Skip to main content

Security

Adspirer is built with security-first principles. Your ad account credentials and campaign data are protected at every layer.

Authentication

  • OAuth 2.1 with PKCE — Industry-standard authentication protocol
  • Dynamic client registration — Supported for seamless AI client integration
  • No API keys stored — Authentication tokens are managed server-side
  • Per-platform authorization — Each ad platform requires separate OAuth consent

Data Protection

  • HTTPS/TLS encryption — All data encrypted in transit
  • No conversation logging — Your AI conversations are not stored or monitored
  • No ad data retention — Campaign data is fetched in real-time, not cached
  • Scoped access — You control exactly which ad accounts are accessible

Safety Guardrails

The MCP server includes built-in safety guardrails:
ActionProtected?Details
Delete campaignsYesCannot delete existing campaigns
Pause running campaignsYesRequires explicit confirmation
Modify existing budgetsYesRequires explicit approval
Create new campaignsAllowedWith standard validation
Read performance dataAllowedRead-only access is unrestricted

Compliance

  • SOC 2 Type II aligned practices
  • GDPR-compliant data handling
  • No third-party data sharing
For security questions, contact abhi@adspirer.com.
Last modified on March 22, 2026