marketing agencies worldwide.

‍

Legal Entity Information

ClickFreak Technologies Inc.
Alberta, Canada

‍

Contact Information

If you have general questions about our Services, business operations, or support inquiries, you may contact us at:

Email: support@clickfreak.ai
Website: https://clickfreak.ai

‍

Privacy Contact Email

For privacy-related requests, including questions about this Privacy Policy, exercising your data rights, or requesting deletion/export of personal information:

Privacy Email: privacy@clickfreak.ai

‍

Data Protection Officer

We may appoint a Data Protection Officer (DPO) as our operations expand globally. Until then, privacy-related communications should be directed to our dedicated privacy email address listed above.

‍

3. Roles: Controller vs Processor

ClickFreak processes different types of data in different capacities. To provide full transparency, this section explains when we act as a Data Controller and when we act as a Data Processor under applicable privacy laws, including GDPR, PIPEDA, and CCPA.

‍

3.1. When We Act as a Data Controller

We act as a Data Controller when we determine the purposes and means of processing personal information. This includes personal information we collect directly from Users or through their use of the Service. As a Controller, ClickFreak is responsible for ensuring such data is handled in accordance with this Privacy Policy and applicable regulations.

We act as Controller for the following types of data:

• User account information
  (name, email, phone, company name, login credentials, account preferences)
  
  
• Usage data
  (IP address, device identifiers, browser type, pages visited, session duration, interactions with the Service)
  
  
• Billing and payment-related information
  (subscription status, plan details, billing history; note that full payment card details are handled by our payment processor)
  
  
• Website analytics and cookies
  
  
• Marketing and communication data
  (opt-in status, engagement with email communications, support messages)

‍

3.2. When We Act as a Data Processor

We act as a Data Processor when we process personal information solely on behalf of a Client, following their instructions and for their specified purposes. In these cases, the Client is the Data Controller.

We act as Processor for:

• Google Ads account data imported via API connections
  (performance metrics, campaign data, keywords, conversions, budgets, configuration data, and any other information permitted by OAuth scopes)
  
  
• Lead Data processed through our optional Leads or offline conversion modules, including:
  
  • first name
    
  • last name
    
  • email
    
  • phone number
    
  • postal code
    
  • country
    
  • conversion value
    
  • any optional fields the Client chooses to provide
    
    
• Any data processed on behalf of advertisers or marketing agencies for the purpose of PPC analysis, optimization, reporting, or account management
  
  

As a Processor, ClickFreak does not use Lead Data or advertising account data for any purpose other than delivering the Services our Clients request.

‍

3.3. Client Responsibilities as Controller

When using ClickFreak to process personal information belonging to their customers, leads, or end-users, Clients agree and acknowledge that:

• they are the Data Controller for such information;
  
  
• they are solely responsible for ensuring they have a valid legal basis (such as consent, legitimate interest, or contract) to share that data with ClickFreak;
  
  
• they will comply with all applicable privacy laws in their jurisdiction and the jurisdictions of their customers;
  
  
• they will not upload or transmit personal information to ClickFreak unless they are legally permitted to do so.
  
  

Clients remain responsible for the accuracy, legality, and content of all data they submit to the Service.

‍

4. Information We Collect

We collect personal information to provide, improve, secure, and support our Services. The categories below describe the types of information we collect, how we collect it, and for what purposes. Some information is provided directly by Users, while other data is collected automatically through the use of our platform or through authorized integrations with advertising platforms.

‍

4.1. Information You Provide to Us

We collect personal information that you voluntarily submit when creating an account, configuring your workspace, contacting support, or interacting with the Service. This may include:

• Name
  
• Email address
  
• Phone number
  
• Company or organization name
  
• Account login credentials
  
• Billing and subscription information
  (subscription plan, billing history, payment status; full card details are handled by our payment processor)
  
• Connected ad account information
  (account IDs, OAuth configuration, settings necessary to link advertising platforms to the Service)
  
• Communications and messages
  (support requests, chat messages, feedback, and any files or attachments you voluntarily provide)
  
  

You may also provide us with additional information through surveys, feature requests, beta tests, or other interactions with our team.

‍

4.2. Information We Collect Automatically

When you access or use our website or application, we automatically collect certain technical and usage information. This helps us operate, secure, and optimize the Service.

