Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Anura is a US-based ad fraud detection and traffic quality platform that analyses website visitor traffic in real time to identify bots, scrapers, and invalid traffic sources. It uses JavaScript tags and IP analysis to assess traffic quality. While fraud detection may rely on legitimate interest under GDPR, the ePrivacy Directive still requires consent for any cookies or device-level tracking. Data is processed in the US via Standard Contractual Clauses.
Anura is an ad fraud detection and traffic quality platform that analyses website visitor traffic in real time to distinguish genuine human visitors from bots, scrapers, click farms, and other invalid traffic sources. It is used by advertisers, publishers, and affiliate marketers to protect advertising spend and ensure that campaigns reach real audiences. Anura''s JavaScript tag runs on every page load and performs real-time analysis of device and behavioural signals to generate a traffic quality score.
Anura collects IP addresses, browser type and version, operating system, device characteristics, screen resolution, JavaScript execution environment properties, network routing data, and behavioural signals such as mouse movement patterns and click timing. This data is analysed against Anura''s fraud database to produce a real-time traffic quality score for each visitor session.
Similar to Sift, Anura''s fraud detection can rely on legitimate interest under GDPR Recital 47 for the processing itself. However, the ePrivacy Directive requires consent for any cookies or device storage access. A documented balancing test must demonstrate that the fraud prevention interest overrides individual privacy interests. The balancing test is generally favourable given that invalid traffic detection benefits the individual user (by protecting them from ad fraud ecosystems) as well as the operator.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
For any cookies Anura sets, ePrivacy consent is required. For the device fingerprinting and IP analysis that does not rely on cookies, legitimate interest with a documented balancing test may suffice. Users must be informed of Anura''s fraud detection processing in the privacy policy with a right to object, even if consent is not required for the non-cookie processing.
Anura is a US company. Standard Contractual Clauses apply. Sign a DPA with Anura and document the US transfer in your RoPA.
Obtain ePrivacy consent before loading the Anura tag if it sets cookies. Document your legitimate interest balancing test for IP and device analysis. Disclose Anura in your privacy policy with the right to object. Sign a DPA with Anura. Document the US transfer in your RoPA.
Websites using Anura must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is advisable when Anura processes large volumes of European visitor data for automated traffic quality scoring that may result in individual users being flagged or blocked. The automated nature of fraud classification and its potential effect on users warrants formal assessment.
Sample consent text
We use Anura to protect our website from fraudulent traffic and bots. Anura analyses visitor behaviour and device information to assess traffic quality. This processing is based on our legitimate interest in maintaining website integrity. Data may be transferred to the United States. You may object to this processing by contacting us.
Third-party domains contacted
anura.ioscript.anura.ioapi.anura.ioCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| anura_s | session | Session | Session identifier used for invalid traffic scoring when JavaScript tag integration is used |
Anura places tracking cookies for advertising — comply with GDPR using FlowConsent.
Anura collects IP addresses, browser and device characteristics, request headers, referrer URLs, and behavioural signals to generate invalid traffic fraud scores. It may also set client-side cookies depending on the integration method. The primary data points are technical traffic signals rather than identifiable personal data, giving Anura a relatively low privacy risk profile.
It depends on the implementation. If Anura is integrated server-side without setting cookies, consent is not required as legitimate interest covers the fraud detection processing. If the JavaScript tag sets client-side cookies, ePrivacy consent is required before the script loads for those cookies. Anura should always be disclosed in your privacy policy regardless of implementation method.
Legitimate interest under Article 6(1)(f) GDPR is the appropriate basis for IVT and fraud detection processing. GDPR Recital 47 specifically acknowledges fraud prevention as a legitimate interest. A documented balancing test is required, demonstrating that the interest in protecting advertising quality and detecting bot traffic outweighs the privacy impact on individual users being scored.
Yes. Anura is a US company and processes traffic analysis data on US infrastructure. Standard Contractual Clauses apply as the transfer mechanism. The data transferred is primarily technical signals (IP, device characteristics) rather than rich personal profiles, which reduces the privacy risk of the transfer relative to other US-based processors.
Generally not for standard IVT detection. A DPIA becomes advisable if Anura's fraud scores are used to make automated decisions that significantly affect individual users, such as blocking access to a service or content based on a bot score, which would trigger Article 22 GDPR considerations.
Document your legitimate interest balancing test. If using the JavaScript tag, obtain ePrivacy consent before loading the script. For server-side integration without cookies, no consent banner is needed for Anura specifically. Update your privacy policy to disclose Anura as a traffic quality processor and describe the legitimate interest basis. Sign a DPA with Anura. Document the US transfer in your RoPA.
Pixalate offers EU data residency options for invalid traffic detection. DoubleVerify and Integral Ad Science both have EU data processing configurations. For advertisers using Google, Google's built-in IVT filtering operates through Google's EU infrastructure options. Self-hosted IP reputation databases combined with custom bot detection rules can also be deployed on EU infrastructure for full data sovereignty.
Add a section on traffic quality and fraud prevention. State that Anura is used to detect and filter invalid traffic and ad fraud, describe the technical signals collected (IP, device characteristics), identify legitimate interest as the legal basis, reference the documented balancing test, disclose the US transfer and SCC safeguard, and provide the right to object to this legitimate interest processing.