How AdQuick Safeguards Your Data And Ours

At AdQuick, data is and always has been core to our business. We take data security seriously, and we’re deeply committed to protecting all of the data that flows through our pipes. Here are some of the measures we take to ensure that your data and ours stays safe and secure.

How AdQuick Safeguards Your Data And Ours

Data is and always has been core to our business.

At AdQuick, our mission is to empower marketers to put their message into the world via easy-to-execute, measurable, and effective out-of-home advertising.  A key component of the performance we enable is our slew of proprietary campaign planning tools, which are powered by six robust datasets.  We also help marketers activate their own first party data to further drive the performance of their OOH and OOH retargeting campaigns and to attain accurate, actionable, and granular OOH campaign analytics.  

We take data security seriously.

Not only do we maintain proprietary datasets, but we also often incorporate data from our customers for use in their own campaigns. We understand the seriousness of this responsibility, as the data that our customers share with us sometimes includes their own customers’ data.  That is why we’re deeply committed to protecting all of the data that flows through our pipes.

Your data is safe with AdQuick.

Here are some of the measures we take to ensure that your data is safe:

We have strict safety measures around our data assets.

Our standard safety measures span various levels, including networks and IT to prevent a DDoS attack, as well as on applications to avoid account breaches. Some specific actions include:

  • We rotate database keys regularly, and have restricted key access as much as possible.
  • We’ve implemented encryption for sensitive data.
  • We’ve defined diverse and specific roles for users that allow us to use granular permissioning and restrict access.
  • We have regular internal security & code audits.
  • We make sure that all SQL queries, forms, params, etc. are sanitized.

We carefully consider the human element.

We take many measures to prevent employees from accidentally exposing sensitive or proprietary data. Some of these include:

  • Requiring all employees to utilize two factor authentication
  • Ensuring passwords are regularly updated, facilitated via a single sign-on solution
  • Ensuring passwords are consistent in strength and complexity, facilitated via the use of password management technology
  • Employing regular testing designed to identify any weaknesses in our information systems
  • Requiring that our entire team take regular security trainings to help them detect phishing emails and avoid opening any malicious messages or attachments
  • Minimizing the points of vulnerability by limiting access to data

We thoroughly vet third parties.

We are diligent in asking our third and downstream partners the hard questions about their security practices, and we enforce our data security policies through service-level agreements (SLAs) and contract clauses.  Specifically, we make sure that our cloud service and data store partners comply with either SOC 2 or ISO 27001.

We’re prepared in case of an emergency.  

Rest assured that we have an advanced, detailed and well-rehearsed incident response plan for use in the unlikely case of an issue or attack.

We’re careful with our customers’ 1st party data.  

We have strict guidelines in place to ensure that all customer data we receive (such as sales data provided to us for ad campaign effectiveness analyses) remains secure and siloed.  Here’s an overview of our process:

  • We set up private buckets on Amazon S3 for clients to upload their data; the data is never transferred over email.
  • We request that clients encrypt this data with a password, which should be sent directly to our analyst.
  • We create an AWS bucket that is secure and is only accessible by each client and our analyst team. We require two-factor authentication and strong passwords for all AWS logins.
  • Analysts on each client project download the client data directly from the S3 bucket, then run the analysis locally on their machines. This means that this data never hits our web servers or is exposed to the internet in any way other than the upload & download from S3.
  • The results document is encrypted, and uploaded to the S3 bucket for our clients to access.  It is not sent over email. We provide the password to unencrypt separately.
  • Once the analysis is complete and the results are transferred, the analyst permanently deletes the sales data from their machine, and we delete the data & the report from the S3 Bucket.

Again, we require all of our team members to use FileVault encryption on their local machines and maintain strong passwords.

If you have any questions about our data acquisition, processing, storage, or usage processes, please don’t hesitate to reach out to your dedicated account team.