Security and Privacy
Adjust gives you complete visibility and control over your data.
Our dedicated full-time security team takes care of the confidentiality, availability, and integrity of the data processed and stored by Adjust.
Adjust’s information security management system is regularly audited by a reputable certificate authority TUV Nord, and accredited with ISO/IEC 27001 certification since 2020.
The International Organization for Standardization (ISO) 27001:2013 is the international security standard establishing the requirements of a credible and effective information security management system. We are proud to maintain industry best practices providing continued confidentiality, integrity and availability of information as well as legal compliance to our customers.
We’ve been ePrivacy certified since 2015 and have renewed the certificate in 2021. The certification covers the requirements of the General Data Protection Regulation (GDPR) for digital products.
GDPR & CCPA
CARU COPPA Safe Harbor
We are constantly working to ensure our policies follow the most stringent privacy regulations. Safe Harbor is the only certification designed to ensure both our products and advertising practices comply with COPPA and CARU’s child-centric guidelines.
Adjust’s security posture leverages the security strategies of security by design and defense-in-depth, with the aim to reduce the attack surface. One such example is our infrastructure.
We improve reliability by operating a geographically distributed infrastructure in partnership with our IAAS provider. Each of our three data centers has been designed with layered security controls and hardware components completely redundant to eliminate single points of failure.
More significantly, the absence of traditional cloud platforms and virtualization technologies in our production environment allows us to avoid the exposure to many serious security risks from the very beginning of our asset lifecycle.
Our reduced exposure to security risks also explains our concise security accreditation. The more risks you are facing, the more security controls and certifications are needed to guarantee an adequate level of security.
Because of that, Adjust doesn’t need a plethora of certifications because our exposure to risks is much more restricted. That’s why ISO/IEC 27001 is enough to undertake effective risk management, tailored to our own business objectives and risk appetite.
Adjust is the sole processor of the data it collects for its clients and nobody else has access to it. In other words, all the data Adjust collects on behalf of its clients is processed and stored exclusively on the servers which are in our full control.
Data in transit
Adjust is committed to ensure only the best industry standard encryption schemes and protocols are supported by its servers. The confidentiality and the integrity of data in transmission is protected with HTTPS via TLS and Perfect Forward Secrecy (PFS).
Data at rest
Critical customer data is encrypted using AES256. Access to any of the databases is strictly controlled in accordance with the principles of least privilege and separation of duties.
Adjust has redundant servers and application deployments geographically distributed across its data centers. Backups are taken per region and continuously.
All customer data is deleted from our database after 30 days from the contract termination date.
Adjust is not the typical global SaaS company hosted by public cloud providers.
We instead opted in favor of hosting our infrastructure on bare metal servers in a single tenant environment. This gives us complete transparency in the administration of our systems and an increased capacity for tailoring them to our needs.
We have established and well documented processes for access control, based on the least privilege, need to know, and segregation of duty principles. Production systems are limited to few key members of the Adjust engineering team and password login is forbidden.
Before, during and after their employment with Adjust, policies and procedures are in place for employees and contractors to contribute to the security culture of Adjust, based on the belief that security is everybody’s responsibility. Security trainings are performed regularly.
Layered controls safeguard the confidentiality, availability and integrity of our customers’ data in transmission. All network traffic exchanged with customers is always protected with HTTPS via TLS 1.2, the most trusted communication protocol of the Internet.
Monitoring is a key aspect of Adjust’s security posture. Whether it is the availability and reliability or the security of our production systems, we react quickly and remedy the issue at hand. If something is out of our target area, we act upon it to make sure it doesn’t repeat in the future.
Both our servers and workstations are hardened on a regular basis with new security updates and internal security controls. System configurations are maintained consistently and documented using continuous deployment and central management systems.
Application Layer Security
Our development team follows OWASP secure coding practices to minimize application vulnerabilities in our custom-built software. We also physically separate the database instances from application servers to further avoid security risks.
Logging is a critical component to Adjust infrastructure. We use it extensively for monitoring activities in production as well as investigating security events. Logs are collected in real-time over secure channels to a centralized logging service.
Penetration tests are one of the major components of our vulnerability management process. Our servers, network and our web application are regularly subject to an external assessment to identify and remediate potential vulnerabilities.
Contact our Security Team
Keeping clients’ data private and secure is a top priority and a core value to Adjust. We take security, trust, and privacy seriously, so we appreciate the work of security researchers.
Whether you believe you have found a vulnerability in our systems, or you have any questions, feel free to reach out to our Security team at firstname.lastname@example.org