Security & Compliance Overview
Last updated: December 2025
We design the platform to protect client data, respect user consent, and keep operations transparent. This overview summarizes the controls in place for clients.
Data minimization
- Only high-level, non-PII engagement signals are collected (impressions, clicks, page context).
- No browser history or third-party cookie data is accessed.
- Personalization requires consent and can be disabled at any time.
Access controls
- Client data is isolated using scoped identifiers and access boundaries.
- Credential handling follows least-privilege principles.
- Administrative actions are logged for auditability.
Transport security
- All traffic is encrypted in transit (TLS).
- Endpoints accept only authorized requests with validated parameters.
Auditability
- Variant changes are logged with timestamps and rationale.
- Clients can review outcomes and roll back changes as needed.
Client guardrails
- Approved offers, required disclosures, and blocked phrases are enforced before any copy runs.
- Guardrails are managed directly by the client inside the dashboard.
Compliance posture
The platform is built for US compliance expectations, emphasizing consent, transparency, and minimal data collection. Clients remain responsible for their own regulatory obligations, and we provide tools to help meet them.
Questions
For security and compliance questions, email conversioncatalystai@gmail.com.