Security & Trust

How we protect your revenue data

Hosted on Vercel

SOC2 Type 2

SOC2 Aligned

Trust controls

256-bit Encryption

AES-256 + TLS 1.3

Infrastructure

Hosted on Vercel (SOC2 Type 2 certified infrastructure)

Database on Supabase (SOC2 Type 2 certified, PostgreSQL)

All data encrypted at rest (AES-256) and in transit (TLS 1.3)

Primary region: US-East-1 (Virginia) with edge distribution

Role-based access with four levels: owner, admin, viewer, API-only

Entity-scoped permissions — users only see data they are authorized for

API authentication via HMAC-SHA256 signed keys with per-key rate limiting (1,000 req/hr)

Client portals use token-based access with scoped data filtering

Webhook payloads signed with HMAC-SHA256 for delivery verification

Organization-scoped row-level security on every database table

No PII stored in revenue or report records

Automated data retention: records 1 year, audit logs 2 years, usage logs 90 days

CSV/XLSX exports respect permission scoping — users can only export data they can view

Invitation tokens expire after 7 days; API keys can be revoked instantly

Automated anomaly detection on revenue data (configurable thresholds)

SSP discrepancy alerts when impression or revenue counts disagree across sources

Connector health monitoring with 48-hour staleness detection

Data completeness scoring across date coverage, field quality, and freshness

Alert delivery via email (Resend) and Slack webhooks

Every action logged: logins, data access, exports, configuration changes, user management

Immutable audit records — no database policies allow deletion or modification

Full audit history exportable as CSV for compliance review

18 tracked action categories across authentication, data, and system operations

SOC2 Type 2 audit planned Q3 2026

GDPR-ready data handling (no EU PII stored)

WOO (World Out of Home) membership in progress

Reach out to our security team for detailed answers, compliance documentation, or to schedule a review.