Security & Data Posture

At Gyrodile, we manage millions of dollars in ad spend and process proprietary visual assets for leading global brands. We treat your data and creative IP with the highest level of enterprise security.

1. AI Infrastructure & Model Isolation

The core of our AI Production Studio relies on custom model training. We guarantee complete isolation of your brand's data:

• No Cross-Contamination: Your SKUs, brand guidelines, and historical ad creatives are never used to train generalized, public AI models (e.g., Midjourney, OpenAI base models).
• Isolated LoRAs: Any custom LoRA (Low-Rank Adaptation) models trained on your brand are stored in isolated, secure containers. They are strictly utilized for your campaigns and are permanently destroyed upon contract termination if requested.
• API Security: We interface with enterprise-tier AI APIs that enforce strict zero-retention policies for prompt and generation data.

2. Ad Account & Platform Access

When conducting our 7-day teardowns or ongoing growth management, we require access to your ad platforms (Meta, Google, TikTok). We employ the following standards:

• Least Privilege Access: We request only "Analyst" or "Advertiser" level access via Business Manager. We do not require, nor do we want, Admin access to your billing information or overarching business settings.
• Multi-Factor Authentication (MFA): All Gyrodile personnel are required to use hardware-backed MFA (e.g., YubiKey) to access any client platforms or internal tools.
• Automated Deprovisioning: Upon the conclusion of a teardown or termination of an MSA, all access to your ad accounts is automatically revoked and logged.

3. Data Encryption & Storage

• In Transit: All data transmitted between your systems, our web properties, and our infrastructure is encrypted using TLS 1.3 or higher.
• At Rest: All stored data, including diagnostic reports, exported ad metrics, and trained AI models, is encrypted at rest using AES-256 encryption.
• Data Residency: Depending on your MSA, data can be localized to AWS/GCP regions in the UAE, Singapore, or North America to comply with local regulations.

4. Incident Response

In the highly unlikely event of a data breach or unauthorized access to our systems, Gyrodile has a strict Incident Response Protocol. We guarantee notification to all affected clients within 24 hours of discovery, along with a detailed mitigation plan and ongoing forensic updates.

5. Compliance & Audits

We regularly conduct internal security audits and third-party penetration testing on our proprietary pipeline infrastructure. For enterprise clients requiring SOC 2 Type II or ISO 27001 compliance documentation from our infrastructure providers, please contact our security team.