Skip to content
TopAdsROI
Hukum

Security

How we protect data in transit, at rest, and in process — across fifteen lines of defence.

Last updated: · Version 1.0

1. Overview

TopAdsROI is a data-sovereignty-first platform. The entire architecture is designed so that customer data never leaves the customer's perimeter. This page describes how we secure both this website and the platform we deliver to customers.

2. Cryptography

  • In transit: TLS 1.3 minimum. HSTS preloaded. Certificate Transparency monitored.
  • At rest: AES-256. In your cloud data plane this is your provider's default encryption at rest (e.g. Google Cloud, AWS, or Azure), which you control; you may enable customer-managed keys (e.g. Cloud KMS / AWS KMS / Azure Key Vault) at any time.
  • PII hashing: SHA-256 with platform-level salt. Plaintext email and phone are not persisted in your data warehouse or document store — they are hashed by design.
  • Secret storage: Cloud KMS / Cloudflare Secrets. No secrets in source.

3. Access control

These controls apply to TopAdsROI's own infrastructure. Access to a customer's cloud environment occurs only under the written support-request process described in the DPA — TopAdsROI does not hold standing access to customer data planes.

  • Single sign-on (SSO) via your IdP (OIDC / SAML).
  • Short-lived tokens for all internal services. No long-lived static credentials.
  • Cloud Scheduler routes verified by OIDC + audience match on every invocation.
  • Just-in-time access for engineering. Production access requires reason-of-access + approver.

4. Infrastructure

Responsibility split: the customer-data items below run inside your own cloud — our Terraform configures these defaults, but you retain full administrative control and may modify them. The edge and marketing-site items run on TopAdsROI-managed infrastructure.

  • Customer data (your cloud): a document store + data warehouse (Firestore + BigQuery on GCP, or AWS / Azure equivalents) in your own cloud, in the region you choose — e.g. Sydney australia-southeast1, Tokyo asia-northeast1, Singapore asia-southeast1 for APAC; Iowa us-central1 / S. Carolina us-east1 for the US; Montréal northamerica-northeast1 for Canada; London europe-west2 for the UK. The platform is region-agnostic.
  • Edge (ours): Cloudflare Workers / Pages — DDoS, WAF, bot management included.
  • Network (your cloud): private inter-service networking (e.g. Private Service Connect on GCP). No public ingress to data planes.
  • Backup (your cloud): our templates configure point-in-time recovery (e.g. Firestore 35-day window) and optional cross-region replication by default; you can adjust both in your cloud console. We do not warrant your actual backup posture, which you control.

5. Monitoring

  • Per-event success / permanent-failure metrics.
  • Structured error_kind taxonomy for ad-platform failures.
  • Worker-bypass mode lets ops manually replay events from the data store.
  • SLO-driven alerting; runbooks for each alert.
  • Audit logs retained 365 days; immutable / WORM available on Enterprise.

6. Incident response

Severity-tiered runbooks. Notification SLAs cover TopAdsROI-managed systems (this site, the admin panel, the deployment toolchain). Because customer end-user data lives in the customer's own cloud, detecting and reporting breaches inside that tenancy — and notifying regulators (e.g. the 72-hour GDPR window) — is the customer's responsibility as controller; we provide forensic assistance on request.

  • P0 (data loss / breach of our systems): we aim to notify the customer within 24 hours (per your agreement).
  • P1 (degraded service): we aim to notify the customer within 4 hours (per your agreement).
  • P2+: weekly status report.

Public status page: status.topadsroi.com (post-launch).

7. Audits and certifications

  • SOC 2 Type II: in progress. Report available under NDA.
  • ISO 27001: planned 2026 H2.
  • Penetration testing: annual third-party. Last test: TBD (post-launch).
  • Internal audits: quarterly. Findings tracked in shared SLA.

8. Responsible disclosure

We welcome security research. Email [email protected] (PGP key on request). We commit to:

  • Aim to acknowledge within 24 hours.
  • Aim to triage within 5 business days.
  • Fix critical issues within 30 days.
  • Public credit (with your permission).

We do not pursue legal action against good-faith research. No bounty program at launch — we plan to stand one up post-SOC 2.