Customer documentation
Security Overview
TradeDesk is designed to protect the confidentiality, integrity and availability of information it processes, using controls appropriate to the service and risk.
What this page explains
- The high-level security approach.
- The control families TradeDesk considers.
- How to report a suspected vulnerability.
- How incidents are assessed at a high level.
- Which claims are intentionally not made on this page.
High-level security posture
TradeDesk applies technical and organisational measures designed to protect the confidentiality, integrity and availability of information it processes.
This public overview is intentionally high level. It explains our approach without publishing operational detail that would increase risk.
Control families
| Control family | Public summary |
|---|---|
| Identity and access | Access is restricted according to role, business need and product responsibility. |
| Privileged operations | Administrative access is designed to be controlled and reviewed according to risk and criticality. |
| Data protection controls | TradeDesk uses appropriate technical controls for data handled by the service. |
| Logging and monitoring | Logging and monitoring support investigation, service reliability and response. |
| Vulnerability management | Systems and dependencies are reviewed and updated according to risk and criticality. |
| Backup and recovery | Backup and recovery arrangements are maintained according to the nature of the service. |
| Supplier review | Relevant suppliers are assessed case by case as part of operational governance. |
| Incident response | Security events are triaged, investigated and remediated according to severity. |
Vulnerability disclosure
Please report suspected vulnerabilities to security@datavera.co. Include the affected domain or route, a concise summary, reproduction steps where safe, and your preferred contact route.
Do not include unnecessary personal data, customer data, secrets or destructive proof-of-concept material in the initial report.
Testing that bypasses authentication, degrades service, accesses other users' data or exceeds normal product use requires prior written permission.
Incident handling
TradeDesk does not claim that security incidents are impossible. If a security incident occurs, TradeDesk assesses the facts, likely impact and applicable notification duties.
Notification duties depend on applicable law, customer contract and the circumstances of the incident.
How to use this overview
- Use this page as a high-level description of TradeDesk's security approach.
- Detailed assurance materials should be handled through the appropriate customer or contractual channel.
- Public security information should stay accurate, proportionate and aligned with confirmed operating practice.
FAQ
Why is this page high level?
Public security pages should explain the approach without exposing unnecessary implementation detail.
Where are detailed assurance questions handled?
Customers can contact support@tradedesk.io and the request will be routed to the appropriate team.
What happens if there is a security incident?
TradeDesk investigates, contains and remediates incidents, then assesses notification duties under law and contract.
Where can customers ask security questions?
Customers can contact security@datavera.co for security reports or support@tradedesk.io for general support, and the request will be routed to the appropriate team.