Security
You connect your business's advertising accounts to our platform. That is a serious grant of trust, and this page explains how we protect it.
How we protect your data
- Encryption in transit. All traffic between your browser, our servers and the ad platforms uses TLS.
- Encrypted credential storage. API tokens for your connected accounts are stored encrypted and are never written to logs.
- Least privilege. We request the minimum API permissions needed for the features you use, and our own staff access follows the same principle.
- Managed infrastructure. The platform runs on established cloud providers with their own certified physical and network security.
- Passwords. Stored only as salted hashes. We never see or store your ad platform passwords at all; connections use the platforms' official OAuth flows or system tokens you control.
Your controls
- Disconnect any connected account from settings at any moment; access is revoked immediately.
- Delete your account and data whenever you choose. The process is on our data deletion page.
- Every ad requires your approval before it runs, so nothing happens in your accounts silently.
If something goes wrong
If a security incident affects your data, we will tell you promptly, plainly and completely: what happened, what was affected, and what we are doing about it. No burying it in vague language.
Reporting a vulnerability
If you find a security issue in our platform, please email getintouch@brandscalers.in with the subject Security report. We read these personally, respond within 3 business days, and will not take action against good-faith research done without harming user data or service availability.