We may collect:

• IP address
  
• Unique device identifiers
  
• Browser type and version
  
• Operating system and platform
  
• Pages viewed and navigation paths
  
• Time spent on each page or screen
  
• Referring URLs and exit pages
  
• App usage logs and feature interactions
  
• Login timestamps and session duration
  
• Error logs, crash data, and performance metrics
  
• Cookie identifiers and similar technologies
  
• Tracking pixels, tags, and beacons
  
• Approximate geographic location derived from IP address
  
  

This data helps us understand how the Services are used, maintain platform security, detect anomalies, and provide a consistent user experience.

‍

4.3. Advertising Platform Data (API Data)

When you connect your advertising accounts (such as Google Ads) to ClickFreak, we collect and process advertising data using secure OAuth authentication. We only access data that you explicitly authorize through the platform’s permission settings.

Data collected may include:

• All available Google Ads performance metrics
  (impressions, clicks, costs, conversions, revenue, ROAS, etc.)
  
• Keywords, search terms, negative keywords, and match types
  
• Ad groups, ads, ad assets, creatives, and audience data
  
• Campaign budgets, status, settings, and schedules
  
• Conversion tracking data and attribution information
  
• Account structure and configuration details
  
• Historical performance data retrievable through the API
  
  

We use this data exclusively to provide reporting, insights, alerts, and optimization capabilities within the Service.

We only access data permitted by the OAuth scopes you authorize, and you may revoke access at any time from your advertising platform's settings.

‍

4.4. Lead Data (Optional Module)

If you choose to activate the Leads or Offline Conversions modules, we may process consumer or lead information you upload or transmit through the Service.

Depending on your configuration, Lead Data may include:

• First name and last name
  
• Email address
  
• Phone number
  
• Postal code and country
  
• Conversion value or revenue amount
  
• Any additional custom fields you choose to submit
  
  

This information is optional, controlled entirely by the Client, and used solely for performing Services such as lead qualification workflows or offline conversion uploads to advertising platforms.

ClickFreak acts strictly as a Data Processor for Lead Data, following the Client’s instructions. We do not use Lead Data for our own marketing, analytics, or product improvement purposes.

‍

5. How We Use Personal Information

We use personal information to deliver, improve, and secure our Services, operate our business, and comply with our legal obligations. The purposes below describe why we process personal information and the legitimate bases we rely on under applicable laws.

‍

5.1. To Provide and Maintain the Core Service

We use personal information to deliver essential features of ClickFreak, including:

• PPC performance tracking and reporting
  
• Campaign, ad group, and keyword insights
  
• Optimization recommendations and account health diagnostics
  
• Account linking, authentication, and API integrations
  
• Platform functionality, dashboards, and user interfaces

‍

This processing is necessary to fulfill our contract with Users and Clients.

‍

5.2. Alerts, Monitoring, and Anomaly Detection

We analyze advertising and usage data to:

• detect performance anomalies
  
• identify issues in connected ad accounts
  
• send alerts, notifications, and recommendations
  
• provide proactive insights that support campaign management
  
  

This helps Users manage their accounts efficiently and protect ad performance.

‍

5.3. Automated Analysis and Insights

We use automated logic and analytical models to:

• evaluate performance trends
  
• generate optimization opportunities
  
• identify waste, inefficiencies, or emerging patterns
  
• analyze data across campaigns, devices, or audiences
  
  

These capabilities are core to the functionality of the Service.

‍

5.4. New Features and AI Recommendations

As we introduce AI-powered modules and advanced automation features, personal and advertising data may be used to:

• generate smart insights
  
• suggest optimizations
  
• detect trends
  
• enhance decision-making tools
  

Any AI features will be designed to preserve user confidentiality and data protection.

‍

5.5. Customer Support and Communications

We use personal information to:

• respond to support tickets
  
• troubleshoot issues
  
• provide training, onboarding, and technical assistance
  
• communicate important updates about the Service
  
  

Without this data, we cannot adequately support or maintain your account.

‍

5.6. Billing, Payment Processing, and Subscription Enforcement

We use account and billing information to:

• manage subscription plans
  
• process payments
  
• send invoices and payment confirmations
  
• resolve billing disputes
  
• prevent unauthorized use of paid services
  
  

Payment card details are handled securely by our payment processor.

‍

5.7. Research, Development, and Product Improvement

We analyze usage trends and user behavior to:

• improve the stability and performance of our platform
  
• understand how features are used
  
• develop new tools, modules, and integrations
  
• test enhancements, optimizations, and prototypes
  

Whenever possible, this analysis uses aggregated or de-identified data.

