Get started

Customer documentation

Security Overview

TradeDesk is designed to protect the confidentiality, integrity and availability of information it processes, using controls appropriate to the service and risk.

What this page explains

  • The high-level security approach.
  • The control families TradeDesk considers.
  • How to report a suspected vulnerability.
  • How incidents are assessed at a high level.
  • Which claims are intentionally not made on this page.

High-level security posture

TradeDesk applies technical and organisational measures designed to protect the confidentiality, integrity and availability of information it processes.

This public overview is intentionally high level. It explains our approach without publishing operational detail that would increase risk.

Control families

Control familyPublic summary
Identity and accessAccess is restricted according to role, business need and product responsibility.
Privileged operationsAdministrative access is designed to be controlled and reviewed according to risk and criticality.
Data protection controlsTradeDesk uses appropriate technical controls for data handled by the service.
Logging and monitoringLogging and monitoring support investigation, service reliability and response.
Vulnerability managementSystems and dependencies are reviewed and updated according to risk and criticality.
Backup and recoveryBackup and recovery arrangements are maintained according to the nature of the service.
Supplier reviewRelevant suppliers are assessed case by case as part of operational governance.
Incident responseSecurity events are triaged, investigated and remediated according to severity.

Vulnerability disclosure

Please report suspected vulnerabilities to security@datavera.co. Include the affected domain or route, a concise summary, reproduction steps where safe, and your preferred contact route.

Do not include unnecessary personal data, customer data, secrets or destructive proof-of-concept material in the initial report.

Testing that bypasses authentication, degrades service, accesses other users' data or exceeds normal product use requires prior written permission.

Incident handling

TradeDesk does not claim that security incidents are impossible. If a security incident occurs, TradeDesk assesses the facts, likely impact and applicable notification duties.

Notification duties depend on applicable law, customer contract and the circumstances of the incident.

Security incidents are assessed case by case. Notification duties depend on applicable law and contract.

How to use this overview

  • Use this page as a high-level description of TradeDesk's security approach.
  • Detailed assurance materials should be handled through the appropriate customer or contractual channel.
  • Public security information should stay accurate, proportionate and aligned with confirmed operating practice.

FAQ

Why is this page high level?

Public security pages should explain the approach without exposing unnecessary implementation detail.

Where are detailed assurance questions handled?

Customers can contact support@tradedesk.io and the request will be routed to the appropriate team.

What happens if there is a security incident?

TradeDesk investigates, contains and remediates incidents, then assesses notification duties under law and contract.

Where can customers ask security questions?

Customers can contact security@datavera.co for security reports or support@tradedesk.io for general support, and the request will be routed to the appropriate team.

Related Links