Security
Last updated: November 2, 2025 | Effective: November 2, 2025
The short version: We take security seriously because getting hacked would suck for everyone.
How We Protect Your Data
OAuth Authentication
All connections to advertising platforms (Google Ads, Meta, etc.) use OAuth. That means we never see your passwords. Your credentials stay with the platforms where they belong.
Encryption
Data in transit is encrypted with TLS. Data at rest is encrypted in our database. Sensitive tokens are encrypted with industry-standard encryption algorithms.
Access Controls
Your advertising data is isolated per organization. The native agency-brand permission model means people only see what they're supposed to see. No accidental data leaks between clients.
Infrastructure
We run on Vercel and Supabase, both of which have their own security certifications and compliance. We're not trying to reinvent infrastructure security from scratch.
What You Can Do
- Use a strong, unique password for your account
- Don't share your login credentials
- Revoke access from your ad platforms directly if you're no longer using the service
- Review which agencies/brands have access to your data periodically
- Contact us immediately if you notice anything suspicious
Reporting Security Issues
If you find a security vulnerability, please let us know. We'll take it seriously and fix it promptly. Don't publicly disclose it until we've had a chance to address it.
Data Breaches
In the unlikely event of a data breach, we'll notify affected users immediately and explain exactly what happened, what was exposed, and what we're doing about it. No corporate PR spin, just straight talk.
Regular Updates
We keep our dependencies updated, monitor for security advisories, and patch vulnerabilities promptly. Security isn't a one-time thing. It's an ongoing process.
Questions about security? Feel free to ask. We're happy to explain our security practices in more detail.