‍

5.8. Marketing Communications (With Opt-Out)

We may use your contact information to send:

• product announcements
  
• newsletters
  
• educational resources
  
• special offers or promotions
  
• invitations to webinars, events, or beta programs
  
  

You may opt out of marketing emails at any time by using the unsubscribe link or contacting us.

Transactional and operational emails (e.g., billing notices, product alerts) cannot be opted out of.

‍

5.9. Compliance, Security, and Fraud Prevention

We use personal information to:

• monitor for suspicious activity or unauthorized access
  
• enforce our Terms of Service
  
• protect the integrity and security of our platform
  
• comply with legal and regulatory requirements
  
• maintain audit logs and backup systems
  
• manage disputes or legal claims
  
  

This ensures the safety, reliability, and lawful operation of ClickFreak.

‍

6. Legal Bases for Processing (GDPR Section)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, ClickFreak processes your personal information only when we have a valid legal basis under the General Data Protection Regulation (GDPR) or equivalent regional laws. The legal bases we rely on include:

‍

6.1. Performance of a Contract

We process personal information when it is necessary to:

• provide and maintain the Service
  
• enable advertising account integrations
  
• generate reports, alerts, and optimization insights
  
• troubleshoot technical issues
  
• manage your subscription and user account
  
• fulfill customer support requests
  
  

Without this information, we cannot deliver the Services you have requested.

‍

6.2. Legitimate Interests

We process certain information based on our legitimate interests, provided those interests are not overridden by your rights and freedoms. These interests include:

• improving and developing the Service
  
• understanding usage patterns and platform performance
  
• detecting fraud, abuse, or security threats
  
• protecting the integrity of advertising account data
  
• ensuring stable and reliable access to the platform
  
• sending necessary product-related communications
  
• conducting research and analytics to enhance features
  
  

We always balance our interests with your privacy rights and apply appropriate safeguards.

‍

6.3. Consent

We rely on your consent for specific types of processing, including:

• the use of cookies, pixels, and similar tracking technologies
  
• sending marketing emails or promotional communications
  
• processing optional Lead Data through modules you activate
  
• any processing activity where consent is legally required
  
  

You may withdraw your consent at any time, without affecting the lawfulness of processing carried out before withdrawal.

‍

6.4. Legal Obligations

We may process or retain personal information where required to comply with:

• tax, accounting, or audit obligations
  
• law enforcement or regulatory requests
  
• dispute resolution and legal claims
  
• other applicable legal requirements in jurisdictions where we operate
  
  

Such processing is limited to the extent necessary to meet these obligations.

‍

7. Cookies and Tracking Technologies

ClickFreak uses cookies and similar tracking technologies to provide, secure, and enhance our Services. These technologies help us recognize you, understand how our platform is used, improve performance, and support our marketing efforts. This section explains what we use, why we use it, and how you can manage your preferences.

‍

7.1. Types of Cookies We Use

We use several categories of cookies and related technologies on our website and application:

Required (Essential) Cookies

These cookies are necessary for the operation of the Service and enable core features such as:

• secure login
  
• user authentication
  
• account management
  
• preventing fraud and security risks
  
• maintaining session state
  
  

The Service cannot function properly without these cookies.

Functional Cookies

These cookies enhance your experience by allowing the Service to:

• remember your preferences
  
• maintain UI settings
  
• improve usability and personalization
  
• support optional features
  
  

Disabling functional cookies may limit certain conveniences.

Analytics Cookies

Analytics cookies help us understand how Users interact with the platform, such as:

• pages visited
  
• time spent on features
  
• user journeys
  
• error logs
  
• performance metrics
  
  

We use tools like Google Analytics and similar services to evaluate trends and improve application reliability and functionality. Data collected may be aggregated or anonymized whenever possible.

Marketing Cookies

These cookies support our marketing efforts, including:

• measuring campaign performance
  
• understanding referral sources
  
• tailoring content on our website
• ensuring relevant messaging
  
  

Marketing cookies are optional and require consent where legally required.

‍

7.2. Pixels, Tags, and Beacons

Our website and emails may include:

• tracking pixels
  
• web beacons
  
• tag-based technologies
  
• script-based analytics
  
  

These tools help us track:

• email open rates
  
• click-through rates
  
• conversion events
  
• user engagement patterns
  
  

This information allows us to improve the effectiveness of our communications and user experience.

