Security & Compliance

Data Handling & Security Policy

How Ryze AI handles advertising data, conversations, and account information across the platform — for security reviewers, compliance officers, and anyone evaluating Ryze.

Version 2.0Last updated March 2026Ryze AI Engineering

Zero ad-data storage

Campaign metrics, spend, and creatives are fetched live via API and discarded the moment a response is delivered. Nothing is written to disk.

Never sold or shared

Your advertising data, conversations, and account info are never sold, licensed, or shared with other customers, partners, or data brokers.

Not used to train AI

Conversations, campaign data, and usage patterns are never used to train or fine-tune Ryze's models or anyone else's.

Encrypted everywhere

TLS 1.2+ in transit, encryption at rest for stored data, and tokens held exclusively in Google Cloud Secret Manager — never in plaintext.

Least-privilege OAuth

We request only the minimum scopes needed for read access and campaign management via Google and Meta's official OAuth 2.0 flows.

Revoke access anytime

Disconnect Ryze from your Google or Meta account settings in one click — all associated access is terminated immediately.

Data classification

What we handle, and how

Every category of data Ryze touches, where it lives, and how long it's kept.

Data typeExamplesStorageRetention
Advertising dataCampaign metrics, ad spend, impressions, clicks, conversions, creativesNone — fetched live via authenticated API calls, held in-memory onlyDiscarded after each request
Dashboard dataPerformance charts, campaign overviews, account summariesClient-side browser cache onlySession-scoped — cleared on logout or browser close
Conversation dataUser messages, AI responses, generated insightsEncrypted database (server-side)Persistent until user-initiated deletion
Account metadataEmail, subscription plan, billing infoEncrypted databaseDuration of account
Ad account credentialsOAuth tokens, refresh tokens, account connection detailsGoogle Cloud Secret Manager — always encrypted, never plaintextUntil revoked by user

Zero-storage architecture

Advertising data never touches our servers

Ryze maintains no database, cache, or file storage for ad data. Everything is fetched live and discarded after processing.

  1. 1

    User submits a query in the Ryze AI chat interface — e.g. “Show me last week's campaign performance.”

  2. 2

    Ryze identifies the required data scope and initiates an authenticated call to Google Ads API or Meta Marketing API.

  3. 3

    The ad platform validates OAuth 2.0 credentials and returns data over a TLS-encrypted connection.

  4. 4

    Data is passed in-memory to Ryze's multi-agent system for analysis — never written to disk, database, or any persistent store.

  5. 5

    The AI-generated response is returned to the user. Raw advertising data is released from memory immediately after.

Key properties

  • No server-side storage — no ad data in any database, log file, or file system
  • No data logging — ad data is never logged, indexed, or fed into analytics
  • No post-request access — once a request completes, the data cannot be retrieved by anyone, including Ryze staff
  • Fresh fetch every time — no data reuse across requests

Conversations & dashboards

What's stored, and what isn't

Stored in conversations

  • Natural language messages and queries
  • AI-generated insights, recommendations, and suggested actions
  • Conversation metadata — timestamps, session identifiers

Encrypted at rest, TLS 1.2+ in transit. Access restricted to authenticated services with role-based controls.

Never stored in conversations

  • Raw advertising data — only the AI's interpreted summary is retained
  • OAuth tokens or API credentials
  • Personally identifiable information from ad platforms

Dashboard views render from the browser's local cache only — session-scoped, cleared on logout, never persisted server-side.

Infrastructure & access control

Built on Google Cloud, isolated by tenant

Ryze runs entirely on Google Cloud Platform, with strict tenant isolation so one customer's data is never visible to another.

Compute

Google Cloud Run — fully managed, serverless containers. Each request runs in an isolated instance with no shared in-memory state.

Database

Conversations and account metadata live in Firebase Firestore with encryption at rest enabled by default.

Secrets

OAuth tokens and credentials are held in Google Cloud Secret Manager with strict IAM-based access controls.

Tenant isolation

Each customer's data is logically separated by tenant ID — cross-tenant access is architecturally impossible
Each request runs in an isolated Cloud Run container — no shared state between users
No shared ad data — since it's never stored, there's nothing to leak between tenants
One user's OAuth tokens can never be used to access another user's ad accounts

GDPR & regulatory compliance

Your rights over your data

Ryze acts as a Data Processor for advertising data, and jointly as Controller/Processor for account and conversation data. All GDPR data subject rights are supported.

Right to Access

Request a full export of stored data at any time.

Right to Erasure

Request deletion of all data — conversations, metadata, OAuth tokens — permanently.

Right to Rectification

Update or correct account information within the platform.

Right to Data Portability

Request conversation data in a machine-readable format.

Right to Restrict Processing

Revoke OAuth access to pause all ad-data processing immediately.

Right to Object

Close your account to trigger full data deletion.

Data residency

The entire stack — Cloud Run, Vertex AI, Firestore, Secret Manager — can be region-locked to any GCP region, including the EU, so the full pipeline never leaves EU territory for EU customers.

DPA & sub-processors

A Data Processing Agreement is available for enterprise and agency customers on request. Sub-processors: Google Cloud Platform, Google Ads API / Meta Marketing API, and Stripe for payments.

At a glance

Data handling summary

ComponentStored on Ryze servers?Where it livesEncryption
Ad account data NoGoogle / Meta servers onlyN/A — not stored by Ryze
Dashboard views NoUser's browser local cacheN/A — client-side only
Chat conversations YesEncrypted Firestore databaseAt rest + in transit (TLS 1.2+)
Ad account credentials YesGCP Secret Manager (always encrypted)At rest + in transit, never plaintext
User account info YesEncrypted Firestore databaseAt rest + in transit
Data sold to 3rd partiesNeverN/A — we do not sell or share dataN/A

Questions for your security review?

Reach out for a Data Processing Agreement, audit request, or data deletion request.

hello@get-ryze.ai

The consumer-facing version lives in our privacy policy and MCP privacy policy.

Live results across
2,000+ clients

Paid Ads

Avg. client
ROAS
0x
Revenue
driven
$0M

SEO

Organic
visits driven
0M
Keywords
on page 1
48k+

Websites

Conversion
rate lift
+0%
Time
on site
+0%
Last updated: Jul 4, 2026
All systems ok

Let AI
Run Your Ads

Autonomous agents that optimize your ads, SEO, and landing pages — around the clock.

Claude AIConnect Claude with
Google & Meta Ads in 1 click
>