Adblock Labs Privacy Policy

Last updated: 2026-05-24 - Effective: 2026-05-23 - Version: 2.5

1. Summary

We believe a privacy policy should start by being honest. In plain English:

We do not sell your personal information, and we never will. We do not share it with data brokers, ad networks, or analytics partners except where strictly necessary to operate the service you asked us to provide.
Our ad-blocker filters traffic locally on your device. No URL you visit, no domain you connect to, no page you load, and no content from any web page is ever transmitted from your computer to us. Filtering decisions stay on your machine.
You can stop sharing data with us at any time by uninstalling the application. Account and license data tied to a paid subscription can be deleted on request — see Your rights.
Questions or requests: email us at privacy@adblocklabs.com. We respond within 30 days.

The rest of this policy explains exactly what we collect, why, how long we keep it, and who else sees it.

2. Who we are

Adblock Labs, Inc. (referred to in this policy as "Adblock Labs," "we," "us," or "our") is the data controller for personal data collected through our software, our websites, and our customer-support channels.

Legal entity: Adblock Labs, Inc.
Privacy contact: privacy@adblocklabs.com
Postal contact for privacy requests: Attn: Privacy Officer, Adblock Labs, Inc., 2810 N Church St, Unit 28339, Wilmington, DE 19802, United States

If you have any questions about this policy or wish to exercise any of your rights, please contact us using the details above.

3. How we collect personal data

We collect personal data in the following ways:

Website. Our websites (including adblocklabs.com, any subdomains, and any marketing landing pages we operate). Browser-side JavaScript sends page-view and click events to our telemetry collector.
Installer. The Windows installer you download to set up Adblock for Windows. A native installer process records install milestones and system facts.
Desktop application. Adblock for Windows running on your PC. The application emits lifecycle, license, and update events.
Account and billing. Subscription checkout and the license-management portal. You provide name, email, and payment details (the payment details go directly to our payment processors).
Customer support. The in-app support form and support emails. You provide an email, subject, and message; the app attaches diagnostic context.
Uninstall feedback. The optional questionnaire shown when you uninstall. You may provide a reason and free-text comments. You can skip this step.

Each surface is described in detail in Section 4.

4. What data we process

We organize this section by surface (where the data is collected) rather than by data category, because the same kind of data (for example, a pseudonymous identifier) is collected in different contexts and we want you to be able to see exactly what each part of our software does.

4a. Our websites

When you visit our websites, browser-side JavaScript records page views and clicks and sends them to our telemetry service. Each event includes:

Page and browser context — the page you are on and basic information about your browser.
Marketing attribution — the campaign parameters present in the URL you arrived from, so we can measure which campaigns drive sign-ups.
A pseudonymous identifier that lets us count repeat visits without tying them to your name, email, or any contact detail.
Approximate geolocation derived from your IP address.

Website telemetry is forwarded to the analytics and advertising providers listed in Section 6.

4b. Installer (Windows)

When you run the Adblock for Windows installer, it sends a small telemetry payload to our service at each install milestone. The payload includes:

Per-device identifiers we generate to recognize the same install across reinstalls for license-enforcement purposes.
Marketing attribution — the campaign parameters present on the marketing link you clicked to reach our download page, so we can attribute conversions to campaigns. You can clear them by uninstalling.
System properties — basic information about your Windows version, hardware, language, time zone, and default browser, used to tailor the post-install experience and to diagnose installer failures.
Security-product detection — the names of any anti-virus products reported by Windows Security Center, so we can diagnose installer failures that correlate with specific anti-virus products.
Failure diagnostics (only sent on installer failure) — a structured error category and installer exit code.

Uninstaller feedback. When you uninstall, an optional feedback screen asks why you're leaving. If you skip the screen, nothing is sent. If you submit, your response is sent once to our uninstall-feedback service along with the standard identifiers and system properties above.

4c. Desktop application (Adblock for Windows)

While Adblock for Windows is running, it emits telemetry events to our service covering client lifecycle(when the application starts, runs, and exits), license events, machine activation events, update events, and engagement events (in-app notifications and prompts shown or clicked).

Each event carries a baseline context — your per-device identifiers and install date, application and OS version, the marketing-attribution values from your install, your current license and blocking status, and aggregate lifetime counters used as engagement metrics.