‍

7.3. Usage Analytics and Device Data

We use tracking tools to collect technical data automatically, including:

• device identifiers
  
• IP address
  
• browser type
  
• operating system
  
• interaction logs
  
• performance diagnostics
  
  

This information is essential for security, troubleshooting, and understanding platform behavior.

‍

7.4. Cookie Opt-Out and Preference Controls

Depending on your location, you may be presented with a cookie banner that allows you to:

• accept all cookies
  
• reject non-essential cookies
  
• customize your cookie preferences
  
  

In addition, you may control cookies by:

• adjusting your browser settings
  
• clearing cookies from your device
  
• using browser-based “Do Not Track” features (where supported)
  
• opting out of analytics tools (e.g., Google Analytics opt-out extensions)
  
  

Please note that disabling essential or functional cookies may:

• prevent you from using certain features
  
• impair platform functionality
• result in a degraded user experience
  
  

‍

7.5. Changes to Tracking Technologies

We may update our tracking tools as we add new features or integrate new technologies. Any significant changes will be reflected in this Privacy Policy or our Cookie Policy, if applicable.

‍

8. How We Share Information

We share personal information only when necessary to operate our Services, comply with the law, or perform tasks on behalf of our Users. We do not sell personal information, and we do not permit third parties to use client data for their own independent purposes.

This section describes the categories of recipients and the circumstances in which data may be shared.

‍

8.1. Service Providers and Subprocessors

We share personal information with trusted third-party vendors who assist us in providing and improving the Service. These providers act as Subprocessors and may only process data according to our instructions.

We may share information with the following categories of service providers:

‍

Google Ads API & Advertising Platforms

To fetch, analyze, and (if authorized) upload advertising data.
We only access information permitted by your OAuth-scoped permissions.

‍

Authentication Providers

To support secure login, session management, and identity verification.

‍

Cloud Hosting Providers (Google Cloud Platform)

To store and process data securely, including BigQuery and related infrastructure tools.

‍

Bubble Platform

Our application framework that manages backend logic, databases, workflows, and automated backups.

‍

Contracted Developers and Technical Experts

Pre-vetted individuals or agencies working under strict confidentiality agreements (NDAs) who assist with development, security, and infrastructure.

‍

Email Marketing and Communication Platforms

To send product updates, onboarding flows, newsletters, and system alerts.

‍

Payment Processors (e.g., Stripe)

To manage billing, subscription payments, invoicing, and fraud prevention.
We do not store full payment card details.

All Subprocessors are bound by contractual obligations to:

• maintain strong technical and organizational security measures
  
• access only the minimum data required
  
• use data exclusively to perform the services we have requested
  
• delete or return data when no longer needed
  
• comply with global privacy regulations
  
  

8.2. Legal, Regulatory, and Safety Disclosures

We may disclose personal information when required to:

• comply with applicable laws or lawful requests from authorities
  
• respond to subpoenas, warrants, or court orders
  
• protect the rights, property, or safety of ClickFreak, our Users, or others
  
• investigate potential fraud or misuse of the Service
  
• enforce our Terms of Service or agreements with Clients
  
  

We will only share the minimum information necessary to meet legal obligations.

‍

8.3. Business Transfers

If ClickFreak undergoes a merger, acquisition, financing event, reorganization, or sale of assets, personal information may be transferred as part of the business transaction. Any acquiring party will be required to respect this Privacy Policy or provide substantially similar protections.

‍

8.4. We Do NOT Share Information For:

To be clear:

• We do not sell personal information.
  
• We do not share personal data with third parties for their advertising or marketing purposes.
  
• We do not allow service providers to use User or Client data for their own analytics, machine learning, or data monetization efforts.
  
• We do not use Lead Data or advertising account data for any purpose other than providing the Service.
  
  

8.5. Subprocessor List and Transparency

We use a small number of trusted third-party service providers (“Subprocessors”) to support the delivery, security, and functionality of the Service. These Subprocessors may process personal information on our behalf as needed to perform the tasks we rely on them for.

Our Subprocessors include:

• infrastructure and cloud hosting providers (Google Cloud Platform, BigQuery)
  
• application platform providers (Bubble)
  
• authentication and identity tools
  
• email communication and marketing systems (SendGrid)
  
• contracted development partners
  
• analytics and monitoring tools (GA4, Google Tag Manager)
  
• payment processors (such as Stripe)
  
  

We select service providers that maintain strong security, privacy, and reliability standards. Each Subprocessor operates under its own terms of service, privacy policy, and compliance framework, and is responsible for its own adherence to applicable data protection laws.

