StopBots

Privacy Policy

Last updated: February 25, 2026

1. Information We Collect

StopBots collects the following information to detect and prevent click fraud on Google Ads campaigns:

  • Click Data: IP address, browser fingerprint signals (canvas, WebGL, audio context, fonts, navigator properties), TLS fingerprint, user agent, referrer URL, page URL, and Google Click ID (gclid).
  • Behavioral Data: Mouse movement patterns, scroll behavior, click timing, touch gestures (on mobile devices). This data is collected in aggregate form and does not identify individual users.
  • Account Data: Email address and password (hashed) when you create a StopBots account.

2. How We Use Your Information

We use collected data exclusively for:

  • Detecting fraudulent clicks on your Google Ads campaigns
  • Adding fraudulent IP addresses to your Google Ads exclusion lists
  • Generating fraud analytics and reports in your dashboard
  • Improving our detection algorithms

3. Data Sharing

We do not sell or share personal data with third parties. We use the following services:

  • IPQualityScore: IP reputation lookups (IP addresses only)
  • Public IP Threat Lists: We reference publicly available IP threat intelligence feeds (such as FireHOL and similar open-source lists) to identify known malicious IP ranges.
  • Google Ads API: To read campaign data and manage IP exclusion lists on your campaigns (with your explicit OAuth authorization)

4. Data Retention

Click data is retained for 90 days. Account data is retained until you delete your account. You can request data deletion at any time by contacting us at contact@stopbots.app.

5. Cookies

The StopBots tracking script does not set any cookies on your visitors' browsers. Our dashboard uses essential cookies for authentication (httpOnly, secure).

6. Security

All data is transmitted over HTTPS. Passwords are hashed using Argon2id. Google Ads tokens are encrypted at rest. Our infrastructure is hosted on secure servers with firewall protection.

7. Google Ads API Usage

StopBots uses the official Google Ads API in compliance with Google's API Terms of Service. Specifically, we use the API to:

  • Read campaign and click performance data via GoogleAdsService.Search
  • Update IP exclusion lists (CampaignCriterion) to block fraudulent IP addresses
  • Display campaign-level performance reports in your dashboard

You authorize API access through Google OAuth 2.0. You can revoke access at any time through your StopBots settings or your Google Account permissions.

8. PIPEDA Compliance

StopBots is operated from Montreal, Canada and complies with the Personal Information Protection and Electronic Documents Act (PIPEDA). We collect only the minimum data necessary for fraud detection, obtain consent through clear service terms, and provide data access and deletion upon request.

9. Contact

For privacy inquiries: contact@stopbots.app