Security
Last Updated: May 13, 2026
SuperAdverts is built for agencies managing sensitive campaign and account data. This page summarizes our security controls, data handling practices, and incident response approach.
1. Security Principles
- Least-privilege access across infrastructure and application roles
- Encryption by default for data in transit and at rest
- Separation of environments for development and production
- Continuous improvement through reviews, logging, and monitoring
2. Authentication and Access Control
- Secure session-based authentication with role-based authorization
- Password hashing for stored credentials
- Scoped OAuth access for connected Meta and Google Ads accounts
- Administrative actions restricted by role and auditability
3. Data Protection
- TLS (HTTPS) for data in transit
- Encryption at rest for stored customer and integration data
- Secret management for API keys and integration credentials
- Routine backups with controlled retention windows
4. Infrastructure Security
- Managed cloud hosting with network-level protections
- Access to production systems limited to authorized operators
- Dependency and framework updates applied on a regular schedule
- Monitoring for abnormal traffic and operational anomalies
5. Application Security
- Input validation and server-side authorization checks
- Protection against common web risks (XSS, CSRF, injection patterns)
- Secure coding reviews before production release
- Error handling designed to avoid leaking sensitive internals
6. Third-Party Integrations
SuperAdverts integrates with Meta and Google through OAuth and uses trusted third-party providers for infrastructure and billing. We request only the permissions needed to deliver the Service.
7. Incident Response
- Security incidents are triaged with defined severity levels
- Containment, remediation, and post-incident review are required steps
- Affected customers are notified when legally or contractually required
8. Responsible Disclosure
If you believe you found a vulnerability, email a report to security@superadverts.in with reproduction details, impact, and affected endpoints. Please avoid public disclosure until remediation is complete.
9. Compliance and Policy Alignment
- Information Technology Act, 2000 (India)
- Digital Personal Data Protection Act, 2023 (India)
- Meta Platform and Google API data policy requirements
10. Contact
Security Team: security@superadverts.in
General Support: support@superadverts.in