While running, the application also connects to Adblock Labs servers to:

Validate, activate, deactivate, list, and recover your license (see Section 4d).
Check for and download application updates.
Fetch in-app notification and splash-screen content for the engagement features described in this section.
Fetch the filter-list catalog and the bypass-list catalog.

The application also periodically downloads the filter-list bodies themselves — the actual rule content. These may be fetched directly from the upstream filter-list maintainer's published URL; those fetches reach the third party's server like any other HTTPS request from your computer, and those servers may record the request in their normal access logs.

If a TLS-inspection product on your network is blocking the application's normal network connections, the application may send a one-time diagnostic signal so we can identify the interfering product and help you troubleshoot. This signal carries the same baseline event context as our other telemetry and a short verdict identifying the suspected product.

4d. License activation and validation

To activate, validate, deactivate, recover, or manage a license, the application sends our license-management service your license key, the per-device identifier (fingerprint) we generated at install, a machine label so you can identify your activated devices, and the standard application context described in Section 4b.

4e. Account, subscription, and billing

When you subscribe to a paid plan, we collect your name, email address, and country (for tax-rate and currency purposes). Your payment details are collected directly by our payment processors (Stripe and Chargebee). We never receive your full credit-card number, CVV, or PIN. The most we ever see is your card brand and last four digits, plus your billing address.

Once your subscription is set up, we store an account record, your subscriptions and licenses, the devices you have activated, and the marketing-attribution values from Section 4b so we can measure conversion. No card or CVV data is stored in our application database.

Email leads. If you provide your email address through a non-checkout flow (for example, to receive a coupon code), we store the email, the source surface, your desktop pseudonymous identifier, and any coupon delivery status.

4f. Customer support

When you submit our in-app support form or email our support inbox, we receive your email address, the subject and message you typed, and a diagnostic context blob describing your application, license, and subscription state. We forward the ticket to HelpScout and store a copy of the conversation in our application database.

5. Cookies and similar technologies

We use a minimal set of cookies and similar storage technologies on our websites and within Adblock for Windows.

Our websites — first-party functional cookies and browser localStorage. Functional storage to support checkout (for example, remembering a promotional coupon code you applied) and a pseudonymous identifier so we can de-duplicate visits without tying them to your name or email. Lifetime: until you clear your browser storage.
Our websites — Google Analytics cookies (for example, _ga, _gid). Aggregate web analytics — page views, sessions, and traffic sources — for product and marketing measurement. Lifetime: up to 2 years.
Adblock for Windows — local application storage (browser-style localStorage in our in-app user interface; values written under Windows-managed application paths). Functional storage for application state and the per-device identifiers described in Section 4. Lifetime: until you uninstall.

6. Third parties we share data with

We share personal data with the following service providers ("sub-processors") solely to provide the services you have asked us for. Each provider is contractually bound — typically by a Data Processing Agreement ("DPA") — to use the data only as instructed by us and in compliance with applicable data-protection laws.

Infrastructure

Cloudflare, Inc. — Edge hosting, DNS, CDN, application database, object storage, and queues. All our application traffic transits Cloudflare.

Data shared: website and product network traffic, including IP addresses at the edge.
Primary location: United States (HQ); processed on Cloudflare's global edge network.
Privacy policy: cloudflare.com/privacypolicy

Licensing

Keygen LLC (keygen.sh) — License and machine-activation system of record.

Data shared: your email address, license keys, and the device fingerprint used to enforce the per-license device limit.
Primary location: United States.
Privacy policy: keygen.sh/privacy

Billing and payments

Chargebee Inc. — Subscription billing system of record (hosted checkout, subscription state, dunning, invoicing).

Data shared: personal information, payment data, and licensing data.
Primary location: United States (HQ); India (operations).
Privacy policy: chargebee.com/company/privacy-policy

Stripe, Inc. — Payment processor for the Pro checkout. Card data is entered directly into Stripe in your browser; we never see your card number, CVV, or expiry date.

Data shared: personal information and payment data.
Primary location: United States (HQ); EU, UK, and other regional subsidiaries.
Privacy policy: stripe.com/privacy

Customer support

HelpScout, Inc. — Customer-support ticketing.

