Security & Compliance
Data Handling & Security Policy
How Ryze AI handles advertising data, conversations, and account information across the platform — for security reviewers, compliance officers, and anyone evaluating Ryze.
Zero ad-data storage
Campaign metrics, spend, and creatives are fetched live via API and discarded the moment a response is delivered. Nothing is written to disk.
Never sold or shared
Your advertising data, conversations, and account info are never sold, licensed, or shared with other customers, partners, or data brokers.
Not used to train AI
Conversations, campaign data, and usage patterns are never used to train or fine-tune Ryze's models or anyone else's.
Encrypted everywhere
TLS 1.2+ in transit, encryption at rest for stored data, and tokens held exclusively in Google Cloud Secret Manager — never in plaintext.
Least-privilege OAuth
We request only the minimum scopes needed for read access and campaign management via Google and Meta's official OAuth 2.0 flows.
Revoke access anytime
Disconnect Ryze from your Google or Meta account settings in one click — all associated access is terminated immediately.
Data classification
What we handle, and how
Every category of data Ryze touches, where it lives, and how long it's kept.
| Data type | Examples | Storage | Retention |
|---|---|---|---|
| Advertising data | Campaign metrics, ad spend, impressions, clicks, conversions, creatives | None — fetched live via authenticated API calls, held in-memory only | Discarded after each request |
| Dashboard data | Performance charts, campaign overviews, account summaries | Client-side browser cache only | Session-scoped — cleared on logout or browser close |
| Conversation data | User messages, AI responses, generated insights | Encrypted database (server-side) | Persistent until user-initiated deletion |
| Account metadata | Email, subscription plan, billing info | Encrypted database | Duration of account |
| Ad account credentials | OAuth tokens, refresh tokens, account connection details | Google Cloud Secret Manager — always encrypted, never plaintext | Until revoked by user |
Zero-storage architecture
Advertising data never touches our servers
Ryze maintains no database, cache, or file storage for ad data. Everything is fetched live and discarded after processing.
- 1
User submits a query in the Ryze AI chat interface — e.g. “Show me last week's campaign performance.”
- 2
Ryze identifies the required data scope and initiates an authenticated call to Google Ads API or Meta Marketing API.
- 3
The ad platform validates OAuth 2.0 credentials and returns data over a TLS-encrypted connection.
- 4
Data is passed in-memory to Ryze's multi-agent system for analysis — never written to disk, database, or any persistent store.
- 5
The AI-generated response is returned to the user. Raw advertising data is released from memory immediately after.
Key properties
- No server-side storage — no ad data in any database, log file, or file system
- No data logging — ad data is never logged, indexed, or fed into analytics
- No post-request access — once a request completes, the data cannot be retrieved by anyone, including Ryze staff
- Fresh fetch every time — no data reuse across requests
Conversations & dashboards
What's stored, and what isn't
Stored in conversations
- Natural language messages and queries
- AI-generated insights, recommendations, and suggested actions
- Conversation metadata — timestamps, session identifiers
Encrypted at rest, TLS 1.2+ in transit. Access restricted to authenticated services with role-based controls.
Never stored in conversations
- Raw advertising data — only the AI's interpreted summary is retained
- OAuth tokens or API credentials
- Personally identifiable information from ad platforms
Dashboard views render from the browser's local cache only — session-scoped, cleared on logout, never persisted server-side.
Infrastructure & access control
Built on Google Cloud, isolated by tenant
Ryze runs entirely on Google Cloud Platform, with strict tenant isolation so one customer's data is never visible to another.
Compute
Google Cloud Run — fully managed, serverless containers. Each request runs in an isolated instance with no shared in-memory state.
Database
Conversations and account metadata live in Firebase Firestore with encryption at rest enabled by default.
Secrets
OAuth tokens and credentials are held in Google Cloud Secret Manager with strict IAM-based access controls.
Tenant isolation
GDPR & regulatory compliance
Your rights over your data
Ryze acts as a Data Processor for advertising data, and jointly as Controller/Processor for account and conversation data. All GDPR data subject rights are supported.
Right to Access
Request a full export of stored data at any time.
Right to Erasure
Request deletion of all data — conversations, metadata, OAuth tokens — permanently.
Right to Rectification
Update or correct account information within the platform.
Right to Data Portability
Request conversation data in a machine-readable format.
Right to Restrict Processing
Revoke OAuth access to pause all ad-data processing immediately.
Right to Object
Close your account to trigger full data deletion.
Data residency
The entire stack — Cloud Run, Vertex AI, Firestore, Secret Manager — can be region-locked to any GCP region, including the EU, so the full pipeline never leaves EU territory for EU customers.
DPA & sub-processors
A Data Processing Agreement is available for enterprise and agency customers on request. Sub-processors: Google Cloud Platform, Google Ads API / Meta Marketing API, and Stripe for payments.
At a glance
Data handling summary
| Component | Stored on Ryze servers? | Where it lives | Encryption |
|---|---|---|---|
| Ad account data | No | Google / Meta servers only | N/A — not stored by Ryze |
| Dashboard views | No | User's browser local cache | N/A — client-side only |
| Chat conversations | Yes | Encrypted Firestore database | At rest + in transit (TLS 1.2+) |
| Ad account credentials | Yes | GCP Secret Manager (always encrypted) | At rest + in transit, never plaintext |
| User account info | Yes | Encrypted Firestore database | At rest + in transit |
| Data sold to 3rd parties | Never | N/A — we do not sell or share data | N/A |
Questions for your security review?
Reach out for a Data Processing Agreement, audit request, or data deletion request.
hello@get-ryze.aiThe consumer-facing version lives in our privacy policy and MCP privacy policy.

