Security

Your accounts stay
under your
control. Always.

We connect with read-only tokens. We implement only what you approve. Credentials never touch a model context window. And we revoke every token the moment an engagement closes.

Security Status — Active
check_circleRead-only by default. All platform connections use minimum-scope read tokens. No write access without explicit per-campaign approval.
check_circleCredentials in AWS Secrets Manager. API tokens are accessed via CredentialProxy. No key ever appears in a prompt or log.
check_circleNo data retained after engagement. Account data is processed in memory and purged at engagement close.
check_circleNothing changes without your sign-off. Every fix requires written approval before deployment. No defaults, no auto-actions.
check_circleNDA available on request before any account connection is made.
visibility
Read-Only First
Audit and analysis run entirely on read tokens. Write access is opt-in, scoped, and temporary.
key_off
No Keys in Prompts
All credentials live in AWS Secrets Manager. CredentialProxy handles access. Models never see tokens.
delete_forever
Data Purged on Close
No account data is retained after engagement. Nothing is used to train models or benchmark other clients.
how_to_reg
You Approve Everything
No campaign change, no token upgrade, no implementation without explicit written approval from you.
Access Model

Exactly what we can
and cannot do.

Every platform connection is documented before it's made. Here's the precise scope of what each token allows — and what it categorically cannot do.

Platform
What we can read
What we cannot do
How token is stored
Meta AdsFacebook & Instagram
Campaign performance, audience definitions, ad creative, spend data, frequency metrics
Pause, edit, or create campaigns · Access billing · Change budgets · Modify audiences
AWS Secrets Manager · Rotated per engagement · Revoked at close
Google AdsSearch, Shopping & Display
Keyword performance, bid data, campaign structure, search term reports, audience lists
Modify bids or keywords · Pause campaigns · Access payment information · Edit ad copy
AWS Secrets Manager · Read-only OAuth scope · Revoked at close
Google Search ConsoleOrganic performance
Organic keyword rankings, click and impression data, page-level performance
Submit sitemaps · Request indexing · Modify any site settings
AWS Secrets Manager · Viewer permission only · Revoked at close
ShopifyRevenue & orders
Order revenue, conversion data, product performance, channel attribution
Edit orders · Modify products · Access customer PII · Touch inventory or pricing
Custom read-only storefront token · No admin scope · Revoked at close
GA4Session & behavior data
Session data, conversion events, traffic source breakdowns, user behavior aggregates
Modify events · Edit goals · Access raw user data · Change data streams
Viewer role only · Service account scoped to property · Revoked at close
TikTok AdsVideo & in-feed (optional)
Campaign performance, creative metrics, audience data, spend and frequency
Edit campaigns · Modify targeting · Access billing · Upload creative
Read-only Business Center token · Revoked at close
Two Modes of Access

Read-only for the audit.
Write only where you approve it.

Read-Only
Audit & Analysis Phase

Every audit, analysis, Leak Map generation, and ongoing monitoring runs entirely on read-only tokens. This phase never requires write access and we will never ask for it during auditing.

checkPull campaign performance across all platforms
checkCross-reference organic rankings vs. paid spend
checkRead Shopify revenue and attribution data
checkGenerate the full Leak Map report
blockCannot pause, edit, or create any campaign
blockCannot access billing or payment information
blockCannot modify any account settings
Scoped Write
Implementation Phase — Opt-In Only

If you choose to engage for recovery, each approved fix requires a scoped write token — limited to the specific campaign being modified, granted only for the duration of the change, then revoked. There is no standing write access, ever.

checkModify the specific campaign you approved, only
checkAdd negative keywords or audience exclusions as approved
checkApply bid adjustments as specified in the fix approval
blockCannot touch any campaign outside the approved scope
blockCannot retain write access after implementation completes
blockCannot make changes not specified in the written approval
Write Access Lifecycle — From Approval to Revocation
01
Approval Request
Written fix approval sent specifying exact campaign, change, and scope. You sign off explicitly.
02
Token Scoped
Write token generated with minimum permissions for that campaign only. No other campaigns accessible.
03
Change Implemented
Specific approved fix deployed. Confirmation sent to you with a record of exactly what changed.
04
Token Revoked
Write token revoked immediately after implementation. Account returns to read-only access within 30 minutes.
Credential Security

Tokens never touch
a model context window.

