Enterprise-grade security by default

SOC 2 Type II Infrastructure

Built on Vercel, Supabase, and Google Cloud — all independently SOC 2 Type II certified. Your data runs on the same infrastructure trusted by Shopify, GitHub, and Stripe.

Encryption Everywhere

AES-256 encryption at rest across all data stores. TLS 1.3 encryption in transit for every connection. Your data is encrypted whether it's moving or standing still.

Organisation-Level Isolation

Row-Level Security policies ensure your data is completely isolated. No organisation can ever access another's data — enforced at the database level, not just the application.

No PII in AI Processing

AI agents analyse aggregated performance metrics — spend, clicks, conversions, ROAS. Personal customer data never enters the AI pipeline. Campaign names and search terms are the most granular data processed.

Authentication & Access Control

Multi-factor authentication (TOTP), SSO via SAML/OIDC for enterprise accounts, role-based access control (Owner, Admin, Manager, Viewer, Client), and session management with automatic timeout.

GDPR & CCPA Compliant

Full compliance with EU and California data protection regulations. Data Processing Agreements available. Right to access, export, and delete your data at any time.

What we store

• Aggregated campaign metrics (spend, clicks, conversions)
• Campaign and ad group names
• Search terms (for keyword analysis)
• GA4 session and revenue data
• Product feed attributes (for ecommerce)

What we never store

• Customer personal information (names, emails, addresses)
• Payment or financial data
• Ad platform login credentials
• Raw click-stream or user-level event data
• Cookies or tracking pixels on your customers

AI processing

• Only aggregated metrics sent to AI (Claude API)
• Anthropic does not train on API inputs
• Data Processing Agreement in place
• No PII ever enters the AI pipeline
• All AI outputs are cached in your isolated database