Security

Last updated: 11 July 2026

You connect your business's advertising accounts to our platform. That is a serious grant of trust, and this page explains how we protect it.

How we protect your data

  • Encryption in transit. All traffic between your browser, our servers and the ad platforms uses TLS.
  • Encrypted credential storage. API tokens for your connected accounts are stored encrypted and are never written to logs.
  • Least privilege. We request the minimum API permissions needed for the features you use, and our own staff access follows the same principle.
  • Managed infrastructure. The platform runs on established cloud providers with their own certified physical and network security.
  • Passwords. Stored only as salted hashes. We never see or store your ad platform passwords at all; connections use the platforms' official OAuth flows or system tokens you control.

Your controls

  • Disconnect any connected account from settings at any moment; access is revoked immediately.
  • Delete your account and data whenever you choose. The process is on our data deletion page.
  • Every ad requires your approval before it runs, so nothing happens in your accounts silently.

If something goes wrong

If a security incident affects your data, we will tell you promptly, plainly and completely: what happened, what was affected, and what we are doing about it. No burying it in vague language.

Reporting a vulnerability

If you find a security issue in our platform, please email getintouch@brandscalers.in with the subject Security report. We read these personally, respond within 3 business days, and will not take action against good-faith research done without harming user data or service availability.

Related

Privacy policy · Data deletion · Terms of service