Trust & Safety

Security at Ad Autopilot™

Your data security is our top priority. We implement industry-leading security practices to protect your advertising data and credentials.

Compliance

Enterprise-Grade Security Standards

We meet the highest standards for security, privacy, and compliance.

SOC 2 Type II

We maintain SOC 2 Type II compliance, demonstrating our commitment to security, availability, and confidentiality through rigorous third-party audits.

GDPR Compliant

We comply with the General Data Protection Regulation (GDPR), ensuring European users' data rights are respected and protected.

CCPA Compliant

We adhere to the California Consumer Privacy Act (CCPA), providing California residents with transparency and control over their data.

Data Protection

How We Protect Your Data

Encryption at Rest

All sensitive data is encrypted at rest using AES-256 encryption, the same standard used by governments and financial institutions worldwide.

  • Database encryption for all customer data
  • Encrypted backups with separate key management
  • Hardware security modules (HSM) for key storage

Encryption in Transit

All data transmitted between your browser and our servers is protected using TLS 1.3, the latest and most secure transport protocol.

  • TLS 1.3 for all API communications
  • Certificate pinning for mobile applications
  • HSTS enabled to prevent downgrade attacks

OAuth Token Security

Your advertising platform credentials are never stored directly. We use secure OAuth 2.0 tokens with encrypted storage.

  • OAuth 2.0 with PKCE for all integrations
  • Automatic token rotation and refresh
  • Minimal permission scopes requested

Access Control

We implement strict access controls to ensure only authorized users and systems can access your data.

  • Role-based access control (RBAC)
  • Two-factor authentication (2FA) support
  • Audit logging for all access
Infrastructure

Secure Infrastructure

Cloud Security

  • Hosted on AWS with SOC 2 certified data centers
  • Multi-region redundancy for high availability
  • Private VPC with network segmentation
  • DDoS protection and WAF enabled

Security Monitoring

  • 24/7 security monitoring and alerting
  • Intrusion detection and prevention systems
  • Regular vulnerability scanning
  • Annual third-party penetration testing

Employee Security

Our team members undergo rigorous security training and background checks. We follow the principle of least privilege access.

Security Training

Quarterly updates

Background Checks

All employees

Device Security

MDM enforced

Responsible Disclosure

Report a Security Issue

We take security vulnerabilities seriously. If you discover a security issue, please report it to us responsibly and we'll respond promptly.

Report Security Issue Contact Us