Ground truth
requires ground rules.

How we protect your attribution data, where it lives, and what we're building next.

Checking status…
View /health endpoint →
What We Do Today

Active Security Posture

Cryptographic Audit Trail

SHA-256 hash chain, append-only. Every reconciliation event is immutable and independently verifiable.

Data Siloing

Audit data never leaks back into programmatic bidding streams. Your reconciliation data stays in reconciliation.

GDPR Special Purpose 1

Processing basis: “security, fraud prevention, fix errors.” Client data processed as advertiser’s authorized reconciliation agent.

Tombstone Records

GDPR/PII deletion requests produce cryptographic tombstone records — proof of deletion without breaking the audit chain.

Zero Cross-Contamination

Each client’s data is logically isolated. No shared inference models, no pooled datasets, no “anonymized” blending.

Encrypted Transit & Rest

TLS 1.3 in transit. AES-256 at rest. No exceptions, no fallbacks.

Compliance Roadmap

Where we’re headed.

GDPR Compliance

Active

Special Purpose 1 processing basis. Tombstone deletion records. Data processed as advertiser’s authorized reconciliation agent.

TAG Certification

Targeted Year 1–2. Trustworthy Accountability Group certification for anti-fraud operations in the digital advertising supply chain.

SOC 2 Type II

Targeted Year 3+. Full audit of security, availability, processing integrity, confidentiality, and privacy controls.

Data Lineage

Where your data lives.

Service Data Processed Compliance Details
Hosting Application logic, session data US-based cloud provider, SOC 2 Security page →
Database Reconciliation records, audit trails Managed PostgreSQL, US region, encrypted Security page →
CDN / DNS Edge caching, DNS resolution Cloudflare, SOC 2, ISO 27001 Security page →
Media Storage Static assets, report exports Cloudflare R2, S3-compatible, encrypted Security page →
Request detailed subprocessor list →

Vendor-specific mapping provided under NDA / customer relationship.

Methodology

Auditable by design.

Our four-bucket loss taxonomy — Technical, Policy, Suspicious, Consent/Environment — is fully documented and independently auditable. Every classification decision is traceable to source data.

Read Full Methodology Download Whitepaper (Coming Soon)
Documents

Compliance documents.

Security Whitepaper

Detailed architecture and security controls overview.

Coming Soon

Data Processing Agreement

Standard DPA for enterprise clients.

Coming Soon

Penetration Test Summary

Third-party penetration test executive summary.

Coming Soon

SOC 2 Type II Report

Available upon SOC 2 certification completion.

Coming Soon

Questions about security?

We’re happy to walk through our architecture, controls, and compliance posture.

Contact Security