Skip to content
English
More support
Contact us
  • There are no suggestions because the search field is empty.

Security, Privacy, and Access Management when connecting ad accounts on Grasp

Security, Privacy, and Access Management on Grasp

At Grasp, the security and privacy of your data are our top priorities. We implement strict management and protection measures in line with the most recognized standards, including ISO 27001, an international standard for information security management.

 

Access Management and User Permissions

Access to information on Grasp is controlled through permission systems that vary depending on the integrated platforms (ie. Meta, DV360, etc.). We follow the principle of least privilege, meaning we request only the necessary permissions required for specific tasks.

However, the level of access granularity may vary between platforms. This means that depending on the platform, we may not always be able to enforce permissions as finely as we desire, based on the platform offering in terms of right management.

 

Data Collection: Extension and API

Grasp collects information via two primary methods:

Through Extension: The calls made by our extension are client-based, meaning they can be viewed directly through the browser's inspector. This ensures full transparency regarding the information being transmitted. Our extension only collects data related to compliance with specific guidelines. If a guideline in not applied on a particular element, no data is collected for that element.

Through API: API interactions are strictly limited to read-only calls, with no write operations, except for specific clients using our Taxofix solution. Additionally, we only retrieve the minimum necessary data through read calls to provide the service.

 

Types of Data Collected and Stored

We clearly distinguish between the information we store and the information we temporarily read, and are only storing data needed to perform our services.

In grey: information filled by the user on the Grasp platform or calculated by Grasp.

In black: data we are getting from the extension or API.

Campaigns structures (Campaigns, ad sets, ads, line items, insertion orders, etc.):

  • AdAccount
  • Name
  • Id
  • Network (platform)
  • Start time
  • Last update
  • Status (active, achieved, paused, deleted)
  • Comments
  • Compliance (true/false)
  • Updated by

Ad-Accounts:

  • Name
  • Id
  • Business
  • Token
  • labels

Taxonomies (only if used):

  • Templates
  • Fields
  • Fields values
  • Field Group
  • Template Group
  • Field type
  • Settings

Org:

  • Org name
  • Parent org
  • Parent type
  • Partner orgs
  • Summary email frequency
  • Summary email content
  • Default platforms

Users & teams:

  • First Name
  • Last name
  • Email
  • Roles
  • Status
  • Last activities
  • Platforms

SSO & external integrations:

  • Teams Tenant ID
  • Slack Access tokens & user ids
  • SSO metadata document

Guidelines:

  • Title
  • Group
  • Type
  • Settings
  • Conditions
  • Alerts
  • Sharing settings

To ensure data protection and privacy, we have implemented a Time-to-Live (TTL) for all the data that we need to process but not to store on long term. This means that the information is retained in our databases for a maximum of 15 days, after which it is automatically deleted.