Security and compliance
This article covers Ignyte IQ’s security architecture, data-handling practices, and compliance posture for vendor reviews and DPA negotiations.
OAuth scopes — read-only by design
Section titled “OAuth scopes — read-only by design”Every OAuth integration uses read-only scopes on the source platform. Ignyte IQ does not modify ad campaigns, customer records, product catalogs, or any other data on the source side.
| Platform | Scopes requested |
|---|---|
| Shopify | read_orders, read_customers, read_products, read_inventory, read_fulfillments |
| Google Ads | adwords (read-only) |
| Meta Ads | ads_read, business_management, read_insights |
| TikTok Ads | Read-only reporting |
| Pinterest Ads | ads:read, pins:read |
| Microsoft Ads | Read-only reporting |
| Amazon Ads | Read-only reports (Sponsored Products, Brands, Display) |
| Google Analytics 4 | analytics.readonly |
| Amazon Seller | Read-only reports (Orders, Inventory, Sales & Traffic) |
| Stripe | Read-only on charges, refunds, payouts |
API-key integrations (Klaviyo, Recharge) require read-only access configured on the source side — generate keys with the minimum required scope. OAuth grants and API keys can be revoked at any time on the source platform; revocation immediately stops further syncing.
Encryption
Section titled “Encryption”- In transit: all connections between source platforms and Ignyte IQ use TLS 1.2+; browser-to-app traffic uses HTTPS; internal service-to-service communication is encrypted.
- At rest: customer data is encrypted with AES-256, using cloud-provider managed keys (KMS) for rotation and access control. Backups are encrypted.
- Credentials: OAuth tokens and API keys are stored encrypted and accessed only by sync services; personnel access is logged and audited.
Data retention and deletion
Section titled “Data retention and deletion”Ignyte IQ retains customer data for the duration of an active subscription:
- Source data — retained while the integration is connected and the account is active.
- Calculated metrics — derived from source data; retained alongside.
- Workspace configurations (Reports, Saved Views, Metric Targets) — retained while the workspace is active.
- Backups — per the cloud provider’s policies, typically 30 days.
Deleting a workspace removes its configurations and disconnects its datasources. After account cancellation, data is retained for a grace period (typically 30 days) to allow reactivation, then deleted from active systems. To request immediate deletion of specific data or a full account, contact support.
GDPR and sub-processors
Section titled “GDPR and sub-processors”Ignyte IQ supports GDPR compliance for customers handling EU resident data:
- Data Processing Agreement (DPA) — available on request.
- Right to access — request your data through support.
- Right to erasure — handled per the retention-and-deletion policy above.
- Data residency — primary storage region documented on request.
Sub-processors fall into the following categories; a current list with company names is available under DPA or NDA, and changes are notified per the DPA:
| Category | Purpose |
|---|---|
| Cloud infrastructure | Hosting, compute, storage, network |
| Database | Customer data storage |
| Account and product transactional emails | |
| Customer support | Ticketing and chat |
| Monitoring and observability | Error tracking, uptime monitoring |
| Analytics | Product usage analytics |
Request a DPA or security documentation
Section titled “Request a DPA or security documentation”For a DPA, a sub-processor list, or a custom security questionnaire, contact support from the workspace and reference “security documentation request.” Response time depends on the request scope; standard DPAs and questionnaires are prioritized.