Security at a glance
Read-only API scopes for all ad platforms
AES-256 encryption at rest
TLS 1.3 for all data in transit
Row-level security on database
OAuth tokens encrypted before storage
No ad account write permissions
Enterprise cloud infrastructure with automatic patching
Regular internal security reviews
How we protect your data
Read-only access. Always.
OAuth tokens are requested with read-only scopes on every platform
We cannot create, modify, pause, or delete any ads or campaigns
We cannot move budgets or change bids
You can revoke access from within Meta/Google at any time
Encryption at rest and in transit
All data encrypted at rest using AES-256
All data in transit protected by TLS 1.3
OAuth tokens stored encrypted — never in plaintext
Database backups are also encrypted
Infrastructure security
Hosted on enterprise-grade cloud infrastructure with DDoS and edge protection
Automatic security patching and dependency vulnerability management
Row-level isolation on every data table — users can only access their own data
Secrets stored in encrypted vaults — never in plaintext configuration
Authentication
No passwords stored — sign in via Google OAuth or magic link only
Short-lived session tokens with automatic rotation on every request
Session cookies are HTTP-only and secure
Inactive sessions expire automatically
Third-party sub-processors
We rely on the following trusted services. Each is contractually bound to handle your data in compliance with applicable data protection law.
SupabaseDatabase, storage, and authenticationEU / US
VercelHosting and edge deliveryGlobal CDN
AnthropicAI analysis (Claude API)US
RazorpayPayment processingIndia
Meta / Google / TikTok / LinkedInAd data retrieval via OAuthYour region
Responsible disclosure
If you discover a security vulnerability in Pulse, please report it to us privately before public disclosure. We take all reports seriously and respond within 72 hours.
support@nurdd.club