Controls
Last reviewed July 2026Infrastructure security
- AES-256 encryption for data at rest
- TLS 1.3 encryption for data in transit
- Cloudflare DDoS protection for all web traffic
- Encrypted backups with tested restore procedures
- Isolated production environment
Organizational security
- Information security policy
- Risk management program
- Internal security audits
- Personnel security and background checks
- Vendor risk assessments for all subprocessors
Product security
- Secure development life cycle
- HTTPS-only destination URL validation
- Automatic scanning for malicious ad content
- Multi-step approval workflows for campaign launches
- Budget limits and spending alerts
Access control
- Passwordless authentication
- Role-based team access management
- Privileged access management
- OAuth-scoped platform tokens, revocable at any time
Data and privacy
- Data Processing Agreement (DPA)
- Data classification and handling standards
- GDPR data subject rights support
- Breach notification per GDPR Article 33
- Sanctions compliance screening