Data encryption
All data is encrypted in transit (TLS 1.3) and at rest (AES-256). CSV uploads are processed in isolated environments and encrypted immediately upon receipt.
Data isolation
Each agency's data is logically isolated. No cross-tenant data access is possible. Campaign data from one account is never visible to another.
No data selling
We do not sell, share, or monetize your campaign data in any way. Your data is used exclusively to provide the normalization and reporting service to your account.
CSV-only architecture
RetailNorm operates on CSV uploads — we don't require API keys or persistent connections to your ad accounts. This means we never have ongoing access to your platform credentials.
Data retention
You control your data. CSV uploads can be deleted at any time. When you cancel your account, all data is permanently removed within 30 days.
Infrastructure
RetailNorm is hosted on secure, SOC 2 compliant infrastructure. We use standard security practices including regular dependency audits, access logging, and principle of least privilege.
Reporting vulnerabilities
If you discover a security issue, please report it to security@retailnorm.com. We take all reports seriously and will respond within 48 hours.