AdManage.ai Security Policy

Last Updated: September 2025

1. Security Overview

At AdManage.ai, security is paramount. We implement industry-leading security measures to protect your data, advertising accounts, and campaigns across Meta (Facebook & Instagram) and TikTok platforms. This policy outlines our comprehensive security framework and your role in maintaining account security.

2. Data Protection & Encryption

🔐 End-to-End Encryption

All data transmitted between your browser and our servers uses TLS 1.3 encryption
API communications with Meta and TikTok platforms use OAuth 2.0 secure protocols
All authentication tokens and API keys are encrypted using AES-256 encryption
Sensitive data is encrypted at rest using AES-256 encryption
All URLs must use HTTPS protocol for secure communication

Data Storage & Infrastructure

Your advertising data is securely stored and managed using:

PlanetScale: Serverless MySQL database platform with automatic backups and encryption
Railway: Secure cloud hosting platform for our application servers
End-to-end encryption for all data in transit and at rest
Automated backup systems with point-in-time recovery
Geographic redundancy and high availability
Regular security updates and patches

3. Advertising Platform Security

📘 Meta (Facebook & Instagram) Integration

✓OAuth 2.0 authentication - we never store your Meta passwords
✓Limited scope permissions - only access what's needed for ad management
✓Automatic token refresh with encrypted token storage
✓Compliance with Meta's Platform Terms and Data Use Policy
✓Real-time monitoring of API access and usage

🎵 TikTok Ads Manager Integration

✓TikTok Marketing API secure authentication
✓Granular permission controls for ad account access
✓Encrypted storage of TikTok Business Center credentials
✓Compliance with TikTok Ads API Terms of Service
✓Audit logs for all campaign creation and modification activities

4. Access Control & Authentication

Passwordless Authentication

Google OAuth 2.0 single sign-on (SSO)
Magic link authentication via email
No password storage - enhanced security
Session timeout after inactivity
Secure token-based authentication

Team Access Management

Role-based access control (RBAC)
Granular permissions for team members
Activity logs and audit trails
Immediate access revocation capability

5. Campaign & Ad Security

Secure Ad Launch Process

URL Validation: All destination URLs must use HTTPS protocol
Content Scanning: Automatic scanning for malicious content or prohibited materials
Approval Workflow: Multi-step approval process for campaign launches
Budget Controls: Spending limits and alerts to prevent unauthorized spending
Creative Protection: Secure storage and delivery of ad creatives

⚠️ Security Requirements for Ads

All landing pages must use HTTPS (not HTTP)
No links to known phishing or malware sites
Compliance with platform policies (Meta & TikTok)
Regular security scans of linked domains

6. Compliance & Certifications

Data Privacy Compliance

GDPR compliant (European Union)
Regular privacy impact assessments

Security Standards

Industry best practices for web application security
OWASP Top 10 security guidelines
Regular security assessments and code reviews
Secure development lifecycle (SDLC) practices
Dependency vulnerability scanning

7. Business Disaster Recovery Plan

🚀 24-Hour Recovery Guarantee

AdManage.ai maintains a comprehensive disaster recovery plan ensuring full service restoration within 24 hours or less for any incident, including:

Complete system failures
Data center outages
Cyber security incidents
Natural disasters
Platform-wide service disruptions

📦 Backup Strategy

Real-time replication: Continuous data sync
12 hour snapshots: Point-in-time recovery
Daily backups: Full database exports
Geographic redundancy: Multi-region storage
30-day retention: Historical data recovery

🔄 Recovery Infrastructure

PlanetScale: Automated failover & backups
Railway: Multi-region deployment ready
CDN assets: Globally distributed
API redundancy: Load-balanced servers
Code repository: Version-controlled recovery

⏱️ Recovery Time Objectives (RTO)

Critical Services (Auth, API):< 2 hours

Ad Campaign Management:< 4 hours

Analytics & Reporting:< 8 hours

Full Platform Restoration:< 24 hours

📋 Disaster Recovery Procedures

Immediate Response (0-60 min):
- Incident detection and alert team activation
- Initial assessment and severity classification
- Activate disaster recovery team
Data Recovery (1-4 hours):
- Restore from most recent backup
- Verify data integrity and consistency
- Synchronize with Meta and TikTok platforms
Full Restoration (4-24 hours):
- Complete system functionality verification
- Performance optimization and monitoring
- Post-incident review and documentation

