Security

Last updated: 5 May 2026

AdsIQ connects to the accounts you use to run your business — ad platforms, ecommerce platforms, and analytics tools. The data you trust us with is sensitive, and we treat it that way. This page describes how we protect it.

Infrastructure

Cloud provider

Google Cloud Platform — US regions. Cloud Run for application servers, Cloud SQL for transactional data, managed analytics for reporting workloads.

Network isolation

Database access restricted to authenticated service accounts inside a private VPC. No direct database access from the public internet.

Secret management

Access tokens, API keys, and signing secrets stored in Google Secret Manager with versioning, IAM-controlled access, and audit logging.

Backups

Daily automated backups with point-in-time recovery enabled.

Encryption

In transit — all data exchanged with the Service is encrypted using TLS 1.2 or higher.
At rest — all persistent storage uses AES-256 encryption via Google Cloud's managed keys.
Tokens — third-party access tokens are stored encrypted at rest. Tokens are never logged in plaintext.
Sessions — JWT-based session tokens delivered via httpOnly, Secure, SameSite cookies.

Access controls

Customer access — role-based access controls within your AdsIQ organization. Admins can grant or revoke access at the brand and feature level.
Internal access — production data access is restricted to a small number of named engineers, gated by SSO with mandatory two-factor authentication. Production access is logged.
Audit logging — administrative actions, integrations granted or revoked, and data exports are logged to a tamper-evident audit trail.

Data retention and deletion

You may request deletion of your account at any time. We complete deletion within 30 days of a verified request, except where retention is required by law (e.g., billing records).
You may revoke any connected-platform integration at any time through your account settings or through the platform's permissions page. Revocation stops further data syncs.
Aggregated, anonymized analytics may be retained indefinitely for Service improvement.

Vulnerability disclosure

If you believe you've discovered a security vulnerability in AdsIQ, please email security@superchargeme.com with a description, steps to reproduce, and any proof-of-concept. We will acknowledge receipt within two business days and provide a status update within seven business days. We ask that you give us a reasonable opportunity to remediate before any public disclosure.

Incident response

In the event of a security incident affecting customer data, we will contain the incident, notify affected customers without undue delay and within timeframes required by applicable law, and provide a post-incident summary including root cause and remediation steps.

Contact

Security questions: security@superchargeme.com
Privacy questions: privacy@superchargeme.com
General contact: hello@ads-iq.com

AdsIQ is operated by Excite Foundry Ltd, a company registered in England and Wales. Registered office: 85 Great Portland Street, London, W1W 7LT, United Kingdom.