Adgrowth
Get quote Free growth audit
HomeAboutServicesContactCareersFree growth audit
Legal

Security

The practices and controls we use to protect your data.

Last updated: June 2026
Security and data protection are core to how the Adgrowth group ("Adgrowth", "we", "us", or "our") operates. We handle data for our corporate website at adgrowthltd.com, our performance-marketing and media-buying services, and our owned-and-operated digital products — HTML5 games, tools, and utility apps and websites. This page describes the practices and controls we use to protect that data.

1. Our Commitment

We design, build, and operate our Services with security in mind, in line with the security obligations of the UK GDPR and the Data Protection Act 2018, and the requirements of the advertising platforms we work with, including Google and Meta. We aim to protect data against unauthorized access, disclosure, alteration, loss, and destruction.

2. Infrastructure and Hosting

  • Our Services run on reputable cloud and hosting providers that maintain recognized security certifications (such as ISO 27001 and SOC 2) for their data centers and infrastructure.
  • Production environments are logically separated from development and testing environments.
  • Infrastructure is configured to limit the public exposure of servers, databases, and internal services.

3. Encryption

  • In transit: the Services run over HTTPS/TLS. We configure servers to use strong, modern cipher suites and to disable weak or deprecated protocols.
  • At rest: sensitive data and backups are encrypted at rest using industry-standard algorithms.
  • Credentials: account passwords, where applicable, are stored using strong one-way hashing (such as bcrypt) and are never stored in plain text.

4. Network and Application Security

  • Firewalls and security groups are applied at the network gateway and at the server level to restrict traffic to what is necessary.
  • We apply protections against common web vulnerabilities, including cross-site scripting (XSS), SQL/database injection, cross-site request forgery (CSRF), and similar attacks.
  • All user-submitted data is validated and sanitized.
  • We follow secure development practices and review changes before they reach production.

5. Access Controls

  • Access to systems and data is granted on a least-privilege, need-to-know basis.
  • Administrative access is restricted to authorized personnel and protected with strong authentication, including multi-factor authentication (MFA) where supported.
  • User data is segregated so that access is limited to what each role requires.
  • Access is reviewed periodically and revoked promptly when no longer needed.

6. Monitoring, Logging, and Auditing

  • We maintain activity and access logs across our systems to support monitoring, troubleshooting, and investigation.
  • We monitor for anomalies, abuse, invalid traffic, and potential security events.
  • Logs are protected against tampering and retained for a reasonable period.

7. Data Minimization and Retention

  • We collect and retain only the data we need to operate the Services and meet our legal and contractual obligations.
  • Data that is no longer needed is deleted or de-identified in line with our Privacy Policy.

8. Backups and Resilience

  • We perform automated, regular backups of critical data.
  • Backups are encrypted and stored securely, and we test our ability to restore from them.
  • We maintain measures to support availability and recovery in the event of disruption.

9. Vulnerability and Patch Management

  • Operating systems, web servers, databases, libraries, and dependencies are kept up to date with security patches.
  • We perform security reviews and address identified vulnerabilities on a risk-prioritized basis.

10. Advertising and Third-Party Integrations

  • We integrate third-party advertising and analytics technologies, including Google and Meta, using their official SDKs, tags, and APIs.
  • We aim to ensure these integrations are configured to meet the platforms' technical and policy requirements, including measures to detect and reduce invalid traffic and to handle advertising identifiers appropriately.
  • We are not responsible for the internal security practices of third-party platforms; their handling of data is governed by their own terms and policies.

11. Incident Response and Breach Notification

  • We maintain an incident-response process to identify, contain, investigate, and remediate security incidents.
  • Where a personal-data breach is likely to result in a risk to individuals, we will notify the relevant supervisory authority and affected individuals as required by the UK GDPR and other applicable laws, within the timelines those laws prescribe.

12. Your Role in Security

Security is a shared responsibility. We encourage you to:

  • Use a strong, unique password and keep your credentials confidential.
  • Keep your own devices, browsers, and software up to date.
  • Be alert to phishing and only share information through our official channels.

13. Responsible Disclosure

If you believe you have found a security vulnerability in our Services, we appreciate responsible disclosure. Please email info@adgrowthltd.com with details and steps to reproduce, and allow us reasonable time to investigate and remediate before any public disclosure. Please do not access, modify, or delete data that is not yours, or disrupt our Services, while testing.

14. Limitations

No method of transmission or storage is completely secure. While we work hard to protect data using the measures described above, we cannot guarantee absolute security. Your use of the Services is also governed by our Terms and Conditions and Privacy Policy.

15. Contact