🛡️ Data Protection Guarantees

✓Zero Data Loss: Maximum 1 hour of data at risk (RPO)
✓Campaign Continuity: Active campaigns continue running
✓Budget Protection: No unauthorized spending during recovery
✓API Connectivity: Meta & TikTok connections maintained

📞 Communication During Disasters

Status Page: status.admanage.ai for real-time updates
Support: Available Monday-Friday during UK business hours
Account Managers: Direct contact for enterprise clients

✅ Testing & Validation

Our disaster recovery plan undergoes:

Annual compliance check and validation

8. Business Continuity Plan

🎯 Continuity Objectives

Our Business Continuity Plan ensures AdManage.ai maintains critical operations during any disruption:

Maintain 99.9% uptime for ad campaign operations
Zero interruption to active advertising campaigns
Continuous access to campaign analytics and reporting
Uninterrupted API connectivity with Meta and TikTok
Customer support availability (Monday-Friday, UK business hours)

💼 Business Functions Priority

Critical: Ad serving & campaign management
Critical: Payment processing & billing
High: Customer authentication & access
High: Real-time analytics & reporting
Medium: New campaign creation
Low: Historical data exports

👥 Team Continuity

Remote work capability for all staff
Cross-trained backup personnel
On-call rotation schedule during business hours
Documented escalation procedures
Emergency contact database
Virtual collaboration tools ready

🔄 Operational Redundancy

Infrastructure Redundancy

Multi-region deployment across 3+ zones
Automatic failover between regions
Load balancing across multiple servers
Redundant API endpoints
Multiple CDN providers

Data Redundancy

Real-time database replication
Geographically distributed backups
Point-in-time recovery capability
Offline backup archives
Encrypted backup storage

📊 Continuity Scenarios & Response

Scenario 1: Partial Service Outage

Automatic traffic rerouting to healthy servers
Graceful degradation of non-critical features
Priority queue for critical operations

Scenario 2: Complete Data Center Failure

Immediate failover to secondary region
DNS update for traffic redirection
Full service restoration within 2 hours

Scenario 3: Third-Party API Outage

Cached data serving for read operations
Queue write operations for later sync
Alternative API endpoints activation

Scenario 4: Cyber Security Incident

Immediate isolation of affected systems
Activate clean backup infrastructure
Forensic analysis in parallel

🚨 Crisis Management Activation

Activation Triggers:

Service downtime exceeding 1 hour
Data breach or security incident
Natural disaster affecting operations
Critical vendor/partner failure

📋 Continuity Testing Schedule

📅Annually: Comprehensive compliance check and validation

✅ Supplier & Vendor Continuity

•PlanetScale: 99.99% uptime SLA with automatic failover
•Railway: Multi-region deployment with instant scaling
•Meta/TikTok APIs: Fallback mechanisms and cached operations
•Payment Processors: Multiple provider redundancy

9. Security Incident Response

Incident Response Protocol

Detection: Continuous monitoring for security threats and anomalies
Assessment: Immediate evaluation of incident severity and scope
Containment: Swift action to prevent further damage or data exposure
Notification: Affected users notified within 72 hours as required by law
Recovery: Restoration of services and data integrity
Review: Post-incident analysis and security improvements

10. Change Management & Deployment Security

🔄 Three-Environment Architecture

All changes to AdManage.ai follow a strict deployment pipeline through isolated environments:

1. Testing Environment

Isolated development and QA testing
Automated unit and integration tests
Security vulnerability scanning
Performance benchmarking

2. Staging Environment

Production-mirror configuration
User acceptance testing (UAT)
Final security validation
Load and stress testing

3. Production Environment

Live customer-facing platform
Blue-green deployment strategy
Instant rollback capability
Real-time monitoring and alerts

✅ Change Control Process

Automated Testing: Must pass all test suites (unit, integration, E2E)

🛡️ Security Controls

Code signing and integrity verification
Secrets management via environment variables
Audit logging for all deployments
Automated rollback on failure

11. Your Security Responsibilities

To maintain the security of your AdManage.ai account and advertising campaigns:

