Security & Data Protection Policy

Last Updated: August 2025

At Adsroid.com and its subdomain app.adsroid.com (“we”, “our”, “us”), we are fully committed to protecting your data and ensuring the highest standards of security. This Security & Data Protection Policy explains how we safeguard your information when you use our services (“Services”) and why our approach is both secure and innovative.

1. Data Handling Principles

• No persistent storage of platform data: Unlike other systems that store platform data daily (such as ad spend, clicks, or campaign metrics), Adsroid only retrieves data on-demand via direct API calls when requested by the user or through notifications. These data are processed in real time and immediately discarded once the operation is complete.

• Enhanced privacy: Because Adsroid never stores platform data permanently, the risk of data leaks is drastically reduced. Only essential account information (e.g., login credentials, settings, or identifiers) may be retained, in accordance with our [Privacy Policy].

• Secure transit: Data only transits during the API call. All workflows are secured, whether using tools like Make, Zapier, n8n, or custom-built solutions in Python, Node.js, or other languages.

• Legal compliance : Even though no persistent storage occurs, temporary collection and processing still qualify as “data processing” under GDPR. Adsroid processes data only when necessary to deliver the service, under Article 6(1)(b) GDPR (performance of a contract). Users may revoke API access at any time.

2. Technical Security Measures

We implement multiple layers of technical protection:

• Encrypted communications: All API calls and data transfers use SSL/TLS encryption.

• Hashed data storage: When necessary, any sensitive identifiers are hashed (e.g., SHA256) to prevent exposure.

• Secure infrastructure: Our servers and cloud providers follow industry-standard security practices.

• Access control: Only authorized personnel have access to internal systems, with role-based permissions and authentication.

• Monitoring & logging: All critical systems are monitored for unauthorized access attempts and unusual activity.

3. Organizational Security Measures

• Employee access limitations: Only staff who require access to perform their job duties can access the system.

• Regular training: Employees are trained on secure handling of sensitive information and regulatory compliance (GDPR, AI Act).

• Internal procedures: We have strict internal protocols to manage workflows, code deployments, and operational processes.

• Incident response: A clear plan is in place to detect, investigate, and respond to any security incident promptly.

4. Innovative Data Protection via API

Adsroid’s AI agent operates without storing platform data such as ad spend, clicks, or performance metrics.

• Each request is made directly via API, triggered by the user or a notification.
• Data is processed only in real time, never accumulated into a database.
• All AI-driven recommendations remain transparent and explainable, in line with emerging EU AI Act requirements

Use of Large Language Models (LLMs):

To provide optimal recommendations and insights, Adsroid may process certain data in real time through Large Language Models (LLMs). These models are used exclusively to analyze the data requested by the user and to generate tailored suggestions.

• Adsroid may rely on multiple LLM providers and models, without being limited to a single one.
• Processing is performed only on-demand and is limited to the scope of the user’s request.
• All outputs remain transparent and explainable, in accordance with the EU AI Act.

This real-time, on-demand approach ensures maximum security and performance while avoiding the common risks associated with large dataset storage.

5. User Best Practices

To further protect your account:

• Use strong, unique passwords.

• Enable two-factor authentication (2FA) when available.

• Avoid sharing your login credentials with third parties.

6. Data Retention

• Platform data: Never stored after processing.

• Internal data (e.g., account info, settings, identifiers): Retained only as long as necessary to provide the service, following our [Privacy Policy].

• Retention period: Limited strictly to the time required for processing (seconds to minutes for API calls).

7. Contact

If you have questions regarding security, data protection, or wish to report a potential issue, please contact us:

Email: [email protected]
Website: https://adsroid.com/contact