Every API key and token flows through AWS Secrets Manager and CredentialProxy. The AI agents that run our audit pipeline are architecturally separated from the credentials they use — by design, not by policy.

01
Credentials Stored in AWS Secrets Manager
All API tokens are stored in AWS Secrets Manager with encryption at rest. Keys are never stored in environment variables, config files, code repositories, or any format accessible outside the secure vault.
SecretId: adleakiq/client/{client_id}/meta_token
KMSKeyId: arn:aws:kms:us-east-1:...
02
CredentialProxy Mediates All Access
When an agent needs to make an API call, it requests the credential through CredentialProxy — a secure intermediary that retrieves the token, makes the call, and returns only the response data. The agent never receives the raw token value at any point in the process.
proxy.call("meta_ads", endpoint="/campaigns",
  client_id="{id}", read_only=True)
03
No Credentials in Prompts or Logs
Agent prompts contain task instructions and structured data outputs — never tokens, keys, or credentials. Our logging infrastructure is configured to detect and redact any credential-shaped string that appears in any log output, with alerts on detection.
04
Security Sentinel Monitors Permission Scope
A dedicated Security Sentinel agent continuously monitors all active token permissions. Any scope expansion beyond what was granted triggers an immediate alert and automatic suspension of that token pending review. Scope drift cannot go undetected.
05
Tokens Rotated and Revoked at Engagement Close
When an engagement ends — for any reason — all tokens associated with that client are revoked within 24 hours. Revocation is automated and confirmed. Clients receive a revocation confirmation email listing every platform token that was decommissioned.
Credential Access Architecture
smart_toy
AI Agent (Audit / Implementation)
Receives task instructions and structured data only. Never sees raw credentials.
↓ requests API call via proxy
swap_horiz
CredentialProxy
Retrieves token, executes call, returns response. Token never exposed to agent.
↓ fetches secret
lock
AWS Secrets Manager
Encrypted token vault. KMS-managed. Audit logged. Scoped IAM access only.
↓ makes scoped API call
cloud
Platform API (Meta / Google / etc.)
Read-only or scoped write call. Response returned up the chain.
We Will Never Do This
blockAsk for admin-level access to any platform account
blockStore credentials in .env files, code, or chat logs
blockRequest access to customer PII or payment data
blockRetain tokens after engagement close
blockUse one client's data to inform analysis of another
blockMake any account change without written approval
Data Handling

What we collect, how long
we keep it, and when we delete it.

We collect the minimum data required to run the audit and verify savings. Nothing is retained beyond its purpose. Nothing is used to train models or shared with third parties.

analytics
Ad Performance Data

Campaign spend, ROAS, CPM, CTR, frequency, and audience data pulled from connected platforms. Used exclusively for waste analysis and geo-holdout measurement. Never retained after engagement close.

Processed in memory only. Not written to persistent storage during the audit phase.
shopping_cart
Shopify Revenue Data

Order revenue, conversion counts, and channel attribution data. Used to reconcile platform ROAS against actual orders and verify geo-holdout savings. Revenue figures are aggregated — individual customer orders are never accessed or stored.

No customer PII, no individual order details, no pricing or inventory data accessed.
person
Contact & Company Data

Name, work email, company name, and website submitted on the audit request form. Used to deliver the Leak Map, communicate during the engagement, and route the recovery report. Not sold, not shared, not used for any other purpose.

