Trust & Security

• Encryption in transit: TLS 1.2+ for all client and inter-service traffic.
• Encryption at rest: AES-256 at the storage layer (Supabase / AWS RDS). Sensitive credentials such as Google Ads OAuth refresh tokens are additionally encrypted at the application layer using AES-256-GCM before being written to the database.
• Authentication: Clerk-managed identity with MFA available; sessions validated server-side on every request.
• Authorization: Every database query is constrained to the requesting organization at the application layer. Postgres row-level security is enabled on all customer tables as defense-in-depth against direct API access.
• Secure coding practices: All SQL is parameterized; webhook endpoints verify cryptographic signatures; rate limiting is enforced on expensive endpoints via Upstash Redis.
• Logging: Logs are redacted of personally identifying information before being sent to Sentry.
• Secrets management: All secrets are stored in environment variables managed by our hosting provider; never committed to source control.

QueryGuard's integration with a customer is intentionally narrow. For each connected account we ingest:

• Google Ads search-term text and the queries that triggered your ads
• Performance metrics: impressions, clicks, spend, conversions, and related per-day counts
• Google Ads customer IDs, campaign and ad-group names, and account metadata

We do not access your Google Ads account structure beyond what is necessary to provide the service, and we do not access source code, financial systems, customer telemetry, or any system outside of the Google Ads account that the connecting user authorizes. Data is treated as Confidential.

Personal data: QueryGuard does not intentionally process personally identifiable information. Search-term data may occasionally contain user-typed personal information; we treat all such data as Confidential. We honor data-deletion requests, do not sell or share customer data, and do not currently transfer EU-resident data — all production infrastructure operates in US regions only.

QueryGuard relies on the following sub-processors. Each is bound by contractual confidentiality and data-protection obligations.

We will provide notice of material changes to this list. Email security@queryguard.io to subscribe to change notifications.

QueryGuard, Inc. is headquartered in the United States. All production infrastructure operates in US regions. We do not route customer data through countries subject to OFAC or other government sanctions, and we do not have personnel or operations in high-risk jurisdictions.

On contract termination or written deletion request, customer data is removed from production systems within 30 days, and from backup media within the standard 35-day backup-rotation cycle.

When you disconnect a Google Ads account: we stop syncing new data immediately, and previously synced data follows the same 30-day production deletion timeline. You may also request immediate deletion of search-term data at any time by emailing support@queryguard.io.

See our Privacy Policy for full details on how data is collected, used, retained, and deleted.

Our resilience posture is delivered through provider-level controls. Vercel provides multi-region edge delivery for the application tier. Supabase Pro provides point-in-time recovery with a 35-day window for the database tier. We use these providers' managed offerings rather than operating our own primary/standby infrastructure.

QueryGuard is an analytics and recommendation tool. An outage delays optimization insights but does not interrupt customers' ad serving, billing, or revenue operations.

QueryGuard is an early-stage company and has not yet completed formal third-party audits. We are sharing our current posture honestly so security teams can make informed decisions.

The following materials are available to customers and prospective customers under a mutual NDA. Email security@queryguard.io.

• Internal Information Security overview (authentication, authorization, secrets management, input validation, webhook security, data protection)
• Architecture and data-flow diagrams
• Data Processing Agreement (DPA)
• Software Bill of Materials (SBOM)
• Certificate of Liability Insurance
• CAIQ-Lite questionnaire response (on a 4–6 week turnaround)
• 30-minute security walkthrough call with the founder/CTO

If you believe you have discovered a security vulnerability in QueryGuard, please report it to security@queryguard.io. We will acknowledge receipt within two business days and work with you on verification, remediation, and disclosure timing. We do not currently operate a paid bug bounty program but we will recognize good-faith reporters publicly with their consent.

In the event of a confirmed security incident affecting customer data, QueryGuard will notify affected customers without undue delay and in any event within the timeframe required by applicable law. Notifications are sent to the security contact on file for each customer organization, with a follow-up after the incident is resolved describing scope, root cause, and remediation.

The following items are on our security roadmap and tracked publicly here:

• Publish a customer-facing Information Security Policy
• Publish a Business Continuity / Disaster Recovery executive summary
• Complete a CAIQ-Lite self-assessment
• Engage an external penetration tester
• Evaluate SOC 2 Type II for 2026/2027