We periodically review our third-party providers to ensure they continue to meet industry expectations for data protection. Users will be notified of material updates to our Subprocessor practices as required by applicable laws.

A current list of Subprocessors is available upon request.

‍

9. Tokens and Connected Accounts

When you connect your advertising accounts (such as Google Ads) to ClickFreak, we use secure OAuth authentication to obtain access tokens that allow our system to retrieve and process the data you authorize.

‍

9.1. Storage and Security of OAuth Tokens

OAuth tokens are stored encrypted at rest using industry-standard encryption methods provided by our authentication and infrastructure platforms. These tokens are never stored in plain text and are protected against unauthorized access.

‍

9.2. Purpose of Token Use

We use OAuth tokens solely to:

• access the advertising accounts you specifically authorize
  
• retrieve performance, configuration, and reporting data
  
• enable features such as alerts, optimization, analysis, and insights
  
• process optional uploads such as offline conversions (if enabled)
  
  

We do not use tokens for any purpose outside of providing the Service.

‍

9.3. No External Sharing

OAuth tokens are never shared with third parties outside of:

• the authentication provider handling the OAuth flow
  
• the required API platform (e.g., Google Ads API)
  
  

Tokens are not made accessible to advertisers, partners, other users, or any unrelated third parties.

‍

9.4. Revocation and User Control

You may revoke ClickFreak’s access to your connected advertising accounts at any time by:

• adjusting permissions in the respective ad platform (e.g., Google Ads account settings),
  
• removing the connection from your ClickFreak dashboard, or
  
• contacting us directly.
  
  

Once revoked, ClickFreak will no longer be able to access or update information from those accounts.

‍

10. International Data Transfers

ClickFreak is a global service, and personal information may be transferred to and processed in countries other than the one where you reside. These countries may have different data protection laws, some of which may offer a lower level of protection than those in your home jurisdiction.

‍

10.1. Data Hosting in the United States

Our platform is primarily hosted on Google Cloud Platform (GCP) in the United States.
As a result, personal information processed through our Services may be stored or accessed on servers located in the U.S.

‍

10.2. How We Ensure International Transfers Are Protected

We rely on reputable infrastructure and service providers—such as Google Cloud Platform and Bubble—to handle the secure storage and processing of personal information. These providers maintain advanced security, privacy, and compliance frameworks, including measures designed to support lawful international data transfers under regulations such as GDPR, PIPEDA, and other regional privacy laws.

These providers are responsible for implementing and maintaining the legal mechanisms and technical safeguards required for cross-border data transfers. We rely on their established compliance programs, certifications, and industry-standard protections to ensure that personal information remains safeguarded when processed in other countries.

‍

10.3. Processing Outside Your Home Country

By using the Services, you acknowledge that:

• your personal information may be transferred to and processed in countries outside your own;
  
• such countries may have different data protection rules; and
  
• ClickFreak will continue to handle your personal information in accordance with this Privacy Policy, regardless of where it is processed.
  
  

If you are located in a region with specific regulatory requirements (such as the EEA, UK, or Switzerland), we will rely on the compliance frameworks of our service providers to ensure that personal information is handled with an adequate level of protection.

‍

11. Data Retention

We retain personal information for as long as necessary to provide our Services, fulfill the purposes outlined in this Privacy Policy, and comply with applicable legal and operational requirements.

‍

11.1. General Retention Practices

We retain most categories of personal information indefinitely unless:

• the User requests deletion,
  
• the account becomes inactive for an extended period, or
  
• retention is no longer necessary for legitimate business or legal purposes.
  
  

This allows us to maintain historical advertising performance data, support long-term trend analysis, and ensure continuity for Users who rely on multi-year insights.

We reserve the right to delete or anonymize data from inactive accounts at our discretion.

‍

11.2. Lead Data Retention

Lead Data submitted through the optional Leads or offline conversion modules is retained:

• for as long as the Client keeps the data in their workspace,
  
• unless the Client deletes it manually, or
  
• automatically after a reasonable period if the module is unused or disabled.
  
  

Lead Data is deleted or anonymized if:

• the Client requests deletion,
  
• the Client terminates their account, or
  
• retention is no longer required to provide the Service.
  
  

We act as a Data Processor for Lead Data and follow the Client’s instructions regarding retention and deletion.

‍

11.3. Backups and System Logs

Our infrastructure partners, including Bubble and Google BigQuery, maintain automated backup systems and data snapshots as part of their managed services. These backups operate on fixed rotation schedules determined by the provider.

