SOC2

Teads is SOC 2 Type II compliant. To request a copy of our report and other audits please complete the form below to receive our reports.

Software

Cloud services are continuously monitored by our in-house Security Operations Centre. Our CI/CD pipeline allows us to seamlessly improve our product offerings while undergoing rigorous testing.

Vulnerability Management

Assets are scanned continuously for vulnerabilities and are remediated according to industry standard SLAs according to severity.

Vulnerability Disclosure

Teads has partnered withYesWeHack to operate our bug bounty program. We only review reports submitted through the platform. To be added to our program please send your username tosecurity@teads.com. We will then give you access to see our scope and qualifying vulnerabilities.

Infrastructure

Our services are delivered on our cloud-native infrastructure, hosted on AWS and GCP. Both of these hold relevant security certifications for the protection of data and are available upon request from the providers.
Service availability and continuity is guaranteed by load-balancing across multiple availability zones per region. Data is backed up every 24 hours at minimum.

Platform and network security

Access to the Teads Platform is encrypted using TLS 1.2. SSO is available upon request, please speak to your account manager.
Cloud systems are placed behind a WAF, a strict ACL is implemented to prevent access from unauthorized networks.

隱私權

Teads applications are multi-tenant apps. Data is separated through logical and functional controls.AWS data is regionalised, the EU is the default region and there is no communication between the regions.
First party analytics data is stored on Google Cloud Platform (GCP) in the USA. Data transfer for this is covered by the EU Model Clause, and analyzed IPs are hashed (if applicable). With respect to various regional data regulations, we comply with:

• GDPR
• CPRA
• LGPD

Protection

Data is encrypted both at rest and in transit, with deletion occurring automatically as part of a complete data lifecycle.For information regarding data collection and user rights, please see ourPrivacy Policy.