Security & trust
Matchfyre reads sensitive advertising data, so the security posture is part of the product, not an afterthought. Here is exactly how it works.
We connect via Google OAuth on a read-only basis (scope adwords). Matchfyre never modifies your account, places bids, or changes budgets. We read account structure and cost metrics only, to build your plan and compute CPL.
Google (and, later, Microsoft) OAuth tokens are encrypted at rest with AES-GCM and never stored in plaintext. Access is least-privilege and limited to operating the Service.
Every query is scoped by workspace_id. One workspace is the boundary between your clients, so data never leaks across tenants.
Personalization runs locally from URL parameters. Telemetry is sent fire-and-forget (sendBeacon or fetch keepalive). The snippet is designed to fail safe and minimize what it collects.
We share data only with vetted providers acting on our behalf. The current list is also kept in our DPA.
| Provider | Purpose | Region |
|---|---|---|
| Cloudflare | Hosting, CDN, edge compute, security | US / EU |
| Neon | Managed PostgreSQL database | US / EU |
| Clerk | Authentication and identity | US |
| Google Ads API | US | |
| Anthropic (Claude) | Generating the personalization plan (no training on your data) | US |
Found something, or have a question about how we handle data? Email privacy@matchfyre.com. Data handling is described in full in our Privacy Policy.