Data Privacy & Security

Your data security is our top priority. Here's how we protect your Amazon advertising data.

Our Commitment

Saddle AdPulse is built with enterprise-grade security and privacy controls. We understand that your Amazon advertising data is business-critical and sensitive. Our platform is designed to ensure your data remains secure, private, and under your control at all times.

SOC 2 Type II Compliant
256-bit Encryption
GDPR & CCPA Compliant

What Data We Access

AdPulse requires read-only access to your Amazon Advertising data via the Amazon Advertising API. This includes:

  • Campaign Performance Data: Clicks, impressions, spend, sales, and conversion metrics
  • Search Term Reports: Customer search queries and their performance
  • Keyword and Product Targeting Data: Targeting settings and bid information
  • Campaign Structure: Campaign, ad group, and keyword organization
Important: We NEVER access customer personally identifiable information (PII), order details, buyer contact information, or any data outside your Amazon Advertising account. All API access is read-only and limited to advertising metrics only.

How We Use Your Data

Your advertising data is used exclusively for the following purposes:

  • Optimization Analysis: Identify negative keywords, harvest opportunities, and bid optimization recommendations
  • Impact Measurement: Calculate before/after performance to validate decision quality
  • Forecasting: Simulate potential outcomes using your historical performance data
  • Reporting: Generate account health reports and performance dashboards

We do NOT:

  • Sell your data to third parties
  • Use your data to train models for other customers
  • Share your performance metrics with competitors
  • Access your data for any purpose other than providing our service to you

Security Infrastructure

Data Encryption

All data is encrypted both in transit and at rest using industry-standard AES-256 encryption. API connections use TLS 1.3 for secure data transmission.

Access Controls

Access to your data is restricted to:

  • Your authorized team members only
  • Role-based access controls (RBAC) within your organization
  • Multi-factor authentication (MFA) required for all user accounts
  • Automatic session timeout after 30 minutes of inactivity

Infrastructure Security

We utilize enterprise-grade cloud infrastructure with:

  • AWS/GCP secure data centers with physical security controls
  • Regular security audits and penetration testing
  • Automated vulnerability scanning and patching
  • Network segmentation and firewall protection
  • 24/7 monitoring and intrusion detection systems

Data Retention & Deletion

Your advertising data is retained for as long as your account is active. We retain historical data to enable:

  • Multi-horizon impact tracking (14D, 30D, 60D measurements)
  • Long-term trend analysis and forecasting
  • Historical comparison and benchmarking

Your Rights:

  • Request data export in standard formats (CSV, JSON)
  • Delete specific data sets or campaigns
  • Cancel your account and request complete data deletion within 30 days

Regulatory Compliance

Amazon Advertising API Terms

AdPulse is fully compliant with Amazon's Advertising API Terms of Service and Data Protection requirements. We maintain:

  • Read-only API access with no data modification capabilities
  • Secure credential storage using industry-standard practices
  • Rate limiting and respectful API usage patterns
  • Regular compliance reviews and updates

GDPR Compliance (EU Users)

For users in the European Union, we comply with GDPR requirements including:

  • Right to access your data
  • Right to data portability
  • Right to erasure ("right to be forgotten")
  • Data processing agreements available upon request

CCPA Compliance (California Users)

For California residents, we comply with CCPA requirements:

  • Transparent disclosure of data collection practices
  • Right to know what data is collected
  • Right to delete personal information
  • No sale of personal information to third parties

Security Incident Response

In the unlikely event of a security incident:

  • We will notify affected users within 72 hours
  • Provide transparent communication about the incident scope and impact
  • Implement immediate remediation measures
  • Conduct post-incident analysis and implement preventive controls

Questions or Concerns?

If you have any questions about our data privacy and security practices, or need to exercise your data rights, please contact us:

Email: privacy@saddleadpulse.com
Data Protection Officer: dpo@saddleadpulse.com

Last updated: January 2026