Data shared: your customer-support conversations, including the diagnostic context the app attaches automatically (described in Section 4f) so we can answer your question without going back and forth.
Primary location: United States.
Privacy policy: helpscout.com/company/legal/privacy

Email

Postmark (ActiveCampaign, LLC) — Transactional email delivery (license keys, account-management links, email confirmations, welcome and reminder emails).

Data shared: the recipient and full contents of transactional emails we send you, including open- and link-click tracking on those emails.
Primary location: United States.
Privacy policy: postmarkapp.com/privacy-policy

Product analytics

Mixpanel, Inc. — Product analytics: funnel and retention analysis.

Data shared: product and website usage events (the telemetry described in Section 4, excluding card and contact data).
Primary location: United States.
Privacy policy: mixpanel.com/legal/privacy-policy

Web analytics

Google LLC (Google Analytics 4) — Aggregate website and product analytics.

Data shared: website and product usage events and approximate geolocation.
Primary location: United States; processes globally.
Privacy policy: policies.google.com/privacy

Advertising (server-side conversions)

Google LLC (Google Ads) — Server-side conversion reporting only — for advertising attribution, not for ad targeting.

Data shared: conversion events used for advertising attribution.
Primary location: United States; processes globally.
Privacy policy: policies.google.com/privacy

Meta Platforms, Inc. (Facebook Conversions API) — Server-side conversion reporting only — for advertising attribution, not for ad targeting.

Data shared: conversion events used for advertising attribution.
Primary location: United States; Ireland (EU users).
Privacy policy: facebook.com/privacy/policy

Microsoft Corporation (Bing / Microsoft Ads) — Server-side conversion reporting only — for advertising attribution, not for ad targeting.

Data shared: conversion events used for advertising attribution.
Primary location: United States.
Privacy policy: privacy.microsoft.com/privacystatement

Sub-processor changes

We will update this section within 30 days of adding or removing any sub-processor that processes personal data, and we will note the update in the "Last updated" header at the top of this Privacy Policy and in Section 15 (Changes to this Privacy Policy).

This sub-processor list was last reviewed on 2026-05-23.

A signed copy of our DPA with any individual sub-processor above, where one exists, can be requested by emailing privacy@adblocklabs.com. Field-level detail about exactly which technical fields are sent to each sub-processor is available on the same request.

What we never do

We do not sell your personal data.
We do not "share" your personal data for cross-context behavioral advertising (as that term is used in California's CCPA / CPRA).
We do not transmit your browsing history, the URLs of sites you visit, the contents of pages you view, or per-domain block counts.

7. Where we process your data

Our service runs on Cloudflare's global edge network. Personal data may therefore be processed in any country where Cloudflare operates a data center, including data centers in the United States and other jurisdictions outside of the European Economic Area and the United Kingdom.

For transfers of personal data from the EEA, the UK, or Switzerland to the United States and other third countries:

We rely on the Standard Contractual Clauses approved by the European Commission (Commission Implementing Decision (EU) 2021/914) and the UK International Data Transfer Addendum, where required.
Where a sub-processor is certified under an applicable adequacy mechanism (for example, the EU–US Data Privacy Framework), we rely on that mechanism in addition.
We do not transfer personal data to a country that the European Commission has determined lacks an adequate level of protection unless one of the foregoing safeguards is in place.

You may request a copy of our Standard Contractual Clauses by emailing privacy@adblocklabs.com.

8. Legal bases for processing (GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, the General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR") and the equivalent UK and Swiss laws require us to identify a legal basis for each processing activity. We process your personal data on the following bases under GDPR Article 6:

