Ciaro
Start Free Trial
LEGAL

Privacy Policy

Last updated: April 22, 2026

1. Introduction

Ciaro ("we," "us," or "our") operates a click fraud detection and PPC optimization platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

We are committed to protecting your privacy while delivering robust fraud protection for your Google Ads and PPC campaigns.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Name and email address
  • Company name and website URL
  • Billing and payment information
  • Phone number (optional)

2.2 Click & Traffic Data

To detect and prevent click fraud, we collect:

  • IP addresses — used to identify fraudulent click patterns, VPN/proxy usage, and known bot networks
  • Device fingerprints — browser type, OS, screen resolution, and installed plugins to identify repeat offenders
  • Click timestamps and frequency — to detect abnormal click patterns and click farms
  • Referral sources and UTM parameters — to trace the origin of fraudulent traffic
  • Geographic location data — derived from IP addresses to identify suspicious geographic patterns

2.3 Behavioral Analytics Data

For our session replay and heatmap features, we collect:

  • Mouse movements, clicks, and scroll behavior
  • Page navigation patterns and session duration
  • Form interaction data (field focus/blur — never keystrokes in sensitive fields)
Important: Ciaro automatically masks all sensitive inputs including passwords, credit card numbers, and personal data fields before they leave the user's browser. This masking is built into our tracking script and cannot be disabled.

2.4 Google Ads Integration Data

When you connect your Google Ads account, we access:

  • Campaign performance metrics (clicks, impressions, conversions, spend)
  • IP exclusion lists for automated fraud blocking
  • Ad group and keyword performance data

3. How We Use Your Information

  • Fraud Detection & Prevention: Analyzing click patterns, IP addresses, and device fingerprints to identify and block fraudulent clicks in real-time
  • Campaign Optimization: Providing behavioral analytics, session replays, and heatmaps to help you understand genuine user behavior
  • Automated Protection: Updating your Google Ads IP exclusion lists to prevent future fraudulent clicks
  • Reporting & Alerts: Sending fraud reports, anomaly alerts, and performance insights
  • Service Improvement: Training our AI models on anonymized, aggregated fraud patterns to improve detection accuracy
  • Customer Support: Responding to inquiries and providing technical assistance

4. Data Sharing & Third Parties

We do not sell your personal data. We share data only in these circumstances:

  • Google Ads API: To update IP exclusion lists and retrieve campaign data
  • Infrastructure Providers: Cloud hosting (encrypted at rest and in transit)
  • Payment Processors: For subscription billing only
  • Legal Obligations: When required by law or to protect against fraud

5. Data Retention

  • Click fraud data: Retained for 90 days for analysis, then aggregated and anonymized
  • Session replay data: Retained for 30 days, then permanently deleted
  • Account data: Retained while your account is active, deleted within 30 days of account closure
  • IP blocklists: Maintained as long as your subscription is active

6. Data Security

We implement industry-standard security measures including:

  • AES-256 encryption at rest and TLS 1.3 in transit
  • Infrastructure designed against SOC 2 Type II controls (independent attestation in progress)
  • Regular penetration testing and security audits
  • Role-based access controls and audit logging
  • Automatic sensitive data masking in session replays

7. Cookies & Tracking

Our fraud detection script uses a first-party cookie to maintain session integrity for fraud analysis. We do not use third-party advertising cookies. See our cookie banner for granular control options.

8. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction or deletion of your data
  • Export your data in a machine-readable format
  • Object to or restrict certain processing activities
  • Withdraw consent at any time

To exercise any of these rights, contact us at privacy@ciaro.click.

9. Contact Us

If you have questions about this Privacy Policy, contact our Data Protection Officer at dpo@ciaro.click or write to:

Ciaro
Office No. 3, Al Wasl Building
Next to Dubai Mall / Burj Khalifa Metro Station
Downtown, Dubai, UAE