•Keep your Google account secure if using Google sign-in
•Protect your email account used for magic link authentication
•Keep your connected ad accounts secure on Meta and TikTok
•Use only HTTPS URLs for all landing pages and tracking links
•Regularly review account activity and report suspicious behavior
•Protect your API keys and tokens - never share them publicly
•Keep your browser and devices updated with latest security patches

12. Advanced Security Features

🛡️ Active Protection

Real-time threat detection
DDoS protection
Web Application Firewall (WAF)
Rate limiting and API throttling
Suspicious activity alerts

📊 Monitoring & Logging

Comprehensive audit logs
Login history tracking
API usage monitoring
Campaign modification logs
Spending alerts and limits

13. Security Contact

For security concerns, vulnerability reports, or questions about our security practices:

Security Team Email: security@admanage.ai

General Support: support@admanage.ai

Priority Support: Available Monday-Friday, UK business hours for Enterprise customers

Responsible Disclosure: We appreciate security researchers who responsibly disclose vulnerabilities. Please email security@admanage.ai with details.

14. Policy Updates

This Security Policy may be updated periodically to reflect changes in our security practices, technology updates, or regulatory requirements. We will notify users of significant changes via email or platform notifications.

Last reviewed: September 2025
Version: 1.0

Admanage.ai

AdManage.ai Security Policy

Last Updated: September 2025

1. Security Overview

2. Data Protection & Encryption

🔐 End-to-End Encryption

All data transmitted between your browser and our servers uses TLS 1.3 encryption
API communications with Meta and TikTok platforms use OAuth 2.0 secure protocols
All authentication tokens and API keys are encrypted using AES-256 encryption
Sensitive data is encrypted at rest using AES-256 encryption
All URLs must use HTTPS protocol for secure communication

Data Storage & Infrastructure

Your advertising data is securely stored and managed using:

PlanetScale: Serverless MySQL database platform with automatic backups and encryption
Railway: Secure cloud hosting platform for our application servers
End-to-end encryption for all data in transit and at rest
Automated backup systems with point-in-time recovery
Geographic redundancy and high availability
Regular security updates and patches

3. Advertising Platform Security

📘 Meta (Facebook & Instagram) Integration

✓OAuth 2.0 authentication - we never store your Meta passwords
✓Limited scope permissions - only access what's needed for ad management
✓Automatic token refresh with encrypted token storage
✓Compliance with Meta's Platform Terms and Data Use Policy
✓Real-time monitoring of API access and usage

🎵 TikTok Ads Manager Integration

✓TikTok Marketing API secure authentication
✓Granular permission controls for ad account access
✓Encrypted storage of TikTok Business Center credentials
✓Compliance with TikTok Ads API Terms of Service
✓Audit logs for all campaign creation and modification activities

4. Access Control & Authentication

Passwordless Authentication

Google OAuth 2.0 single sign-on (SSO)
Magic link authentication via email
No password storage - enhanced security
Session timeout after inactivity
Secure token-based authentication

Team Access Management

Role-based access control (RBAC)
Granular permissions for team members
Activity logs and audit trails
Immediate access revocation capability

5. Campaign & Ad Security

Secure Ad Launch Process

URL Validation: All destination URLs must use HTTPS protocol
Content Scanning: Automatic scanning for malicious content or prohibited materials
Approval Workflow: Multi-step approval process for campaign launches
Budget Controls: Spending limits and alerts to prevent unauthorized spending
Creative Protection: Secure storage and delivery of ad creatives

⚠️ Security Requirements for Ads

All landing pages must use HTTPS (not HTTP)
No links to known phishing or malware sites
Compliance with platform policies (Meta & TikTok)
Regular security scans of linked domains

6. Compliance & Certifications

Data Privacy Compliance

GDPR compliant (European Union)
Regular privacy impact assessments

Security Standards

Industry best practices for web application security
OWASP Top 10 security guidelines
Regular security assessments and code reviews
Secure development lifecycle (SDLC) practices
Dependency vulnerability scanning

7. Business Disaster Recovery Plan

🚀 24-Hour Recovery Guarantee

AdManage.ai maintains a comprehensive disaster recovery plan ensuring full service restoration within 24 hours or less for any incident, including:

Complete system failures
Data center outages
Cyber security incidents
Natural disasters
Platform-wide service disruptions

📦 Backup Strategy

Real-time replication: Continuous data sync
12 hour snapshots: Point-in-time recovery
Daily backups: Full database exports
Geographic redundancy: Multi-region storage
30-day retention: Historical data recovery

