👋 Need help? Chat with us!

Security

Name: AdsMAA
Rating: 4.8 (2847 reviews)
Author: Zusta Autonetic Private Limited

Security is foundational to everything we do. Learn how AdsMAA protects your data and keeps your information safe.

Last Updated: December 28, 2025

Our Security Commitment

AdsMAA is built with security at its core. We handle sensitive advertising and conversion data, and we take this responsibility seriously. Our security program is designed to protect your data through industry-leading practices, continuous monitoring, and regular assessments.

Quick Navigation

Infrastructure Security

Cloud Infrastructure

Hosted on Amazon Web Services (AWS) with SOC 2 Type II certification. Multi-region deployment for high availability and disaster recovery.

Network Security

VPC isolation, private subnets, Web Application Firewall (WAF), and DDoS protection through AWS Shield.

Data Isolation

Complete data isolation between tenants. Each organization's data is logically separated and encrypted with unique keys.

Redundancy & Backups

Automated daily backups with point-in-time recovery. Data replicated across multiple availability zones.

Data Encryption

In Transit

TLS 1.3 for all connections
HTTPS enforced on all endpoints
HSTS headers enabled
Perfect forward secrecy

At Rest

AES-256 encryption for all data
AWS KMS for key management
Encrypted database volumes
Encrypted backup storage

PII Hashing: Personally identifiable information like email addresses and phone numbers are hashed using SHA-256 before being sent to advertising platforms for conversion matching.

Access Control

Authentication

Secure password hashing with bcrypt (cost factor 12)
Multi-factor authentication (MFA) support
JWT tokens with short expiration (15 minutes)
Secure refresh token rotation
Session invalidation on password change

Role-Based Access Control (RBAC)

Role	Permissions
Owner	Full access, billing, team management, delete organization
Admin	Full access except billing and organization deletion
Manager	Manage campaigns, integrations, view reports
Analyst	View-only access to dashboards and reports

Application Security

Input Validation

All inputs validated and sanitized to prevent injection attacks

CSRF Protection

Token-based protection on all state-changing requests

XSS Prevention

Content Security Policy headers and output encoding

SQL Injection

Parameterized queries and ORM-based database access

Rate Limiting

API rate limiting to prevent abuse and DDoS

Security Headers

HSTS, X-Frame-Options, X-Content-Type-Options enforced

Monitoring & Threat Detection

24/7 Monitoring

Continuous monitoring of infrastructure, applications, and security events. Automated alerting for anomalies and potential threats.

Audit Logging

Comprehensive audit logs for all security-relevant events. Immutable log storage with 90-day retention. Available for enterprise customers on request.

Incident Response

Documented incident response procedures. Security team on-call 24/7. Regular incident response drills and post-mortems.

Vulnerability Management

Regular Security Assessments

Annual penetration testing by independent security firms. Quarterly vulnerability scans. Continuous automated security testing in CI/CD pipeline.

Dependency Management

Automated dependency scanning for known vulnerabilities. Regular updates and patching. Software composition analysis (SCA) in development workflow.

Secure Development Lifecycle

Security training for developers. Code review requirements. SAST and DAST testing. Security review for significant changes.

Responsible Disclosure

We welcome responsible disclosure of security vulnerabilities. If you discover a potential security issue, please email [email protected]. We commit to acknowledging reports within 24 hours and providing updates as we investigate.

Compliance & Certifications

GDPR

GDPR Compliant

Full compliance with EU General Data Protection Regulation.

SOC 2

SOC 2 (Infrastructure)

Hosted on SOC 2 Type II certified infrastructure (AWS).

PCI

PCI DSS (Payments)

Payment processing through PCI-compliant providers (Stripe, Razorpay).

DPA

Data Processing Agreement

DPA with SCCs available for enterprise customers.

Employee Security

Background checks for all employees with access to production systems

Mandatory security awareness training upon joining and annually

Principle of least privilege for all system access

Multi-factor authentication required for all internal systems

Encrypted company devices with remote wipe capability

Immediate access revocation upon employee departure

Business Continuity

99.9%

Uptime SLA

<1hr

RTO (Recovery Time)

<5min

RPO (Data Point)

Our disaster recovery plan includes multi-region failover, regular backup testing, and documented recovery procedures. Enterprise customers receive dedicated support and priority during incidents.

