TargetAYSAI
Smart ads. Better results.
Back to home

Security Policy

Effective Date: July 11, 2026

Last Updated: July 11, 2026


1. Introduction

This Security Policy describes the security principles, controls, and practices implemented by TargetAYS to protect user accounts, Personal Data, business information, and platform infrastructure.

Security is an ongoing process. TargetAYS continuously evaluates and improves its security posture as the Services evolve.

This Policy should be read together with the Privacy Policy, Terms of Service, and related legal documents.


2. Security Principles

TargetAYS is designed around the following principles:

  • Confidentiality
  • Integrity
  • Availability
  • Least Privilege
  • Defense in Depth
  • Secure by Default
  • Privacy by Design
  • Continuous Improvement

These principles guide the design, operation, and maintenance of the Services.


3. Infrastructure Security

TargetAYS uses modern cloud infrastructure designed to support secure service delivery.

Security measures may include:

  • encrypted HTTPS communication;
  • TLS encryption;
  • secure cloud hosting;
  • firewalls;
  • network segmentation where appropriate;
  • infrastructure monitoring;
  • automated security updates;
  • secure deployment pipelines;
  • backup infrastructure.

Infrastructure providers maintain additional physical and operational security controls.


4. Authentication Security

User authentication is protected through modern authentication mechanisms.

Depending on available features, TargetAYS may support:

  • Google Sign-In;
  • OAuth authentication;
  • secure session management;
  • encrypted authentication tokens;
  • session expiration;
  • session revocation.

Passwords for third-party advertising platforms are never intentionally collected or stored by TargetAYS.


5. Authorization

TargetAYS applies the principle of least privilege.

Access to systems and data is limited to the minimum level reasonably necessary.

Authorization controls may include:

  • role-based permissions;
  • resource ownership verification;
  • session validation;
  • API authorization;
  • integration-specific permissions.

6. Encryption

TargetAYS protects information using industry-standard encryption.

This may include:

  • TLS encryption for data in transit;
  • encrypted storage where appropriate;
  • encrypted authentication credentials;
  • encrypted API communications;
  • secure key management.

Encryption technologies are periodically reviewed and updated.


7. Data Protection

TargetAYS implements safeguards designed to protect:

  • user accounts;
  • project information;
  • AI conversations;
  • campaign configurations;
  • advertising integrations;
  • uploaded files;
  • business information.

Access is restricted to authorized processes and personnel where required.


8. AI Security

AI-powered features are implemented with security considerations in mind.

TargetAYS seeks to reduce the risk of:

  • prompt injection attacks;
  • unauthorized prompt disclosure;
  • abuse of AI-generated content;
  • malicious automation;
  • misuse of AI outputs.

Users remain responsible for reviewing AI-generated content before publication or business use.


9. API Security

TargetAYS APIs are protected through authentication and authorization controls.

Security measures may include:

  • access tokens;
  • OAuth;
  • permission validation;
  • request logging;
  • rate limiting;
  • abuse detection;
  • token expiration;
  • secure transport encryption.

API credentials should never be shared publicly.


10. Third-Party Integrations

TargetAYS integrates with trusted third-party providers.

Examples may include:

  • Google;
  • Meta;
  • OpenAI;
  • Supabase;
  • Vercel;
  • Resend;
  • payment providers.

Each integration is configured to request only the permissions reasonably necessary for its intended functionality.


11. Monitoring and Logging

TargetAYS monitors platform activity to improve security and reliability.

Monitoring may include:

  • authentication events;
  • API requests;
  • infrastructure health;
  • failed login attempts;
  • security alerts;
  • application errors;
  • service availability.

Logs are retained only for legitimate operational, legal, or security purposes.


12. Vulnerability Management

TargetAYS continuously evaluates security risks.

Security activities may include:

  • vulnerability assessments;
  • dependency updates;
  • software patching;
  • infrastructure reviews;
  • security testing;
  • monitoring for publicly disclosed vulnerabilities.

Critical issues receive priority remediation.


13. Security Incident Response

If a security incident occurs, TargetAYS aims to:

  1. identify the incident;
  2. contain the impact;
  3. investigate the cause;
  4. remediate vulnerabilities;
  5. restore normal operations;
  6. notify affected parties where required by applicable law.

Incident response procedures are periodically reviewed and improved.


14. Backup and Recovery

TargetAYS maintains backup procedures intended to support business continuity.

Backups may include:

  • application databases;
  • configuration information;
  • system settings;
  • operational data.

Backup retention periods may vary according to operational and legal requirements.

Recovery procedures are tested periodically where reasonably practicable.


15. Business Continuity

TargetAYS is designed to improve resilience against unexpected disruptions.

Continuity planning may include:

  • infrastructure redundancy;
  • automated deployment;
  • cloud-based recovery;
  • backup restoration procedures;
  • monitoring of critical services.

Despite these measures, uninterrupted service cannot be guaranteed.


16. Responsible Disclosure

We encourage responsible reporting of suspected security vulnerabilities.

If you believe you have identified a security issue, please contact:

[security@targetays.com](mailto:security@targetays.com)

Please include:

  • a description of the issue;
  • affected functionality;
  • reproduction steps where appropriate;
  • supporting evidence.

Do not publicly disclose vulnerabilities before TargetAYS has had a reasonable opportunity to investigate and address the issue.


17. Prohibited Security Testing

Users must not perform unauthorized:

  • penetration testing;
  • vulnerability scanning;
  • denial-of-service testing;
  • exploitation attempts;
  • credential attacks;
  • security bypass attempts.

Security testing requires prior written authorization from TargetAYS.


18. User Responsibilities

Users help protect the security of the Services by:

  • using strong passwords for external accounts;
  • protecting authentication credentials;
  • reviewing connected integrations;
  • reporting suspicious activity;
  • maintaining secure devices;
  • keeping browsers updated;
  • using trusted networks where possible.

Users should immediately report suspected account compromise.


19. Security of Connected Advertising Accounts

Users remain responsible for the security of their advertising accounts.

TargetAYS cannot protect accounts where:

  • credentials have been compromised;
  • third-party permissions have been improperly granted;
  • users disclose authentication information;
  • external accounts are independently compromised.

Users should regularly review permissions granted to TargetAYS and other connected applications.


20. Third-Party Infrastructure

TargetAYS relies upon reputable third-party infrastructure providers.

Although these providers maintain extensive security controls, TargetAYS cannot guarantee uninterrupted availability or absolute security of third-party services.

Each provider remains responsible for its own infrastructure.


21. Compliance

TargetAYS seeks to align its security practices with generally accepted industry standards and applicable legal requirements.

Security controls continue to evolve as the Services grow.


22. Policy Updates

This Security Policy may be updated periodically to reflect changes in technology, infrastructure, legal requirements, or security practices.

Material updates will be published on the TargetAYS website.

The "Last Updated" date identifies the current version.


23. Contact Information

TargetAYS

Website: https://targetays.com

Security Reports: security@targetays.com

General Support: support@targetays.com

Legal: legal@targetays.com

Privacy: privacy@targetays.com

Legal Entity: To be added after company registration.

Registered Address: To be added after company registration.

Country of Registration: To be added after company registration.


24. Related Documents

This Security Policy should be read together with:

  • Privacy Policy;
  • Terms of Service;
  • Acceptable Use Policy;
  • AI Usage Policy;
  • Data Deletion Policy;
  • Cookie Policy;
  • Refund & Cancellation Policy.

© 2026 TargetAYS. All rights reserved.