If a User requests deletion of their personal information:

• active production data will be deleted promptly, and
  
• any remaining data stored within automated backups will be removed when those backups naturally cycle out during the provider’s standard retention schedule.
  
  

This ensures compliance while maintaining the integrity and safety of our platform.

‍

11.4. Data Deletion Requests

Users may request deletion of their personal information at any time by contacting us at privacy@clickfreak.ai.

Upon receiving a deletion request:

• we will verify the requestor’s identity,
  
• delete or anonymize data in active systems, and
  
• schedule the removal of backup-stored remnants through normal rotation cycles.
  
  

Certain data may be retained as required by law (e.g., billing records, fraud logs, or audit information).

‍

12. Security Measures

We take the security of personal information seriously and implement a combination of technical, administrative, and organizational safeguards to protect data from unauthorized access, disclosure, alteration, or destruction. While no security system is flawless, we are committed to maintaining a robust and up-to-date security posture.

‍

12.1. Encryption

We use industry-standard encryption technologies:

• Encryption at rest for stored data, including OAuth tokens and user information.
  
• Encryption in transit (TLS/HTTPS) for all data exchanged between your device and our Services.
  
  

This ensures that data remains protected during storage and transmission.

‍

12.2. Access Controls

We apply strict access controls to minimize risk:

• access to personal information is restricted to authorized team members and contractors
  
• permissions are granted following a least privilege principle
  
• elevated access is monitored and reviewed regularly
  
• sensitive operations require authentication and secure credentials

‍

Only personnel who need access to perform their duties may interact with sensitive data.

‍

12.3. Monitoring and Logging

We maintain platform security through:

• continuous monitoring of system activity
  
• automated detection of suspicious behavior
  
• detailed logging of authentication events, system usage, and administrative actions
  
• alerting mechanisms for potential anomalies
  
  

These measures help us quickly identify and respond to potential threats.

‍

12.4. Network and Infrastructure Protections

We rely on modern infrastructure providers that offer:

• multi-layer firewalls
  
• intrusion detection and prevention tools
  
• distributed denial-of-service (DDoS) protection
  
• secure cloud architecture configurations
  
• physical data center security controls
  
  

Our environment is designed to meet or exceed industry security standards.

‍

12.5. Secure Development Practices

We follow secure development lifecycle practices, including:

• regular security updates and patching
  
• version control and controlled deployments
  
• code reviews for critical changes
  
• protection against known vulnerabilities
  
• secure handling of credentials and API keys
  
  

Our team and contractors follow guidelines aligned with modern application security principles.

‍

12.6. Vendor Security and Compliance

We use reputable vendors and infrastructure partners who maintain strong, independently-audited security and privacy programs. These partners are responsible for the security and compliance of the services they provide, including:

• data storage and hosting
  
• authentication
  
• email delivery
  
• payment processing
  
  

We monitor their ongoing compliance and review their public security documentation regularly.

‍

12.7. No System Is 100 Percent Secure

Despite our efforts, no online service or storage system can guarantee absolute security. We cannot warrant or guarantee that personal information will always remain secure. Users are responsible for maintaining the confidentiality of their passwords, accounts, and devices.

If we become aware of a data breach that affects your personal information, we will notify you as required by applicable law.

‍

13. Your Rights

We respect the privacy rights of all Users and provide mechanisms to access, manage, and control personal information. The specific rights available to you may depend on your location and the privacy laws that apply to you. Regardless of where you live, we are committed to handling your requests transparently and promptly.

‍

13.1. Rights Available to All Users Globally

All Users of ClickFreak have the following rights:

‍

Right of Access

You may request a copy of the personal information we hold about you.

‍

Right of Correction (Rectification)

You may request corrections or updates to inaccurate or incomplete information.

‍

Right of Deletion (Erasure)

You may request deletion of your personal information. Some data may be retained as required by law or for legitimate business purposes.

‍

Right to Export (Data Portability)

You may request a machine-readable export of your personal information.

‍

Right to Withdraw Consent

If processing is based on consent (e.g., cookies, marketing emails), you may withdraw your consent at any time.

‍

Right to Opt Out of Marketing Emails

You may unsubscribe from marketing communications using the link provided in the email or by contacting us.

Transactional or service-related emails cannot be opted out of.

To exercise any of these rights, contact us at privacy@clickfreak.ai.