Providing you with the Adblock for Windows software, including license validation, machine activation, and update delivery — performance of a contract (Art. 6(1)(b)).
Creating and maintaining your account, processing your subscription, and delivering your license key — performance of a contract (Art. 6(1)(b)).
Detecting installer failures, diagnosing crashes, and improving software stability through aggregate technical telemetry — legitimate interest in maintaining a working product (Art. 6(1)(f)).
Measuring website and product usage to improve our product, run A/B tests, and decide what to build next — legitimate interest in improving our product (Art. 6(1)(f)).
Measuring marketing conversions and attribution (Google Ads, Bing Ads, Facebook CAPI) — legitimate interest in measuring the effectiveness of our advertising (Art. 6(1)(f)).
Sending you transactional email (license keys, account-management links, support replies) — performance of a contract (Art. 6(1)(b)).
Sending you optional promotional or product-update email — consent (Art. 6(1)(a)). You can withdraw consent at any time using the unsubscribe link.
Retaining accounting and tax records (invoices, payment confirmations) for the period required by law — legal obligation (Art. 6(1)(c)).
Preventing fraud, abuse, and security incidents (for example, rate-limiting license-recovery requests) — legitimate interest in the security of our service and our users (Art. 6(1)(f)).
Responding to lawful requests from public authorities — legal obligation (Art. 6(1)(c)).

You have the right to object to processing that we carry out on the basis of legitimate interest (see Section 10).

9. How long we keep your data

We retain personal data only for as long as we need it to provide our service to you, plus any additional period required by law (for example, tax and audit obligations on billing records).

Operational telemetry and product analytics — raw event archives, aggregated analytics, identity-map and conversion-log records, and the same events forwarded to our analytics sub-processors. Retention: up to 2 years. Google Analytics 4 retention separately follows Google's default (currently 14 months).
Account, subscription, and license records — your account, your subscriptions, your licenses, your activated devices, and the billing-system webhook events that back them. Retention: for the life of your account, plus up to 7 years thereafter to satisfy tax, accounting, and audit requirements.
Customer support, uninstall feedback, and email leads. Retention: up to 24 months after your last interaction.
Short-lived operational and security data — internal application error logs, API capture archives, email-confirmation tokens. Retention: between 7 and 30 days.
Vendor-controlled retention — Cloudflare edge access logs and payment-processor webhook archives. Retention: per the vendor's standard retention; not configured by us.

Aggregate, anonymized statistics that cannot be reasonably linked to any individual may be retained beyond these periods. More detailed per-record retention information is available on request via privacy@adblocklabs.com.

10. Your rights

Depending on where you live, you may have any or all of the following rights with respect to your personal data:

Right of access: to receive a copy of the personal data we hold about you and information about how we process it.
Right of rectification: to ask us to correct inaccurate or incomplete personal data.
Right to erasure ("right to be forgotten"): to ask us to delete your personal data when we no longer have a lawful reason to keep it.
Right to restriction of processing: to ask us to limit how we process your personal data.
Right to data portability: to receive your personal data in a structured, commonly used, machine-readable format and to ask us to transmit it to another controller.
Right to object: to object to processing we carry out on the basis of legitimate interest.
Right to withdraw consent: where we rely on your consent, you can withdraw it at any time without affecting the lawfulness of prior processing.
Right to lodge a complaint with a supervisory authority. EU/EEA residents can find their national supervisory authority on the European Data Protection Board's website. UK residents can complain to the Information Commissioner's Office.

To exercise any of these rights, email privacy@adblocklabs.com from the email address associated with your account (or, if you do not have an account, provide enough information for us to verify your identity). We respond to valid requests within 30 days. If we need an extension to complete a complex request, we will tell you.

If you are in Quebec, the right of "access" includes the right to be informed of the personal data we hold about you under Quebec Law 25 (the Act respecting the protection of personal information in the private sector). If you are in Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, or another US state with a comprehensive privacy law, your rights under that state's law are honored to the extent they apply.

11. Notice for California residents (CCPA / CPRA)

This section supplements the rest of this Privacy Policy and applies only to California residents.

Personal information we have collected in the past 12 months

In the categories defined by the California Consumer Privacy Act (Cal. Civ. Code §§ 1798.100 et seq., as amended by the California Privacy Rights Act), we have collected:

Identifiers — name, email address, pseudonymous per-user and per-device identifiers, license key, IP address at the edge, and the customer IDs assigned to you by our billing and licensing vendors.
Customer records (Cal. Civ. Code § 1798.80(e)) — name, billing country, and the payment-method metadata (card brand, last four digits, billing postal code) received from our payment processor.
Commercial information — subscription history, payment history (held by our billing vendor), license purchases.
Internet or other electronic network activity — telemetry events about your interaction with our website and our software (page views, clicks, app lifecycle, license events, update events).
Geolocation — approximate, IP-derived country and region; we do not collect precise GPS location.
Inferences — marketing-campaign attribution, A/B-test cohort, engagement bucket.