Security Contact

For security questions, vulnerability reports, or to request security documentation:

Security Team

[email protected]

Enterprise Security

[email protected]

Address: Zusta Autonetic Private Limited, 2/164A VC, Kolkata - 700047, India

Security

Security is foundational to everything we do. Learn how AdsMAA protects your data and keeps your information safe.

Last Updated: December 28, 2025

Our Security Commitment

Quick Navigation

Infrastructure Security

Cloud Infrastructure

Hosted on Amazon Web Services (AWS) with SOC 2 Type II certification. Multi-region deployment for high availability and disaster recovery.

Network Security

VPC isolation, private subnets, Web Application Firewall (WAF), and DDoS protection through AWS Shield.

Data Isolation

Complete data isolation between tenants. Each organization's data is logically separated and encrypted with unique keys.

Redundancy & Backups

Automated daily backups with point-in-time recovery. Data replicated across multiple availability zones.

Data Encryption

In Transit

TLS 1.3 for all connections
HTTPS enforced on all endpoints
HSTS headers enabled
Perfect forward secrecy

At Rest

AES-256 encryption for all data
AWS KMS for key management
Encrypted database volumes
Encrypted backup storage

PII Hashing: Personally identifiable information like email addresses and phone numbers are hashed using SHA-256 before being sent to advertising platforms for conversion matching.

Access Control

Authentication

Secure password hashing with bcrypt (cost factor 12)
Multi-factor authentication (MFA) support
JWT tokens with short expiration (15 minutes)
Secure refresh token rotation
Session invalidation on password change

Role-Based Access Control (RBAC)

Role	Permissions
Owner	Full access, billing, team management, delete organization
Admin	Full access except billing and organization deletion
Manager	Manage campaigns, integrations, view reports
Analyst	View-only access to dashboards and reports

Application Security

Input Validation

All inputs validated and sanitized to prevent injection attacks

CSRF Protection

Token-based protection on all state-changing requests

XSS Prevention

Content Security Policy headers and output encoding

SQL Injection

Parameterized queries and ORM-based database access

Rate Limiting

API rate limiting to prevent abuse and DDoS

Security Headers

HSTS, X-Frame-Options, X-Content-Type-Options enforced

Monitoring & Threat Detection

24/7 Monitoring

Continuous monitoring of infrastructure, applications, and security events. Automated alerting for anomalies and potential threats.

Audit Logging

Comprehensive audit logs for all security-relevant events. Immutable log storage with 90-day retention. Available for enterprise customers on request.

Incident Response

Documented incident response procedures. Security team on-call 24/7. Regular incident response drills and post-mortems.

Vulnerability Management

Regular Security Assessments

Annual penetration testing by independent security firms. Quarterly vulnerability scans. Continuous automated security testing in CI/CD pipeline.

Dependency Management

Automated dependency scanning for known vulnerabilities. Regular updates and patching. Software composition analysis (SCA) in development workflow.

Secure Development Lifecycle

Security training for developers. Code review requirements. SAST and DAST testing. Security review for significant changes.

Responsible Disclosure

Compliance & Certifications

GDPR

GDPR Compliant

Full compliance with EU General Data Protection Regulation.

SOC 2

SOC 2 (Infrastructure)

Hosted on SOC 2 Type II certified infrastructure (AWS).

PCI

PCI DSS (Payments)

Payment processing through PCI-compliant providers (Stripe, Razorpay).

DPA

Data Processing Agreement

DPA with SCCs available for enterprise customers.

Employee Security

Background checks for all employees with access to production systems

Mandatory security awareness training upon joining and annually

Principle of least privilege for all system access

Multi-factor authentication required for all internal systems

Encrypted company devices with remote wipe capability

Immediate access revocation upon employee departure

Business Continuity

99.9%

Uptime SLA

<1hr

RTO (Recovery Time)

<5min

RPO (Data Point)

Our disaster recovery plan includes multi-region failover, regular backup testing, and documented recovery procedures. Enterprise customers receive dedicated support and priority during incidents.

Security Contact

For security questions, vulnerability reports, or to request security documentation:

Security Team

[email protected]

Enterprise Security

[email protected]

Address: Zusta Autonetic Private Limited, 2/164A VC, Kolkata - 700047, India