‍

13.2. Additional Rights for Users in the European Economic Area (EEA), United Kingdom (UK), and Switzerland (GDPR)

If you are located in the EEA, UK, or Switzerland, you have the rights listed above plus the following under GDPR:

‍

Right to Restrict Processing

You may request that we limit how your personal information is used in certain circumstances.

‍

Right to Object

You may object to processing based on legitimate interests or to direct marketing.

‍

Right to Enhanced Data Portability

You may request that we transfer your personal information to another controller where feasible.

‍

Right to Lodge a Complaint

You have the right to file a complaint with your local data protection authority about our data practices.

‍

A list of EU supervisory authorities is available at:
https://edpb.europa.eu/about-edpb/board/members_en

‍

13.3. Additional Rights for California Residents (CCPA/CPRA)

If you reside in California, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide additional rights.

‍

Right to Know

You may request disclosure of:

• categories of personal information collected,
  
• purposes for collection,
  
• sources of information,
  
• categories of third parties we share information with, and
  
• specific pieces of personal information collected.
  
  

Right to Delete

You may request that we delete personal information we have collected about you.

‍

Right to Correct

You may request correction of inaccurate personal information.

‍

Right to Opt Out

You may opt out of the sale or sharing of your personal information.
Note: ClickFreak does not sell or share personal information for advertising purposes.

‍

California Contact Method

California residents may submit CCPA requests by emailing:
privacy@clickfreak.ai

We may ask you to verify your identity before processing your request.

‍

13.4. Timeframe for Responses

We strive to respond to all privacy requests within the timeframe required by applicable laws, typically within:

• 30 days for most regions
  
• 45 days for CCPA requests
  
• Extensions may apply for complex or high-volume requests
  
  

We will notify you if additional time is required.

‍

14. Lead Data Responsibilities

Some Clients may choose to use ClickFreak’s optional modules—such as the Leads module or offline conversion uploads—to process personal information about their customers, prospects, or leads (“Lead Data”). Because this information originates from the Client’s own systems or marketing activities, the Client remains fully responsible for the lawful collection, use, and disclosure of such data.

This section clarifies the obligations of Clients and the role of ClickFreak with respect to Lead Data.

‍

14.1. Client Responsibility to Obtain a Legal Basis

Clients are solely responsible for ensuring that they have obtained all necessary rights and permissions to collect, use, and share Lead Data with ClickFreak. This includes ensuring compliance with all applicable laws governing:

• consent
  
• data transparency
  
• marketing communications
  
• data retention
  
• cross-border transfers
  
• consumer privacy rights
  
  

Clients must ensure that the individuals whose data they process have been informed of, and consented to, any required processing activities.

‍

14.2. Compliance with Applicable Laws

Clients agree to comply with all relevant privacy, consumer protection, marketing, and data security laws in the jurisdictions where they operate, including but not limited to:

• GDPR (General Data Protection Regulation)
  
• CCPA/CPRA (California Consumer Privacy laws)
  
• TCPA (Telephone Consumer Protection Act)
  
• CASL (Canada’s Anti-Spam Legislation)
  
• any other regional or industry-specific regulations
  
  

Clients may not use ClickFreak to upload, store, or process Lead Data in violation of these laws.

‍

14.3. ClickFreak’s Role: Data Processor

For all Lead Data, ClickFreak acts strictly as a Data Processor.

This means:

• we process Lead Data only on behalf of the Client
  
• we follow the Client’s explicit instructions
  
• we do not determine the purpose or means of processing
  
• we do not use Lead Data for analytics, marketing, product development, or any internal purpose
  

Clients are the Data Controllers for all Lead Data they submit.

‍

14.4. Use of Lead Data

We use Lead Data solely to provide the services requested by the Client, such as:

• lead qualification workflows
  
• conversion uploads to advertising platforms
  
• reporting and tracking features
  
• any optional modules enabled by the Client
  
  

We do not use Lead Data to build profiles, train models, or perform aggregated analysis across Clients.

‍

14.5. Deletion of Lead Data

Clients may delete Lead Data at any time through the platform or by contacting us at privacy@clickfreak.ai.

Upon deletion:

• Lead Data is removed from active systems
  
• remaining encrypted copies in automated backups are removed upon normal backup rotation cycles.
  
• no further processing or access occurs
  
  

If a Client terminates their account, all associated Lead Data will be deleted or anonymized in accordance with our Data Retention policy.