What we do with it

We use this information for the business purposes described in Sections 4, 8, and below: providing the service you have asked for, billing you, supporting you, securing our service, measuring our marketing, and improving our product.

Sale and "sharing" of personal information

We do not sell your personal information. We do not "share" your personal information for cross-context behavioral advertising in the sense defined by the CPRA. Our forwarding of conversion events to Google Ads, Bing Ads, and Facebook Conversions API is configured for our own conversion measurement and is conducted under contractual restrictions that prohibit those vendors from using your data to target you with advertising on behalf of any other party.

Sensitive personal information

We do not collect or process sensitive personal information as defined by the CPRA in the ordinary course of providing our service. We do not use any personal information for the purpose of inferring characteristics about you.

Your California rights

You have the right to:

Know what personal information we have collected about you, the categories of sources, the categories of third parties to whom it has been disclosed, the business purpose, and the specific pieces.
Delete the personal information we have collected from you (subject to statutory exceptions, e.g. records we are required to retain for tax purposes).
Correct inaccurate personal information.
Limit the use and disclosure of sensitive personal information (not applicable to our service today, since we do not collect SPI).
Opt out of sale or sharing for cross-context behavioral advertising (not applicable to our service today; see above).
Non-discrimination — we will not deny you our service, charge you a different price, or provide a different level of service for exercising your rights.

To exercise any of these rights, email privacy@adblocklabs.com. You may use an authorized agent; if you do, we will require proof of the agent's authority and may require you to verify your identity directly.

12. Children

Adblock for Windows is not directed to children. We do not knowingly collect personal information from anyone under the age of 16. If you are a parent or legal guardian and you believe your child has provided personal information to us, please email privacy@adblocklabs.com and we will delete the information promptly.

This minimum age is set to align with Article 8 of the EU GDPR's default consent threshold and applies globally; member-state-specific lower thresholds (where applicable) do not change this minimum for our service.

13. Security

We take reasonable and appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction.

Encryption in transit: All communications between your device, our service, and our sub-processors use TLS 1.2 or higher.
Encryption at rest: Personal data stored in our Cloudflare D1 database, Cloudflare R2 object storage, and Cloudflare KV is encrypted at rest using Cloudflare's standard encryption.
Access controls: Administrative access to our infrastructure is protected by Cloudflare Access with single sign-on and hardware-key second factor. Application code reviews and least-privilege access policies apply to engineering staff.
No end-user passwords: We do not operate an end-user password system. Account ownership is proven by possession of the email address (via one-time email links) and, for desktop activations, by possession of a license key plus a matching device fingerprint.
Logging: Operational logs in Cloudflare Workers Logs and our error database retain a redacted subset of request metadata for 30 days; sensitive header values (Authorization, Cookie, X-Api-Key) are redacted. Database row contents may appear in these logs and are subject to the access controls above.
Vendor diligence: Our sub-processors are major commercial vendors that maintain SOC 2 Type II reports and equivalent attestations. We review these reports periodically.

No system can be made perfectly secure. If you have reason to believe your account is compromised, please contact privacy@adblocklabs.com immediately.

14. Data breach notification

In the event of a personal-data breach that is likely to result in a risk to the rights and freedoms of natural persons, we will:

Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33.
Notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms (GDPR Art. 34), or where required by applicable state breach-notification laws in the United States.

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our service, in our service providers, or in applicable law. When we make changes, we will:

Update the "Last updated" date at the top of this page.
For material changes (for example, a new category of personal data we collect, a new sub-processor receiving sensitive personal data, or a change that reduces your rights), we will notify you in advance via email to the address associated with your account, and / or via an in-app notice, before the change takes effect.

The current version of this policy is always available at https://adblocklabs.com/privacy.

16. Contact

For privacy-related questions, requests, or complaints:

Email: privacy@adblocklabs.com
Post: Attn: Privacy Officer, Adblock Labs, Inc., 2810 N Church St, Unit 28339, Wilmington, DE 19802, United States

For all other questions:

Visit https://adblocklabs.com/contact or use the in-app Help form.