Security Policy | Ad Radar

1. Introduction

This Ad Radar Security Policy outlines the organizational and technical measures that the company undertakes to protect customer data from unauthorized access or disclosure.

2. Personnel

Structure

The Security and compliance team coordinates all security programs, internal audits, and governance of the programs across Ad Radar. The team reports to the CTO who reports directly to the CEO.

Background Checks

All offers of employment at Ad Radar are effected on the completion of a background check. All third-party contractors who may have any exposure to data are subject to a background check before commencing an engagement.

Security and Data Privacy Trainings

Employees and third-party contractors attend onboarding orientation and must complete security awareness and data privacy instructions. System access is revoked for any who do not complete training promptly. Annual Security Awareness and Data Privacy training modules are required.

Physical and Logical Access

Access to systems is authorized and provisioned according to role-based access controls (RBACs). All access requires successful authentication using multi-factor authentication (MFA). Upon termination of employment or contract, access to Ad Radar systems and offices is revoked.

3. Network and Application Security

Architecture

Ad Radar uses Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure as cloud platforms. This infrastructure spans multiple regions and availability zones for redundancy, performance, and disaster recovery.

Application Security

Security is integrated into the software development lifecycle (SDLC). Peer review of source code is part of the SDLC process. Security testing is performed at various stages of the development lifecycle, including automated tests and periodic penetration testing.

4. Data Protection

Encryption

All Customer Data is encrypted at rest using AES-256 encryption. All data in transit is encrypted using TLS 1.2 or higher.

Data Isolation

Each customer's data is stored in logically separated environments. Customer data is not commingled with other customers' data.

Backups and Recovery

Customer Data is backed up regularly. Ad Radar maintains a business continuity and disaster recovery plan that is tested annually.

5. Incident Response

Ad Radar maintains a formal security incident response plan. In the event of a security incident affecting Customer Data, Ad Radar will notify affected customers in accordance with applicable legal requirements.

6. Compliance

Ad Radar's security practices are aligned with industry standards including SOC 2 Type II, ISO 27001, GDPR, and CCPA. Ad Radar undergoes annual third-party security audits and penetration testing.

7. Contact

For security-related inquiries or to report a vulnerability, please contact security@adradar.com.