‍

15. Third-Party Links

Our website and Services may contain links to third-party websites, applications, tools, or services that are not owned or controlled by ClickFreak. These links are provided for convenience only and do not constitute an endorsement or recommendation of the linked content, products, or services.

‍

15.1. No Control Over Third-Party Practices

ClickFreak has no control over the privacy practices, data handling policies, or security measures of third-party websites or services. We are not responsible or liable for:

• the content, accuracy, or availability of third-party sites
  
• any data collection, use, or sharing that occurs on those sites
  
• the privacy or security practices of external platforms
  
• any damages or losses arising from your use of third-party services

‍

Your interactions with third-party websites are governed by their own terms and privacy policies.

‍

15.2. User Responsibility

We encourage you to:

• review the privacy policies of any third-party website or service before providing personal information
  
• exercise caution when leaving our platform
  
• understand that third-party websites may collect data independently of ClickFreak
  
  

ClickFreak does not monitor or verify how third parties handle personal information.

‍

16. Children's Privacy

ClickFreak is intended for use by adults and businesses. It is not designed for, directed to, or intended for use by individuals under the age of 18.

‍

16.1. No Knowing Collection of Data from Minors

We do not knowingly collect, maintain, or process personal information from anyone under the age of 18. If we become aware that personal information has been collected from a minor, we will:

• promptly delete the information from our active systems
  
• take steps to remove it from backups during normal rotation cycles
  
• restrict any further processing associated with the minor’s account

‍

16.2. Reporting Concerns

If you believe that a minor under 18 has provided personal information to ClickFreak, please contact us immediately at privacy@clickfreak.ai so we can take appropriate action.

‍

17. Payments

ClickFreak uses trusted third-party payment processors to handle billing and subscription payments for our Services. These processors manage all sensitive payment information on our behalf.

‍

17.1. Payment Processing

Payments for ClickFreak subscriptions are processed securely by Stripe. Stripe is responsible for:

• handling payment card information
  
• processing charges and refunds
  
• maintaining PCI-DSS compliance
  
• implementing fraud prevention measures
  
  

Your payment information is transmitted directly to Stripe and is not accessible to ClickFreak.

‍

17.2. No Storage of Card Details

ClickFreak does not:

• store full credit card numbers
  
• store CVV codes
  
• have access to complete payment card details at any time
  
  

We only receive limited billing-related information necessary for account administration, such as billing history, subscription status, and the last four digits of a card for identification.

‍

17.3. Stripe’s Privacy Terms

Your use of Stripe is subject to Stripe’s own terms, policies, and privacy practices.
You can learn more at:

https://stripe.com/privacy

We encourage you to review Stripe’s policies to understand how your payment information is handled.

‍

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our Services, business practices, legal obligations, or technological advancements. When we make material updates, we will notify you in a reasonable manner.

‍

18.1. How We Communicate Updates

If changes are significant, we may notify you through:

• an email sent to the address associated with your account
  
• an in-app message or notification
  
• a prominent notice on our website or dashboard
  
  

Minor updates that do not materially affect your rights may be posted without additional notice.

‍

18.2. Latest Update Date

Each version of this Privacy Policy will include an effective date at the top so you can easily see when it was last revised.

‍

18.3. Acceptance of Changes

By continuing to access or use the Service after an updated Privacy Policy becomes effective, you acknowledge and agree to the revised terms. If you do not agree with the changes, you should discontinue use of the Service and request deletion of your personal information if desired.

‍

‍

19. Contact Information

If you have questions or concerns about this Privacy Policy or our data practices, you can contact us using the information below.

‍

19.1. Privacy Inquiries

For all privacy-related requests, including:

• accessing your personal information
  
• correcting or updating your data
  
• deleting your data
  
• requesting a data export
  
• asking questions about this Privacy Policy
  
  

please contact us at:

Email: privacy@clickfreak.ai

‍

19.2. Mailing Address for Official Communications

You may contact us by email or through the mailing address included in our official business and marketing communications. We do not publish our full mailing address online for security and privacy reasons, but it is provided in all required email footers and legal correspondence.

Entity Name:
ClickFreak Technologies Inc.
Alberta, Canada

‍

19.3. Requesting Data Deletion or Export

To request deletion or export of your personal information:

1. Email us at privacy@clickfreak.ai.
   
2. Provide enough information to verify your identity.
   
3. We will process your request within the legally required timeframe for your region.
   
   

Deleted data will be removed from active systems promptly, and backup copies will be removed automatically during standard system rotation cycles.