SECURITY
Your Ad Data is Worth Millions. Here's How We Protect It.
Security Architecture
encryption
Data Protection at Every Layer
-
AES-256 encryption at rest
All stored data encrypted with AES-256. Database contents, file storage, and backups. -
TLS 1.3 in transit
All data transfers use TLS 1.3. HSTS enforced. Certificate pinning for API communications. -
HSM credential storage
Sensitive credentials stored in hardware security modules. Application layer cannot access raw credentials. -
No password storage
OAuth-based API integrations with all ad platforms. No passwords stored. Access revocable by you at any time.
compliance
Regulatory and Legal Framework
-
GDPR compliance
Data minimization, purpose limitation, right to erasure, data portability, and lawful processing basis. -
CCPA compliance
Consumer rights respected: access, deletion, and opt-out. California-specific requirements met. -
SOC 2 (in progress)
Following SOC 2 Type II principles. Access controls, change management, and incident response procedures. -
Data Processing Addendum
Enterprise DPA covering data handling, processing purposes, sub-processors, retention, and deletion.
operations
Operational Security
-
Incident response (24h SLA)
24-hour notification for security incidents. Post-incident reports within 72 hours. Remediation tracked to completion. -
Vulnerability disclosure
Responsible disclosure program for security researchers. 24-hour response SLA. -
Regular pen testing
Third-party penetration testing conducted regularly. Reports available under NDA for enterprise clients. -
Data isolation
Client data isolated. Your data is never used to train models for other clients or build shared benchmarks.
Your Data. Your Accounts. Your Control. Always.
-
THE PROBLEM
Many marketing platforms use your campaign data to build "aggregate benchmarks" that benefit competitors. Your best-performing audiences and creative strategies become shared intelligence. You pay to optimize; everyone benefits. -
HOW MINORA HELPS
Your data is used exclusively for your campaigns. Zero cross-client data sharing. No aggregate benchmarks. No model training on your data. Your competitive advantage stays yours. -
METRIC
0% of client data shared across accounts. 100% data isolation. 30-day purge upon cancellation.
Frequently Asked Questions
- Question:How does Minora AI encrypt data?Answer:AES-256 at rest, TLS 1.3 in transit, HSM for credentials, encrypted backups. Zero unencrypted data in our infrastructure.
- Question:Does Minora store ad account passwords?Answer:No. OAuth-based API integrations only. No passwords stored. Access revocable through platform native settings.
- Question:Is Minora GDPR compliant?Answer:Yes. Data minimization, purpose limitation, right to erasure, data portability. DPA available for all clients.
- Question:How is data retention handled?Answer:Data retained during engagement. Processing data purged within 30 days of cancellation. Your ad account data stays in your accounts.
- Question:Where is data stored?Answer:SOC 2 certified cloud infrastructure. EU data residency available upon request.
- Question:How does incident response work?Answer:24-hour notification. Post-incident reports within 72 hours. Remediation tracked to completion with client updates.
- Question:Can I see penetration test results?Answer:Yes. Third-party pen test reports available under NDA for enterprise clients during evaluation.
- Question:Is my data used for other clients?Answer:No. Your data is used exclusively for your campaigns. No cross-client training, no aggregate benchmarks, no third-party sales.
Security Questions?
We Have Answers.
Request our security documentation, DPA, and compliance details.