🔄 Recovery Infrastructure

PlanetScale: Automated failover & backups
Railway: Multi-region deployment ready
CDN assets: Globally distributed
API redundancy: Load-balanced servers
Code repository: Version-controlled recovery

⏱️ Recovery Time Objectives (RTO)

Critical Services (Auth, API):< 2 hours

Ad Campaign Management:< 4 hours

Analytics & Reporting:< 8 hours

Full Platform Restoration:< 24 hours

📋 Disaster Recovery Procedures

Immediate Response (0-60 min):
- Incident detection and alert team activation
- Initial assessment and severity classification
- Activate disaster recovery team
Data Recovery (1-4 hours):
- Restore from most recent backup
- Verify data integrity and consistency
- Synchronize with Meta and TikTok platforms
Full Restoration (4-24 hours):
- Complete system functionality verification
- Performance optimization and monitoring
- Post-incident review and documentation

🛡️ Data Protection Guarantees

✓Zero Data Loss: Maximum 1 hour of data at risk (RPO)
✓Campaign Continuity: Active campaigns continue running
✓Budget Protection: No unauthorized spending during recovery
✓API Connectivity: Meta & TikTok connections maintained

📞 Communication During Disasters

Status Page: status.admanage.ai for real-time updates
Support: Available Monday-Friday during UK business hours
Account Managers: Direct contact for enterprise clients

✅ Testing & Validation

Our disaster recovery plan undergoes:

Annual compliance check and validation

8. Business Continuity Plan

🎯 Continuity Objectives

Our Business Continuity Plan ensures AdManage.ai maintains critical operations during any disruption:

Maintain 99.9% uptime for ad campaign operations
Zero interruption to active advertising campaigns
Continuous access to campaign analytics and reporting
Uninterrupted API connectivity with Meta and TikTok
Customer support availability (Monday-Friday, UK business hours)

💼 Business Functions Priority

Critical: Ad serving & campaign management
Critical: Payment processing & billing
High: Customer authentication & access
High: Real-time analytics & reporting
Medium: New campaign creation
Low: Historical data exports

👥 Team Continuity

Remote work capability for all staff
Cross-trained backup personnel
On-call rotation schedule during business hours
Documented escalation procedures
Emergency contact database
Virtual collaboration tools ready

🔄 Operational Redundancy

Infrastructure Redundancy

Multi-region deployment across 3+ zones
Automatic failover between regions
Load balancing across multiple servers
Redundant API endpoints
Multiple CDN providers

Data Redundancy

Real-time database replication
Geographically distributed backups
Point-in-time recovery capability
Offline backup archives
Encrypted backup storage

📊 Continuity Scenarios & Response

Scenario 1: Partial Service Outage

Automatic traffic rerouting to healthy servers
Graceful degradation of non-critical features
Priority queue for critical operations

Scenario 2: Complete Data Center Failure

Immediate failover to secondary region
DNS update for traffic redirection
Full service restoration within 2 hours

Scenario 3: Third-Party API Outage

Cached data serving for read operations
Queue write operations for later sync
Alternative API endpoints activation

Scenario 4: Cyber Security Incident

Immediate isolation of affected systems
Activate clean backup infrastructure
Forensic analysis in parallel

🚨 Crisis Management Activation

Activation Triggers:

Service downtime exceeding 1 hour
Data breach or security incident
Natural disaster affecting operations
Critical vendor/partner failure

📋 Continuity Testing Schedule

📅Annually: Comprehensive compliance check and validation

✅ Supplier & Vendor Continuity

•PlanetScale: 99.99% uptime SLA with automatic failover
•Railway: Multi-region deployment with instant scaling
•Meta/TikTok APIs: Fallback mechanisms and cached operations
•Payment Processors: Multiple provider redundancy

9. Security Incident Response

Incident Response Protocol

Detection: Continuous monitoring for security threats and anomalies
Assessment: Immediate evaluation of incident severity and scope
Containment: Swift action to prevent further damage or data exposure
Notification: Affected users notified within 72 hours as required by law
Recovery: Restoration of services and data integrity
Review: Post-incident analysis and security improvements

10. Change Management & Deployment Security

🔄 Three-Environment Architecture

All changes to AdManage.ai follow a strict deployment pipeline through isolated environments:

