Privacy Policy for Click Fraud Protection

Privacy Policy Details

SeaBird Solutions, LLC (“SeaBird,” “we,” “us,” or “our”) operates SeaBird Taylon (the “Service”) at seabirdtaylon.com. This Policy explains how we collect, use, disclose, and protect information in connection with the Service, including data processed on behalf of customers who deploy our JavaScript collector (“The Collector”) on their sites for click-fraud detection and ad integrity.

By using the Service or Website, you agree to this Policy. If you do not agree, do not use the Service.

1. Information We Collect

• Customer Account Data (controller): When you sign up, request a demo, or contact us, we may collect name, email, company details, billing information, and IP address.
• Service Usage Data (controller): Logs (access times, browser/OS), referrer host, device information, and interactions with our dashboards and APIs.
• Data via The Collector (processor on your behalf): Visit data used for fraud detection/attribution, including:
  • URL path and a sanitized query string—preserving ad IDs (gclid, gbraid, wbraid, dclid, gclsrc, srsltid) and UTM parameters; redacting known secret keys (e.g., access_token, code, password) and masking obvious PII patterns.
  • Referrer: collected as host only (no cross-site path or query).
  • Quality signals: dwell time and scroll depth for anti-abuse.
  • Governance: GPC status, session ID; an optional persistent visitor ID is set only when GPC is not enabled.
  • IP address: received server-side with each request and stored in its original form for fraud analysis, investigation, and enforcement. See retention details in Section 4.
  The Collector is credentials-free, cookie-optional, and honors GPC. We do not intentionally collect sensitive categories (e.g., precise geolocation) via the script.
• Third-Party Data: Limited data from integrations (e.g., Google Ads via OAuth) to sync IP exclusions and evaluate invalid traffic.

We do not knowingly collect data from children under 13 (or under 16 where applicable).

2. How We Use Information

• Provide, maintain, and improve fraud detection (e.g., suspicious patterns, IP/ASN blocking, campaign integrity checks).
• Sync exclusions with Google Ads on your behalf (when connected).
• Operate dashboards, send support/operational messages, and improve reliability/security.
• Comply with law and enforce terms.
• With consent, limited marketing communications (opt-out anytime).

GDPR legal bases: contract performance; legitimate interests (fraud prevention, security); consent where required.

3. Sharing & Disclosure

• Service Providers (business purposes): hosting, monitoring, email delivery, payment processing (Stripe), and security—under their standard online terms. When you register for a paid account, we automatically disclose certain information to Stripe (e.g., name, email, billing details, and transaction metadata) so your customer profile can be created and your subscription administered. We do not receive or store full payment card numbers. See Stripe’s Privacy Policy.
• Google Integration: If you connect Google Ads, we access/act on limited data (e.g., push IP exclusions) consistent with Google’s API policies. We disclose what we access and actions we take in-product.
• Legal: Respond to lawful requests; protect rights, safety, and integrity.
• Business Transfers: In merger, acquisition, or asset sale scenarios.
• Aggregated/De-identified: Research, benchmarking, or service improvement without identifying individuals.

We do not sell personal information and we do not “share” it for cross-context behavioral advertising.

4. Data Security & Retention

We apply industry-standard safeguards (encryption in transit, least-privilege access, monitoring). No method is 100% secure.

• IP addresses (fraud operations): stored in original (raw) form in operational datasets used for fraud detection, investigation, model evaluation, and enforcement for up to 120 days. After that period, we delete raw records or retain only aggregated, non-identifying statistics (e.g., counts by /24 or ASN).
• Visit logs (event-level telemetry): request/response and quality-signal logs (including URL path + sanitized query, referrer host, user agent, dwell/scroll metrics) are retained up to 90 days and then deleted or aggregated. (Automated purges run roughly every 24 hours.)
• Visits (session/normalized records): normalized visit/session objects that back reports and investigations are retained up to 120 days and then deleted or aggregated.
• Fraud verdicts/labels: disposition results (e.g., valid/invalid/suspect) are retained up to 14 days and then deleted or recomputed from source data if needed.
• Block-candidate queues: candidate IPs/ASNs and supporting signals queued for possible blocking are retained up to 120 days and then cleared.
• Public-site analytics (if enabled): non-personalized analytics records are kept up to 90 days and then deleted or aggregated.
• Account/billing: retained as required by law (e.g., tax/financial recordkeeping). Upon account termination, customer data is deleted or de-identified after a brief backup grace period.

Purge jobs run on a regular schedule (approximately every 24 hours) and remove or aggregate records that exceed the windows above.

5. Your Rights & Choices

• Access, Correction, Deletion: Email privacy@seabirdtaylon.com.
• Cookies & Measurement: Analytics is off by default. Use the banner or “Manage Cookie Preferences” in the footer. We honor GPC automatically.
• California & U.S. State Rights (CPRA, etc.): Right to know/access, delete, correct, and opt-out of sale/share (we don’t sell/share). No discrimination for exercising rights.
• GDPR (EU/EEA): Rights include access, rectification, erasure, restriction, portability, and objection. For data we process as a processor via The Collector, contact the relevant site owner (controller).

California Privacy Supplement (CCPA/CPRA)

Disclosures in the preceding 12 months. We disclosed personal information for business purposes to our service providers, including our payment processor (Stripe) for account setup and subscription management at signup, and hosting/security providers for site operation. We did not sell personal information and did not “share” it for cross-context behavioral advertising.

6. International Transfers

Data is stored primarily in the U.S. For transfers from other regions, we use Standard Contractual Clauses or comparable safeguards where applicable.

7. Third-Party Links & Services

When you connect third-party services (e.g., Google Ads), their privacy terms apply to their processing. We are not affiliated with Google.

8. Children’s Privacy

The Service is intended for business users and advertisers. It is not intended for children under 13. If we learn we collected such data, we will delete it.

9. Changes to This Policy

We may update this Policy from time to time. We will post the revised Policy with an updated effective date. Continued use constitutes acceptance.

10. Contact Us

SeaBird Solutions, LLC, 3717 Boston St PMB 329, Baltimore, MD 21224, USA. Email: privacy@seabirdtaylon.com.

11. Cookies, Ads & “Do Not Sell/Share”

We use optional cookies for site functionality and non-personalized analytics. We do not sell personal information or “share” it for cross-context behavioral advertising. Manage preferences below or enable Global Privacy Control (GPC) in your browser.