Skip to content
AdClosr
Security & Trust

Enterprise-grade security, built in from day one.

This page is maintained by AdClosr to answer common security, privacy, and compliance questions about how we operate.

Data protection

TLS 1.3 in transit. AES-256 at rest. Per-tenant key isolation for sensitive workspaces.

Identity & access

SSO via Okta, Microsoft Entra ID, and Auth0. SCIM provisioning. Granular RBAC.

Audit & observability

Immutable audit logs on every admin action, exportable to your SIEM.

The controls we run today

A description of capabilities currently enabled on the AdClosr platform. Shared responsibility: AdClosr operates these controls; customers configure access, retention, and integrations for their workspace.

Authentication

SSO (SAML/OIDC), SCIM provisioning, enforced MFA for admins, configurable session policies.

Authorization

Role-based access control across offices, teams, and pipelines with deny-by-default semantics.

Data at rest

AES-256 encryption on primary stores. Encrypted backups with point-in-time recovery.

Data in transit

TLS 1.3 across all customer traffic. HSTS and certificate pinning on api.adclosr.com.

Infrastructure

Production runs on hardened cloud providers in audited regions with network segmentation and least-privilege IAM.

Vulnerability management

Continuous dependency scanning, automated patching cadence, and annual third-party penetration tests.

Incident response

24×7 on-call with documented runbooks. Customer notification per SLA in our DPA.

Audit logging

Immutable, tamper-evident logs of admin and configuration changes, exportable via API.

Compliance program

Customer-specific compliance commitments (such as audit reports, DPA terms, or certification scope) are confirmed in writing during procurement. This page does not assert third-party certification status.

  • Annual third-party penetration testing
  • Continuous internal security review
  • Documented incident response and notification process
  • Data Processing Addendum available on request
  • Subprocessor list maintained and shared on request

Data residency & privacy

Customers control which region their workspace is provisioned in. AI processing remains within the selected region by default. Personal data handling is governed by the AdClosr DPA.

  • Region selection at workspace provisioning (US, EU, APAC)
  • Per-workspace data export and deletion APIs
  • Customer-controlled retention policies
  • Privacy requests routed to a dedicated owner per workspace
Shared responsibility: AdClosr operates the platform and underlying infrastructure. Customers are responsible for configuring user access, choosing integrations, and managing their end-user communications. Specific certification scope, audit reports, and subprocessor lists are shared under NDA on request.

Need our security package?

Request our DPA, subprocessor list, and security overview directly from our team.

Request security package Contact security
5 days
Onboarding
1 hour
Support SLA
6.8×
ROAS
240+
Customers