Security & Trust

Your data is safe with BrandzIQ

We connect to your ad platforms using official read-only APIs. We cannot create, modify or delete anything. Ever.

Read-only access only
Hosted on Vercel & Supabase
AES-256 encryption at rest
GDPR compliant
TLS 1.3 in transit
Key Security Principle

We never store your campaign data

Your ad performance data — spend, impressions, clicks, conversions, ROAS — is fetched live from your connected platforms every time you load a page. It is never written to our database, never stored on our servers and never retained after your session.

The only data BrandzIQ stores is your account preferences, OAuth tokens (encrypted) and AI-generated report history — never your raw campaign data.

Live API calls only
Campaign data is fetched fresh from Meta, Google, TikTok, LinkedIn and DV360 on every page load — never cached or stored
No data retention
We store only your account settings, encrypted OAuth tokens and AI report history — never your raw ad performance data
Disconnect = clean slate
Disconnecting a platform removes the OAuth token. There is no campaign data to delete because none was ever stored

How we keep your data secure

BrandzIQ is built on enterprise-grade infrastructure used by thousands of companies worldwide.

Clerk.com

Authentication & Identity

All user authentication is handled by Clerk — a dedicated identity platform used by thousands of production applications.

  • SOC 2 Type II certified
  • Multi-factor authentication (MFA) support
  • Secure session management with automatic expiry
  • No passwords stored by BrandzIQ directly
  • Brute-force and bot protection built in
  • Invite-only access during beta — controlled user base
Supabase

Data Storage & Database

All user data is stored in Supabase — a PostgreSQL database platform with enterprise-grade security controls.

  • Data encrypted at rest using AES-256
  • Data encrypted in transit using TLS 1.3
  • Row Level Security (RLS) — you can only access your own data
  • SOC 2 Type II compliant infrastructure
  • Automatic backups with point-in-time recovery
  • EU data residency available
Vercel

Hosting & Infrastructure

BrandzIQ is hosted on Vercel — enterprise-grade cloud infrastructure with automatic security hardening.

  • Automatic HTTPS on all connections
  • DDoS protection built in
  • SOC 2 Type II compliant
  • Zero-downtime deployments
  • Serverless functions with isolated execution environments
  • No persistent server state — stateless API design
Anthropic

AI Processing

AI-powered insights and reports are generated by Claude — Anthropic's enterprise AI platform.

  • Your data is NOT used to train AI models
  • API access only — data is not retained by Anthropic
  • No campaign data is stored in AI systems
  • All AI calls are made server-side — never from your browser
  • Anthropic is SOC 2 Type II certified
OAuth 2.0

Ad Platform Connections

All platform connections use the official OAuth 2.0 protocol — the same standard used by major enterprise applications worldwide.

  • Official APIs only — Meta, Google, TikTok, LinkedIn, DV360
  • Read-only scopes — we cannot modify your campaigns
  • Tokens stored encrypted in Supabase
  • Disconnect any platform instantly from your dashboard
  • You can also revoke access directly in each ad platform
GDPR

Privacy & Compliance

BrandzIQ is designed to be GDPR compliant from the ground up — your data rights are built into the platform.

  • Data processing agreement (DPA) available on request
  • Right to access — export all your data anytime
  • Right to deletion — request full data removal
  • No third-party data sharing or selling
  • Cookie consent compliant
  • Privacy policy available at brandziq.ai/privacy.html

Read-only access. Always.

When you connect your ad platforms, BrandzIQ requests the minimum permissions needed to read your campaign data. We cannot and will not create, edit, pause or delete anything in your ad accounts.

Meta Ads
ads_read, read_insights
  • View campaigns & performance
  • Create or edit campaigns
  • Spend your budget
  • Access personal user data
Google Ads
auth/adwords readonly
  • View campaigns & performance
  • Create or edit campaigns
  • Spend your budget
  • Access Google account data
TikTok Ads
advertiser:read
  • View campaigns & performance
  • Create or edit campaigns
  • Spend your budget
  • Access TikTok account data
LinkedIn Ads
r_ads, r_ads_reporting
  • View campaigns & performance
  • Create or edit campaigns
  • Spend your budget
  • Access LinkedIn profile data
DV360
auth/display-video readonly
  • View line items & performance
  • Create or edit line items
  • Spend your budget
  • Access Google account data
Google Analytics 4
analytics.readonly
  • View session & conversion data
  • Modify GA4 configuration
  • Access raw user-level data
  • Export or share your data

Certifications & Compliance

Our infrastructure providers hold the certifications that matter most to enterprise clients.

SOC 2 Type II

Clerk, Supabase and Vercel are all SOC 2 Type II certified

Via infrastructure

GDPR

Compliant data processing with full user rights and DPA available

Compliant

Meta App Review

Official Meta Marketing API partner — reviewed and approved

Approved

Google OAuth Verification

OAuth app submitted for Google's official verification process

⏳ In review

TikTok Developer

Approved TikTok for Business developer with production access

Approved

LinkedIn Marketing API

LinkedIn Advertising API developer — under review for production

⏳ In review

Your rights & controls

You are always in full control of your data and your connections.

Disconnect anytime

Remove any platform connection instantly from your dashboard — or revoke access directly in the ad platform's settings.

Export your data

Request a full export of all data BrandzIQ holds about you at any time by contacting security@brandziq.ai.

Right to deletion

Request complete deletion of your account and all associated data. We will confirm deletion within 30 days.

Transparency

We will always tell you what data we collect, why we collect it, and how it is used. No hidden processing.

No data selling

Your campaign data is never sold, rented or shared with third parties. It is used only to power your BrandzIQ dashboard.

No AI training

Your data is never used to train AI models — by BrandzIQ or by Anthropic. AI processing is stateless and ephemeral.

Security questions?

We're happy to answer any questions about our security practices, provide a Data Processing Agreement, or discuss enterprise requirements.

Contact security@brandziq.ai