Enterprise Security & Trust
Your data security and privacy are non-negotiable. Enterprise-grade security from day one.
Security Built Into Every Layer
Enterprise-grade security measures to protect your data and ensure compliance
End-to-End Encryption
All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Your sensitive information is protected at every layer.
Secure OAuth Authentication
Read-only OAuth connections by default. We never store your ad account passwords. Revoke access anytime with one click.
Data Isolation
Your data is logically isolated and never shared with competitors or third parties. Multi-tenant architecture with strict boundaries.
Real-Time Monitoring
24/7 security monitoring with automated threat detection and incident response. Regular penetration testing and vulnerability assessments.
Access Controls
Role-based access control (RBAC) with granular permissions. Multi-factor authentication (MFA) required for all team members.
Audit Logs
Complete audit trail of all actions. Track who accessed what data and when. Immutable logs stored for compliance requirements.
Meeting Global Standards
We maintain compliance with industry standards and regulations worldwide
SOC 2 Type II
2025Independent audit of our security, availability, and confidentiality controls.
GDPR
ActiveFull compliance with EU General Data Protection Regulation for data privacy and rights.
CCPA
ActiveCalifornia Consumer Privacy Act compliance for data transparency and consumer rights.
ISO 27001
2026International standard for information security management systems.
Your Privacy Is Our Priority
We're committed to protecting your privacy and giving you control over your data
Transparency
Clear, honest communication about how we collect, use, and protect your data. No hidden practices.
Your Data, Your Rules
You own your data completely. Export anytime, delete with one click. No lock-in, no hidden fees.
Limited Data Collection
We only collect what's necessary to provide our service. No unnecessary tracking or profiling.
No Third-Party Sharing
Your data is never sold or shared with third parties for marketing. Your competitors never see your data.
Granular Controls
Fine-grained control over data sharing preferences. Opt in or out of product improvements and analytics.
Data Retention
Clear retention policies. Historical data kept securely for analysis, deleted upon request or account closure.
Security Questions
Common questions about our security and privacy practices
Where is my data stored?
All data is stored in secure, SOC 2 compliant data centers in the United States (AWS us-east-1 and us-west-2). Data is encrypted at rest using AES-256 encryption and in transit using TLS 1.3.
Do you have access to my ad account passwords?
No. We use OAuth 2.0 authentication with read-only permissions by default. We never see or store your ad account passwords. You can revoke access at any time from your account settings.
How do you handle data breaches?
We have a comprehensive incident response plan with 24/7 monitoring. In the unlikely event of a breach, we will notify affected users within 72 hours and provide detailed information about the incident and remediation steps.
Can I export my data?
Yes. You can export all your data at any time in standard formats (CSV, JSON). If you cancel your account, you retain access to historical reports and can export your data before deletion.
Is my data shared with other Cresva customers?
Never. Your data is logically isolated and never shared with competitors or other customers. Aggregated, anonymized insights may be used to improve our models, but only with your explicit consent.
What happens to my data if I cancel?
Upon cancellation, your data is retained for 30 days to allow for account reactivation. After 30 days, all data is permanently deleted from our systems. You can request immediate deletion at any time.
Do you support SAML/SSO?
Yes. SAML 2.0 and OAuth SSO are available on Enterprise plans. We support integration with Okta, Azure AD, Google Workspace, and other major identity providers.
How often do you perform security audits?
We conduct internal security audits quarterly and work with third-party security firms for annual penetration testing. We're currently pursuing SOC 2 Type II certification.
Still have questions about security?
Contact our security team→