Skip to main content

Security

Last updated: March 1, 2026

At AdUplift, protecting your data is a core priority. This page outlines our current security practices and our roadmap for continued improvement.

1. Infrastructure

The AdUplift platform is deployed on Cloudflare's global edge network. This provides built-in DDoS protection, automatic failover, and low-latency access worldwide. Our application runs on Cloudflare Workers with data stored in Supabase PostgreSQL (via Cloudflare Hyperdrive) and R2 (object storage), with Row Level Security (RLS) enforcing tenant data isolation for business data at the database layer.

2. Data Encryption

  • In transit — All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher.
  • At rest — Data stored in our databases and object storage is encrypted using AES-256 encryption provided by Cloudflare's infrastructure.

3. Access Controls

We enforce strict access controls across the platform:

  • Role-based access control (RBAC) for team members within organizations.
  • Multi-factor authentication (MFA) support for user accounts (planned / coming soon).
  • Principle of least privilege for internal system access.
  • Session management with automatic expiration and device tracking.

4. Application Security

Our development process incorporates security at every stage:

  • Code review required for all changes before deployment.
  • Automated dependency scanning to detect known vulnerabilities.
  • Input validation and parameterized queries to prevent injection attacks.
  • Content Security Policy (CSP) and other HTTP security headers.

5. Data Isolation

AdUplift uses a multi-tenant architecture with strict data isolation between organizations. Each organization's data is logically separated and access is enforced at the application layer. Team members can only access data within the organizations they belong to.

6. Incident Response

In the event of a security incident, we follow a structured response process:

  • Detection — Monitoring and alerting systems to identify potential incidents.
  • Containment — Immediate steps to limit the scope and impact.
  • Notification — Affected users will be notified within 72 hours of confirmed incidents involving personal data.
  • Remediation — Root cause analysis and corrective measures to prevent recurrence.

7. Compliance Roadmap

We are actively working toward the following certifications and standards:

  • SOC 2 Type II audit (planned)
  • GDPR compliance measures in place
  • Regular third-party penetration testing (planned)

We will update this page as we achieve new milestones.

8. Responsible Disclosure

We value the security research community. If you discover a vulnerability in our Service, we encourage you to report it responsibly:

  • Email your findings to security@aduplift.io with "Security Report" in the subject line.
  • Provide sufficient detail for us to reproduce and address the issue.
  • Allow reasonable time for us to investigate and remediate before public disclosure.

9. Contact

For security-related inquiries, please contact us at security@aduplift.io.