> ## Documentation Index
> Fetch the complete documentation index at: https://help.dash.fi/llms.txt
> Use this file to discover all available pages before exploring further.

# Ad Pay Protection data collection and privacy

> Understand what the Dash.fi Ad Pay Protection pixel collects, what it never captures, and how your data is stored, secured, and kept compliant.

Dash.fi Ad Pay Protection is built on a privacy-first foundation. The pixel uses cookie-less tracking and collects no personally identifiable information (PII) — no names, emails, phone numbers, or exact location data are ever captured or transmitted to Dash.fi servers. The system is fully compliant with GDPR and CCPA, and it collects only the behavioral and technical signals necessary to detect ad fraud and audit your campaign spend.

***

## What the pixel captures

### Core user events

The pixel records the following standard browser events to build a picture of session activity:

* **Page Load / View** — Recorded when a page finishes loading
* **Page Unload** — Recorded when a user navigates away from a page
* **Tab Switch** — Recorded when a user switches browser tabs
* **First Visit** — Recorded when a user arrives at the site for the first time
* **Session Start** — Recorded at the beginning of each new session
* **Scroll** — Recorded when a user scrolls on a page
* **Click** — Recorded when a user interacts with page elements

### Additional ad auditing data

Beyond core events, the pixel captures the following signals specifically for auditing and fraud detection:

* **Ad Performance Metrics** — Impressions, clicks, and session duration. Sessions lasting 10 or more seconds are classified as True Visitors.
* **Keyword-Based Intent Signals** — Engagement data tied to specific keywords, not to individual users.
* **Fraud Detection Data** — Signals used to identify bot traffic, ad stacking, click farms, invalid clicks, and out-of-geo ad delivery.
* **UTM Parameter Analysis** — Cross-verification of campaign traffic between Google Ads, Meta Ads, and other platforms using URL parameters.

***

## Full list of data fields collected

The pixel collects the following data fields — and only these fields:

| Field                                        | Description                                              |
| -------------------------------------------- | -------------------------------------------------------- |
| `_id`                                        | Internal record identifier                               |
| `userAgent`                                  | Browser type, OS, and device category (limited)          |
| `language`                                   | Browser language setting                                 |
| `platform`                                   | Operating system platform                                |
| `screenWidth` / `screenHeight`               | Screen dimensions                                        |
| `colorDepth` / `pixelDepth`                  | Display color depth                                      |
| `timezoneOffset`                             | UTC timezone offset                                      |
| `sessionStorage` / `localStorage`            | Whether browser storage is available                     |
| `cookiesEnabled`                             | Whether cookies are enabled                              |
| `doNotTrack`                                 | Browser Do Not Track signal status                       |
| `currentUrl`                                 | URL of the current page                                  |
| `previousUrl`                                | URL of the referring page within the session             |
| `touchSupport`                               | Whether the device supports touch input                  |
| `hardwareConcurrency`                        | Number of CPU cores (device category signal)             |
| `siteIdentifier`                             | Your site's unique Dash.fi identifier                    |
| `timestamp`                                  | Date and time of the event                               |
| `event`                                      | Event type (e.g., PageLoad, Click)                       |
| `client_ip`                                  | Partial IP only — generalized region, not exact location |
| `referer`                                    | Referring URL                                            |
| `vidis_processed`                            | Internal processing status flag                          |
| `created_at`                                 | Record creation timestamp                                |
| `source` / `medium` / `campaign` / `channel` | UTM and attribution parameters from the URL              |

***

## What the pixel does NOT collect

<Warning>
  The following data types are never collected by the Ad Pay Protection pixel under any circumstances:
</Warning>

* Names, email addresses, phone numbers, or any other personal identifiers
* Exact IP addresses or precise geolocation data
* Device or browser fingerprints used for cross-site tracking
* Third-party cookies or cross-site tracking data

***

## How data is handled

| Data type                         | How it's treated                                                                             |
| --------------------------------- | -------------------------------------------------------------------------------------------- |
| **Partial IP address**            | Only a generalized region is inferred — not the user's exact location or street address      |
| **User Agent**                    | Logs only browser type, operating system, and device category — not a full fingerprint       |
| **Anonymized unique identifiers** | Stored locally in the user's browser and never transmitted to Dash.fi servers                |
| **Data access**                   | Strict access controls are enforced — no individual user is tracked across multiple websites |

***

## Server infrastructure and security

Your data is stored and processed on a secure, enterprise-grade infrastructure:

* **Hosting**: Google Cloud Platform (GCP) — US-Central1 region (Oregon, USA)
* **Audit logs**: Immutable, blockchain-based audit trail
* **Data in transit**: Encrypted using industry-standard TLS
* **Data at rest**: Encrypted at the storage layer
* **Log integrity**: Tamper-proof — audit records cannot be altered after creation

***

## Compliance and certifications

Dash.fi Ad Pay Protection meets the requirements of major data protection frameworks:

<AccordionGroup>
  <Accordion title="GDPR and CCPA compliance">
    Ad Pay Protection is fully compliant with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). No PII is collected, and cookie-less tracking eliminates the need for cookie consent banners related to the pixel.
  </Accordion>

  <Accordion title="DPF Certification">
    Dash.fi holds Data Privacy Framework (DPF) certification, covering data transfers between the EU, UK, and United States.
  </Accordion>

  <Accordion title="Data Protection Officer and EU representation">
    A Data Protection Officer (DPO) has been appointed. EU representative and lead supervisory authority appointments are in place as required by GDPR.
  </Accordion>

  <Accordion title="Data subject rights (Access, Correction, Erasure, DSAR)">
    Procedures are in place to handle data subject access requests (DSARs) and to fulfill rights of access, correction, and erasure in accordance with GDPR and CCPA requirements.
  </Accordion>

  <Accordion title="Business Continuity and Disaster Recovery">
    Business Continuity and Disaster Recovery (BCDR) plans are documented and tested on an annual basis to ensure data availability and system resilience.
  </Accordion>
</AccordionGroup>

***

## How Ad Pay Protection helps your business

* **Detects invalid traffic (IVT) and ad fraud** — Identifies bot traffic, click farms, ad stacking, and other forms of fraud that inflate your ad costs without delivering real results.
* **Recovers overcharges** — Typical advertiser accounts show 5–30% in overcharges from platforms like Google and Meta. Ad Pay Protection identifies these discrepancies and submits refund claims on your behalf.
* **Self-service monitoring** — Track ad performance, fraud signals, and pending refund claims directly from your Dash.fi dashboard at [app.dash.fi](https://app.dash.fi).

<Note>
  For questions about data handling, privacy compliance, or to submit a data subject access request, contact [support@dash.fi](mailto:support@dash.fi).
</Note>
