Enterprise-Grade Security

Your advertising data is critical to your business. We treat its protection with the seriousness it deserves.

Last updated: March 2026

Data Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Database backups, API tokens, and OAuth credentials are encrypted with separate keys managed through a hardware security module (HSM).

SOC 2 Type II Compliance

AdvertisingSystems has completed SOC 2 Type II certification, independently audited for security, availability, and confidentiality controls. Our compliance report is available to enterprise customers under NDA upon request.

Infrastructure Security

Our platform runs on hardened cloud infrastructure with network isolation, automated vulnerability scanning, and DDoS protection. Access to production systems requires multi-factor authentication and is restricted to authorized personnel via a zero-trust architecture.

Incident Response

We maintain a documented incident response plan with a dedicated security team available 24/7. In the event of a security incident, affected customers are notified within 72 hours. We conduct regular incident response drills and post-incident reviews.

Responsible Disclosure

We value the security community's efforts in helping keep AdvertisingSystems safe. If you discover a security vulnerability, we encourage you to report it responsibly.

  • Email your findings to security@advertisingsystems.ai.
  • Provide sufficient detail for us to reproduce and address the issue.
  • Allow us reasonable time to investigate and remediate before public disclosure.
  • Do not access, modify, or delete other users' data.

We commit to acknowledging reports within 2 business days and will not pursue legal action against researchers who follow these guidelines.

Common questions

Is my data encrypted?

Yes. Data is encrypted in transit (TLS 1.3) and at rest (AES-256). API tokens and credentials are stored with separate keys in a hardware security module.

Are you SOC 2 compliant?

Yes. We’re SOC 2 Type II certified. Enterprise customers can request our compliance report under NDA.

How do I report a security issue?

Email security@advertisingsystems.ai with details. We respond within 2 business days and don’t pursue legal action against researchers who follow responsible disclosure.

Do you sell or share my data?

No. We don’t sell your data to third parties or use it for advertising. We use it only to provide and improve the product. See our Privacy Policy.

Where is data stored?

We use cloud infrastructure in regions that meet our compliance requirements. Data residency options may be available for Enterprise; contact us.

How do you handle access to production?

Access requires multi-factor authentication and is restricted to authorized personnel. We follow a zero-trust model and least-privilege access.

Do you do penetration testing?

Yes. We run regular internal and third-party security assessments and act on findings.

What about GDPR or CCPA?

We support data subject requests and have processes for GDPR and CCPA. See our Privacy Policy and Data Processing terms.

Can I get a security questionnaire or SIG?

Enterprise customers can request our security documentation and complete questionnaires. Contact your account lead or security@advertisingsystems.ai.

How are credentials stored?

OAuth tokens and API keys are encrypted and stored in a secure vault. We never store your Google or Meta passwords.

Still have questions?

View full FAQ or contact us

Questions about security or compliance?

Contact us

Ready to master your advertising?

Schedule a meeting