1. Testing Environment

Isolated development and QA testing
Automated unit and integration tests
Security vulnerability scanning
Performance benchmarking

2. Staging Environment

Production-mirror configuration
User acceptance testing (UAT)
Final security validation
Load and stress testing

3. Production Environment

Live customer-facing platform
Blue-green deployment strategy
Instant rollback capability
Real-time monitoring and alerts

✅ Change Control Process

Automated Testing: Must pass all test suites (unit, integration, E2E)

🛡️ Security Controls

Code signing and integrity verification
Secrets management via environment variables
Audit logging for all deployments
Automated rollback on failure

11. Your Security Responsibilities

To maintain the security of your AdManage.ai account and advertising campaigns:

•Keep your Google account secure if using Google sign-in
•Protect your email account used for magic link authentication
•Keep your connected ad accounts secure on Meta and TikTok
•Use only HTTPS URLs for all landing pages and tracking links
•Regularly review account activity and report suspicious behavior
•Protect your API keys and tokens - never share them publicly
•Keep your browser and devices updated with latest security patches

12. Advanced Security Features

🛡️ Active Protection

Real-time threat detection
DDoS protection
Web Application Firewall (WAF)
Rate limiting and API throttling
Suspicious activity alerts

📊 Monitoring & Logging

Comprehensive audit logs
Login history tracking
API usage monitoring
Campaign modification logs
Spending alerts and limits

13. Security Contact

For security concerns, vulnerability reports, or questions about our security practices:

Security Team Email: security@admanage.ai

General Support: support@admanage.ai

Priority Support: Available Monday-Friday, UK business hours for Enterprise customers

Responsible Disclosure: We appreciate security researchers who responsibly disclose vulnerabilities. Please email security@admanage.ai with details.

14. Policy Updates

Last reviewed: September 2025
Version: 1.0

AdManage.ai Security Policy

1. Security Overview

2. Data Protection & Encryption

🔐 End-to-End Encryption

Data Storage & Infrastructure

3. Advertising Platform Security

📘 Meta (Facebook & Instagram) Integration

🎵 TikTok Ads Manager Integration

4. Access Control & Authentication

Passwordless Authentication

Team Access Management

5. Campaign & Ad Security

Secure Ad Launch Process

⚠️ Security Requirements for Ads

6. Compliance & Certifications

Data Privacy Compliance

Security Standards

7. Business Disaster Recovery Plan

🚀 24-Hour Recovery Guarantee

📦 Backup Strategy

🔄 Recovery Infrastructure

⏱️ Recovery Time Objectives (RTO)

📋 Disaster Recovery Procedures

🛡️ Data Protection Guarantees

📞 Communication During Disasters

✅ Testing & Validation

8. Business Continuity Plan

🎯 Continuity Objectives

💼 Business Functions Priority

👥 Team Continuity

🔄 Operational Redundancy

Infrastructure Redundancy

Data Redundancy

📊 Continuity Scenarios & Response

🚨 Crisis Management Activation

📋 Continuity Testing Schedule

✅ Supplier & Vendor Continuity

9. Security Incident Response

Incident Response Protocol

10. Change Management & Deployment Security

🔄 Three-Environment Architecture

1. Testing Environment

2. Staging Environment

3. Production Environment

✅ Change Control Process

🛡️ Security Controls

11. Your Security Responsibilities

12. Advanced Security Features

🛡️ Active Protection

📊 Monitoring & Logging

13. Security Contact

14. Policy Updates

Product

Tools

Resources

Company

AdManage.ai Security Policy

1. Security Overview

2. Data Protection & Encryption

🔐 End-to-End Encryption

Data Storage & Infrastructure

3. Advertising Platform Security

📘 Meta (Facebook & Instagram) Integration

🎵 TikTok Ads Manager Integration

4. Access Control & Authentication

Passwordless Authentication

Team Access Management

5. Campaign & Ad Security

Secure Ad Launch Process

⚠️ Security Requirements for Ads

6. Compliance & Certifications

Data Privacy Compliance

Security Standards

7. Business Disaster Recovery Plan

🚀 24-Hour Recovery Guarantee

📦 Backup Strategy

🔄 Recovery Infrastructure

⏱️ Recovery Time Objectives (RTO)

📋 Disaster Recovery Procedures

🛡️ Data Protection Guarantees