Security at Teads

Security by design is at the core of everything we do. Our internal security team cultivates a global awareness culture among all employees, and through all our products by maintaining a formal Information Security Management System and robust Risk Management program.

In the spirit of trust and transparency, we have documented an overview of our mission to implement the latest security best practices to fulfill the responsibility of safeguarding our Advertisers, Media Owners, and users.

Compliance

In addition to internal audits, Teads regularly conducts external audits for various regulatory and compliance requirements, including 3rd party penetration testing. As a public company Teads is SOX compliant and also holds several security accreditations. If you would like more information please contact your business representative.

Our Commitment to Data Integrity and Ethical AI

Elevated AI

In adherence to a strict AI policy, Teads only uses AI to improve productivity and optimize the ROI of the services we deliver. We will never sell your data, and humans continue to be heavily involved in the training and integration processes, as well as ensuring our AI usage is in alignment with applicable regulations.

Data

Teads reaches billions of users every month globally. This generates a substantial amount of data which we endeavour to handle with care and any applicable regulations. We do not collect more than is necessary, and what we do collect can never be used to identify a specific individual. More information on what we collect and why can be found in our Privacy Policy.

Vulnerability Disclosure

Upholding a strong security posture requires continuous improvement in an ever changing technological landscape. With this in mind we run a bug bounty program through HackerOne and invite any interested hunters to join.

Fraud & Phishing

Teads will never contact an individual through social media or personal accounts to conduct business. Teads strictly prohibits the private transfer or sales of accounts. If you receive such contact, or you receive communications you think may be phishing or a scam, contact us at scam@teads.com.

Access Security

Logging

All user access is logged, and access to logs is on an auditable least privilege basis.

Least Privilege

Users only have the access needed for their assigned actions, and permissions are reviewed.

Access Review

Access is reviewed on a semiannual basis.

Network Security

Infastructure

Our infrastructure is protected by WAF and firewall technology implementing strict ACLs.

Data

Access to our data lake can only be done via MFA protected VPN or SSH.

Corporate

All employees must authenticate with SSO and reauthenticate frequently depending on critical access level.

Infrastructure Security

Availability

Our infrastructure auto-scales utilizing multi availability zones, minimizing downtime.

CI/CD

We deploy our Infrastructure as Code (IaC) for secure change management. This allows for rapid change if needed while maintaining secure coding and security standards.

BC/DR

We base our business continuity and disaster recovery on the results of our business impact analyses. This exercise is reviewed and tested annually.

Application Security

Penetration Testing

We undergo annual penetration testing by independent third parties.

Vulnerability Monitoring

We continuously monitor for vulnerabilities in real-time and triage accordingly.

SDLC

Teads practices a secure software development lifecycle and all developers are trained on secure coding standards.

Security by design is at the core of everything we do.

Data Security

Encryption

Data is encrypted both at rest and in transit, using industry standard ciphers and minimum TLS 1.2.

Data Lifecycle

We never keep data longer than needed, whether data we collect or log. At the end of life, data is purged and deleted according to best practices. More on our retention policy can be found in our privacy policy.

Hosting

Data is hosted in the region it is collected and does not transfer between regions. The U.S.A for the Americas, Ireland for the EMEA, and Japan for APAC. First party analytical data may be transferred according to SCCs.

Corporate Security

Formal ISMS

There is a formally implemented and maintained Information Security Management System throughout the Enterprise.

Security Awareness

All employees are trained on security and regular communications and refreshers are broadcasted.

SOC

The security team monitors an internal SOC 24/7.

Endpoint Security

EDR

All devices are monitored by an Endpoint Detection and Response which is monitored by our security team.

Disk Encryption

All workstation hard drives are encrypted by default.

MDM

All devices are configured with a Mobile Device Management system.

Legal

DPO

We have an internal Data Protection Officer and processes to manage data rights requests.

Cyber Insurance

We have a cyber insurance policy which applies globally.

Access Review

All vendors undergo a due diligence examination as part of corporate procurement.