Privacy Policy

clicksdk.com (“we”, “us”, or “our”) operates the affiliate link management platform available at clicksdk.com. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.

2.1 Account information

When you register, we collect your email address and a hashed password. We do not store passwords in plain text.

2.2 Link click data

For every redirect we process, we record: a truncated and one-way-hashed IP address (we never store the full IP), user-agent string, referrer URL, inferred country and city, device type, and timestamp. This data is used solely to provide analytics to the link owner.

2.3 Postback conversion events

If an affiliate network sends a postback to our tracking endpoint, we record the click ID, payout amount, currency, and timestamp supplied by the network.

2.4 Usage and log data

We collect standard server logs (request method, path, response code, latency) for operational purposes. Logs are retained for 30 days and then deleted.

• To operate and improve the platform.
• To provide click analytics and conversion reports to you.
• To authenticate your account and keep it secure.
• To detect and prevent fraud, abuse, and bot traffic.
• To send transactional emails (password reset, billing receipts). We do not send marketing emails without your explicit consent.

We do not sell, rent, or share your personal data with third parties for their own marketing purposes. We may share data with:

• Infrastructure providers (cloud hosting, CDN) under data-processing agreements.
• Payment processors for billing — we never store full card numbers.
• Law enforcement when required by a valid legal process.

We do not store raw IP addresses. Upon receipt, each IP is one-way-hashed with a rotating secret and the original address is immediately discarded. This means we can detect duplicate clicks within a session but cannot reverse-map a hash to an individual.

We use a single HttpOnly, Secure session cookie to authenticate your dashboard session. We do not use third-party advertising cookies or cross-site tracking technologies.

Click event data is retained for 24 months from the date of capture, after which it is permanently deleted. Account data is retained until you close your account. You may request earlier deletion at any time (see section 9).

We encrypt data in transit using TLS 1.2+. Sensitive fields are encrypted at rest. Access to production systems is restricted to authorised personnel only. Despite these measures, no system is completely secure; we encourage you to use a strong, unique password.

Depending on your jurisdiction, you may have the right to access, correct, export, or delete personal data we hold about you. To exercise any of these rights, email privacy@clicksdk.com. We will respond within 30 days.

clicksdk.com is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us data, please contact us and we will delete it promptly.

We may update this policy from time to time. We will notify registered users by email and update the effective date above. Your continued use of the platform after the effective date constitutes acceptance of the revised policy.

Questions about this policy? Email privacy@clicksdk.com.