Last Updated: January 2026 | Version 2.0
At AdManage.ai, security is paramount. We implement industry-leading security measures to protect your data, advertising accounts, and campaigns across Meta (Facebook & Instagram), TikTok, and Google Ads platforms. This policy outlines our comprehensive security framework and your role in maintaining account security.
Your advertising data is securely stored and managed using:
AdManage.ai maintains a formal Information Security Policy that governs all aspects of information security across the organisation.
AdManage.ai operates as a remote-first company with no physical data centres or offices housing customer data.
The following sub-processors are authorised to process data on behalf of customers:
This Data Processing Agreement ("DPA") forms part of the agreement between AdManage.ai ("Processor") and the customer ("Controller") for the provision of advertising management services.
The Controller provides general authorisation for the Processor to engage sub-processors as listed in Section 8 (Third-Party/Vendor Management).
The Processor shall inform the Controller of any intended changes to sub-processors, providing the Controller an opportunity to object.
Where Personal Data is transferred outside the EEA, the Processor ensures appropriate safeguards are in place, including:
The Processor implements the technical and organisational measures detailed in this Security Policy, including:
The Processor shall assist the Controller in fulfilling obligations to respond to data subject requests for:
The Controller has the right to audit the Processor's compliance with this DPA. Audits may be conducted:
Each party's liability under this DPA is subject to the limitations set forth in the main service agreement. The Processor shall be liable for damages caused by processing that infringes GDPR or this DPA.
By using AdManage.ai services, the Controller agrees to this DPA. For a signed copy or custom DPA requirements, contact [email protected].
AdManage.ai acts strictly as a Data Processor under GDPR and equivalent data protection regulations.
AdManage.ai does not process individual personal data of your ad viewers or audience members.
Processing we perform on your business data (creative assets and campaign configuration):
Vision AI analyzes your creative content (videos/images) for categorisation and naming standardisation. This helps organise your assets with consistent naming conventions.
Aggregation and calculation of ad performance metrics (CTR, CPC, ROAS, etc.) from pre-aggregated platform data for your reporting dashboards.
Video and image processing (format conversion, thumbnail generation, dimension optimisation) to ensure platform compliance and optimal delivery.
Rule-based automation for budget adjustments and status changes based on performance thresholds you configure.
All processing is performed solely to deliver our ad management services to you and is not used for any independent purposes.
AdManage.ai uses third-party AI services to enhance our platform capabilities:
For data protection enquiries, please contact our Data Protection Officer at: [email protected]
In the event of a personal data breach, AdManage.ai will notify affected customers within 72 hours of becoming aware of the breach, as required by GDPR Article 33.
AdManage.ai maintains an anti-bribery and anti-corruption policy. We are committed to conducting business ethically and in compliance with all applicable anti-bribery and anti-corruption laws and regulations.
AdManage.ai is committed to preventing modern slavery and human trafficking in our operations and supply chain. We expect our suppliers and partners to share this commitment and maintain appropriate policies and procedures.
For critical vulnerabilities that may affect customer data or service availability:
We maintain a responsible disclosure programme for security researchers. Please report vulnerabilities to [email protected].
AdManage.ai maintains comprehensive logging to support security monitoring, incident investigation, and compliance requirements.
Security logs capture:
All employee actions on client data are logged and auditable. This includes data access, modifications, and administrative actions.
Strict separation between environments:
Customer data is never used in development or testing environments.
Protection against common web application vulnerabilities:
All changes to AdManage.ai follow a strict deployment pipeline through isolated environments:
AdManage.ai maintains a comprehensive disaster recovery plan ensuring full service restoration within 24 hours or less for any incident, including:
Our disaster recovery plan undergoes:
Our Business Continuity Plan ensures AdManage.ai maintains critical operations during any disruption:
Activation Triggers:
AdManage.ai operates on a passwordless authentication model. Users authenticate via Google SSO or magic links, eliminating password-related vulnerabilities such as weak passwords, password reuse, and credential stuffing attacks.
AdManage.ai maintains a Code of Ethics and Conduct that applies to all employees, contractors, and business partners.
To maintain the security of your AdManage.ai account and advertising campaigns:
For security concerns, vulnerability reports, or questions about our security practices:
Security Team / Data Protection Officer: [email protected]
General Support: [email protected]
Priority Support: Available Monday-Friday, UK business hours for Enterprise customers
Responsible Disclosure: We appreciate security researchers who responsibly disclose vulnerabilities. Please email [email protected] with details.
This Security Policy may be updated periodically to reflect changes in our security practices, technology updates, or regulatory requirements. We will notify users of significant changes via email or platform notifications.
Last reviewed: January 2026
Version: 2.0