Data Security & Infrastructure

1. Data Transfer from Ad Accounts to Our Database

  • Data Integration: We use Airbyte to automate the data transfer from your Ad accounts to our platform. Airbyte is an open-source, industry-standard data movement tool trusted by thousands of organisations worldwide. Connections are established securely using OAuth, meaning we never store your credentials — only a scoped access token granted by you.
  • API-Based Sync: In some cases, data is transferred via customer-provided API endpoints. This may be handled through Airbyte connectors or via scheduled cron jobs that periodically fetch and sync data into our platform.
  • Direct Database Access: Where preferred, customers may grant us direct access to their database. In these cases, we may sync data into our platform using Airbyte or a scheduled cron job, or — where real-time accuracy is preferred — we may query the customer's database directly at runtime without storing a copy of the data in our own database.
  • Data Scope: The data accessed includes metrics and campaign information from your connected accounts and data sources (Meta Ads, Google Ads, HubSpot, Google Analytics, and others). We do not have access to or transfer any PII.
  • Data Security: During the transfer process, data is encrypted both in transit and at rest, ensuring that your information remains secure.

2. Data Storage in Supabase

  • Data Location: Once transferred, the data is stored in Supabase, a managed PostgreSQL platform built on industry-leading open-source technology.
  • Data Management: Supabase provides a scalable and secure environment for storing structured data, with strict multi-tenant isolation enforced at the database level using Row Level Security (RLS). Your organisation's data is only ever accessible to your users.
  • Access Control: Access to data is restricted to authenticated users only. All users must authenticate through Supabase Auth (supporting Google OAuth and secure session management), ensuring that only authorised personnel can access your data.

3. Data Processing and Analysis Using Vercel

  • Vercel Infrastructure: After data is stored in Supabase, it is processed and analysed using our application platform, built on Next.js and hosted on Vercel, an enterprise-grade cloud platform.
  • Data Processing: All processing and computations are performed server-side within our secure application layer on Vercel, leveraging purpose-built analytics and AI pipelines.
  • Data Privacy: All processing occurs within US East (us-east-2) data centres.
  • Authenticated Access: Access to any data within our services is restricted to authenticated users, with roles and permissions tightly controlled (super admin, org admin, member) to ensure only authorised individuals or systems can process or view your data.

4. Security and Compliance

  • End-to-End Encryption: Data is encrypted at all stages — during transfer (TLS), storage (AES-256), and processing.
  • Tenant Isolation: Each organisation's data is logically separated at the database level using Row Level Security, meaning your data is never commingled with another organisation's data.
  • User Authentication and Authorisation: We use Supabase Auth with Google OAuth and role-based access controls to ensure that only authorised users can access and interact with your data across all services.