Try for free
Log inTry for free
Technical data protection measures

How we protect your data

You trust us with access to your ad accounts, CRM data, and analytics. This page lists the concrete measures we apply to protect that data.

What is implemented on the platform

Technical measures at the traffic, storage, authentication, and infrastructure layers

Data encryption

TLS 1.3 for all traffic. Integration OAuth tokens are stored encrypted (AES-256). Passwords use bcrypt with cost factor 12.

Secure authentication

Two-factor authentication (2FA). OAuth 2.0 for all integrations. JWT with automatic key rotation. Brute-force protection via rate limiting.

Data isolation

Multi-tenant architecture: each workspace's data is isolated at the database level. Access to other tenants' data is not possible at the query layer.

Action audit log

All user actions (login, password change, integration connection, data export) are recorded in an immutable log with IP and device info. Retention: 12 months.

Secure cookies

Auth cookies are marked HttpOnly, Secure, and SameSite=Strict. CSRF protection uses double-submit cookies plus X-Requested-With.

Perimeter defense

Cloudflare WAF at the edge, DDoS protection, and automatic IP blocking when limits are exceeded. nginx with configured security headers (HSTS, CSP, X-Frame-Options).

Compliance

We operate in line with Russian Federal Law 152-FZ on personal data. For users in the EU and US, additional rights under GDPR and CCPA apply — see /privacy.

152-ФЗ
Documented in the Privacy Policy (/privacy). Processing is carried out in compliance with Russian Federal Law 152-FZ.
TLS 1.3 + HSTS
Enforced HTTPS on all pages with HSTS-preloaded.
OAuth 2.0
Secure authentication for 48+ ad and analytics platforms.
Transparent policy

The full list of subprocessors, processing purposes, and retention periods is published at /privacy.

Our engineering practices

Principle of least privilege

We request only the OAuth scopes the service cannot function without. Within the team, access to production data is role-based.

Parameterized queries and input validation

All database queries are parameterized. Server-side HTML sanitization. CSP for XSS protection.

Secret rotation

JWT keys rotate every 90 days with a 7-day overlap. The OAuth token encryption key rotates every 180 days with background re-encryption.

Reproducible builds and dependency audit

CI runs a dependency vulnerability scanner on every merge. Container builds are deterministic.

Found a vulnerability?

We value the contribution of security researchers. If you have discovered a vulnerability in our system, please report it to us confidentially.

If you followed this disclosure channel in good faith, we will not pursue legal action against you.

security@admetric.pro