Retained only for the duration of the active engagement. Deleted on request or at engagement close.
Data Retention Schedule
Data Type
Where stored
Retention period
Deletion method
Ad platform performance dataSpend, ROAS, audience, creative metrics
In-memory only during audit
Audit cycle only — not persisted
Memory cleared on process completion
Shopify revenue aggregatesOrder counts, revenue by channel
Encrypted at-rest for geo-holdout period
30 days post-measurement (for dispute resolution)
Automated deletion at 30-day mark
Monthly Recovery ReportsVerified savings calculations
Encrypted archive
12 months (invoice record requirement)
Secure deletion at 12 months or on request
API tokens & credentialsAll platform access keys
AWS Secrets Manager only
Active engagement only
Revoked and deleted within 24h of engagement close
Contact & company informationName, email, company, website
Encrypted CRM record
Active engagement + 30 days
Deleted on request or 30 days post-close
Agent Architecture Security

How the AI pipeline is
built to stay in its lane.

The agents that power AdLeakIQ are built with security constraints at the architecture level — not enforced through policy alone. Each agent has a strictly bounded scope it cannot exceed.

hub
Tool-Subset Scoping

Each agent is initialized with only the tools it needs for its specific role. The Prospector agent has access to public enrichment tools and nothing else. The Audit Engine has read-only API access and nothing else. The Implementation Agent has scoped write access only while an approved fix is in progress.

An agent cannot use a tool it wasn't initialized with. Scope isolation is enforced at the infrastructure level, not by instruction.
linear_scale
No Recursive Agent Loops on Critical Actions

Data fetching is deterministic — scripted API calls, not agentic decisions. LLM calls are single-pass with structured output schemas. No agent enters a loop that could make repeated API calls, compound errors, or trigger unintended account changes through iteration.

The architecture follows Stripe's "Minions" pattern: deterministic data fetch → single LLM scoring call → structured output. No mid-run decisions.
person_check
Human Approval Gates on All Material Actions

Every action with real-world consequences — deploying a fix, upgrading a token scope, generating an invoice, declaring an external event — requires explicit human sign-off before the agent proceeds. Approval is logged with timestamp, action, and approver identity.

Agents propose. Humans decide. No autonomous material action occurs in any AdLeakIQ pipeline.
shield
Security Sentinel — Continuous Monitoring

A dedicated Security Sentinel agent runs independently from the audit pipeline. It monitors all active token permissions, checks for scope drift, validates that write tokens are revoked post-implementation, and alerts immediately on any anomaly. It has no ability to take action — only to alert and suspend.

The Sentinel cannot be instructed by other agents. It reports only to the operator. Its alerts bypass the normal pipeline.
gavel
NDA & Confidentiality

A mutual NDA is available on request before any account connection is made. We treat your account data, business performance, and audit findings as strictly confidential by default — the NDA formalizes that commitment.

check_circleMutual NDA — protects both parties equally
check_circleAvailable before any account access is granted
check_circleAudit findings are never shared, published, or referenced without written consent
check_circleYour account data is never used to benchmark or inform any other client's analysis
bug_report
Vulnerability Disclosure

If you identify a security concern with AdLeakIQ's systems, data handling, or agent architecture, we want to know. We commit to acknowledging every report within 24 hours and providing a substantive response within 72 hours.

check_circleResponsible disclosure welcomed and appreciated
check_circle24-hour acknowledgement on every report
check_circleNo legal action against good-faith security researchers
check_circleContact: security@adleakiq.com

Questions about our security model?

We're happy to walk through the architecture in detail before you connect any accounts. Security reviews and technical calls are available on request — no obligation required.

emailsecurity@adleakiq.com
descriptionNDA available on request before any connection
callTechnical review call available — schedule via audit form
Ready to connect?

Read-only access.
48-hour Leak Map.

Connect your accounts with minimum-scope read tokens. Receive your Leak Map in 48 hours. Revoke access anytime — no lock-in, no obligation.

Get My Free Leak Map

Read-only access only · NDA on request · Tokens revoked at engagement close