Legal

Privacy Policy

Last updated: April 30, 2026

DeadClick ("we," "us," or "our") operates the DeadClick behavioral intelligence platform. This Privacy Policy explains how we collect, use, and protect information when you use our service.

1. Information we collect

When our pixel script is installed on a website, we collect the following behavioral signals on behalf of our customers (website operators):

Click events — including position, element type, and whether the click was on an interactive element
Dead clicks — clicks on non-interactive page elements
Rage clicks — rapid repeated clicks indicating user frustration
Scroll depth milestones (25%, 50%, 75%, 100%)
Page view events including URL, referrer, and UTM parameters
Session identifiers (anonymous, non-persistent across sessions by default)
IP address (used for company/geo enrichment only, not stored in raw form)
Device metadata: screen size, browser type, operating system, connection type
Behavioral biometrics: session timing and interaction cadence

We do not collect names, email addresses, passwords, payment information, or any other personally identifiable information through the pixel.

2. How we use this information

The behavioral data collected via the DeadClick pixel is used to:

Provide our customers with behavioral analytics dashboards and reports
Identify companies visiting a website using IP-to-company enrichment (via ip-api.com)
Detect UX friction patterns such as dead clicks and rage clicks
Generate heatmaps and session timelines for website operators
Improve the accuracy and performance of our detection algorithms

3. Data retention

Event data is retained for the duration defined by your plan (7 days on Starter, 90 days on Pro, up to 2 years on Scale). After this period, data is permanently deleted from our systems. You may request earlier deletion at any time by contacting us.

4. Third-party services

We use the following third-party services to operate DeadClick:

Supabase — database infrastructure for event storage
Vercel — hosting and edge network delivery
ip-api.com — IP-to-company and geolocation enrichment
Stripe — payment processing (we do not store card data)

These providers have their own privacy policies and we encourage you to review them.

5. GDPR and CCPA compliance

DeadClick is designed to be privacy-first. IP addresses used for company enrichment are not stored in their raw form. No persistent cross-site tracking cookies are set. Website operators are responsible for obtaining appropriate consent from their end-users in jurisdictions that require it (including the EU under GDPR and California under CCPA).

If you are a resident of the EU or California and wish to exercise your data rights (access, deletion, portability, or opt-out), please contact us at privacy@deadclick.io.

6. Cookies

DeadClick uses a single session-scoped cookie (dc_sid) to associate events within a single browsing session. This cookie expires when the browser session ends. We do not use persistent tracking cookies or third-party advertising cookies.

7. Security

All data transmitted between your visitors' browsers and our servers is encrypted via TLS. Data at rest is encrypted in our Supabase database. Access to raw event data is restricted to authenticated users with permission in your DeadClick organization.

8. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email to account holders or via a notice on this page. Continued use of DeadClick after changes constitutes acceptance of the revised policy.

9. Contact

Questions about this policy? Contact us at privacy@deadclick.io.