ScaleySecurity
Your data stays yours.
We treat your ad account and your customer data the way we'd want ours treated. Short version: least privilege, encrypted everything, audit everything.
GDPR
Compliant
SOC 2 Type II
Audit in progress
AES-256
At rest
TLS 1.3
In transit
Access model
- OAuth 2.0 only — we never see your Google password
- Read-only by default. Write access is opt-in per action type
- Every change is logged with the user, timestamp, and reason
- Revoke Scaley's access from your Google account in one click, anytime
Data handling
- All credentials encrypted at rest with AES-256
- TLS 1.3 for everything in transit
- EU data residency available on request
- GDPR compliant — DPA available, data deletion on request
- SOC 2 Type II audit in progress (2026)
What we store
- Campaign performance data (read from your ad accounts)
- Product feed data (SKU-level performance, margins if provided)
- Your account settings and rule configurations
- Change history for audit purposes
What we don't store
- Your Google password (we never see it)
- Payment details (handled by Stripe)
- Customer PII from your Shopify store beyond aggregate conversion data
Subprocessors
- Google Cloud — infrastructure (EU region available)
- Vercel — web hosting
- Stripe — billing
- Slack — optional weekly report delivery
Reporting a vulnerability
- Email security@scaleyai.com with details
- We acknowledge within 24 hours and patch critical issues within 72
- Responsible disclosure rewarded — reach out for the program details
Need a DPA, security questionnaire, or penetration test summary? security@scaleyai.com
Stop paying agencies for grunt work.
Connect your Google Ads, run the free audit, turn on what you want. Your media buyer starts working the moment you sign up.
14-day free trial · no credit card · cancel anytime