What the pixel captures
Core user events
The pixel records the following standard browser events to build a picture of session activity:- Page Load / View — Recorded when a page finishes loading
- Page Unload — Recorded when a user navigates away from a page
- Tab Switch — Recorded when a user switches browser tabs
- First Visit — Recorded when a user arrives at the site for the first time
- Session Start — Recorded at the beginning of each new session
- Scroll — Recorded when a user scrolls on a page
- Click — Recorded when a user interacts with page elements
Additional ad auditing data
Beyond core events, the pixel captures the following signals specifically for auditing and fraud detection:- Ad Performance Metrics — Impressions, clicks, and session duration. Sessions lasting 10 or more seconds are classified as True Visitors.
- Keyword-Based Intent Signals — Engagement data tied to specific keywords, not to individual users.
- Fraud Detection Data — Signals used to identify bot traffic, ad stacking, click farms, invalid clicks, and out-of-geo ad delivery.
- UTM Parameter Analysis — Cross-verification of campaign traffic between Google Ads, Meta Ads, and other platforms using URL parameters.
Full list of data fields collected
The pixel collects the following data fields — and only these fields:| Field | Description |
|---|---|
_id | Internal record identifier |
userAgent | Browser type, OS, and device category (limited) |
language | Browser language setting |
platform | Operating system platform |
screenWidth / screenHeight | Screen dimensions |
colorDepth / pixelDepth | Display color depth |
timezoneOffset | UTC timezone offset |
sessionStorage / localStorage | Whether browser storage is available |
cookiesEnabled | Whether cookies are enabled |
doNotTrack | Browser Do Not Track signal status |
currentUrl | URL of the current page |
previousUrl | URL of the referring page within the session |
touchSupport | Whether the device supports touch input |
hardwareConcurrency | Number of CPU cores (device category signal) |
siteIdentifier | Your site’s unique Dash.fi identifier |
timestamp | Date and time of the event |
event | Event type (e.g., PageLoad, Click) |
client_ip | Partial IP only — generalized region, not exact location |
referer | Referring URL |
vidis_processed | Internal processing status flag |
created_at | Record creation timestamp |
source / medium / campaign / channel | UTM and attribution parameters from the URL |
What the pixel does NOT collect
- Names, email addresses, phone numbers, or any other personal identifiers
- Exact IP addresses or precise geolocation data
- Device or browser fingerprints used for cross-site tracking
- Third-party cookies or cross-site tracking data
How data is handled
| Data type | How it’s treated |
|---|---|
| Partial IP address | Only a generalized region is inferred — not the user’s exact location or street address |
| User Agent | Logs only browser type, operating system, and device category — not a full fingerprint |
| Anonymized unique identifiers | Stored locally in the user’s browser and never transmitted to Dash.fi servers |
| Data access | Strict access controls are enforced — no individual user is tracked across multiple websites |
Server infrastructure and security
Your data is stored and processed on a secure, enterprise-grade infrastructure:- Hosting: Google Cloud Platform (GCP) — US-Central1 region (Oregon, USA)
- Audit logs: Immutable, blockchain-based audit trail
- Data in transit: Encrypted using industry-standard TLS
- Data at rest: Encrypted at the storage layer
- Log integrity: Tamper-proof — audit records cannot be altered after creation
Compliance and certifications
Dash.fi Ad Pay Protection meets the requirements of major data protection frameworks:GDPR and CCPA compliance
GDPR and CCPA compliance
Ad Pay Protection is fully compliant with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). No PII is collected, and cookie-less tracking eliminates the need for cookie consent banners related to the pixel.
DPF Certification
DPF Certification
Dash.fi holds Data Privacy Framework (DPF) certification, covering data transfers between the EU, UK, and United States.
Data Protection Officer and EU representation
Data Protection Officer and EU representation
A Data Protection Officer (DPO) has been appointed. EU representative and lead supervisory authority appointments are in place as required by GDPR.
Data subject rights (Access, Correction, Erasure, DSAR)
Data subject rights (Access, Correction, Erasure, DSAR)
Procedures are in place to handle data subject access requests (DSARs) and to fulfill rights of access, correction, and erasure in accordance with GDPR and CCPA requirements.
Business Continuity and Disaster Recovery
Business Continuity and Disaster Recovery
Business Continuity and Disaster Recovery (BCDR) plans are documented and tested on an annual basis to ensure data availability and system resilience.
How Ad Pay Protection helps your business
- Detects invalid traffic (IVT) and ad fraud — Identifies bot traffic, click farms, ad stacking, and other forms of fraud that inflate your ad costs without delivering real results.
- Recovers overcharges — Typical advertiser accounts show 5–30% in overcharges from platforms like Google and Meta. Ad Pay Protection identifies these discrepancies and submits refund claims on your behalf.
- Self-service monitoring — Track ad performance, fraud signals, and pending refund claims directly from your Dash.fi dashboard at app.dash.fi.
For questions about data handling, privacy compliance, or to submit a data subject access request, contact support@dash.fi.