Security & Compliance

Data Governance

Effective: April 13, 2026 ยท Last updated: April 13, 2026

Our Commitment

Precise processes media performance data on behalf of our clients. We treat every dataset as confidential and proprietary. Our data governance framework is built around three principles: transparency, control, and accountability.

Compliance & Certifications

โœ“
SOC 2 Type II

Annual audit covering security, availability, and confidentiality trust service criteria. Report available under NDA upon request.

โœ“
Encryption at Rest & In Transit

All data encrypted with AES-256 at rest and TLS 1.2+ in transit. No exceptions.

โœ“
CCPA / GDPR

Processes and controls aligned with California Consumer Privacy Act and General Data Protection Regulation requirements.

โœ“
Access Controls

Role-based access, MFA enforcement, and audit logging across all production systems.

Data Processing Principles

Client data stays client data

We never commingle client datasets. Each client's data is logically isolated and processed independently. We do not use one client's data to benefit another.

Purpose limitation

Client data is processed solely to deliver the contracted service: mapping the media supply chain, measuring contribution, and optimizing allocation. No secondary uses.

Minimization

We ingest only the data required for analysis. We do not request or retain data beyond what is necessary for the engagement scope.

Auditability

Every optimization, decision, and data access is logged with timestamps and user attribution. Clients can request complete audit trails at any time.

Data Lifecycle

Phase
Handling
Retention
Ingestion
Encrypted transfer, validated on receipt
Duration of engagement
Processing
Isolated compute, no cross-client access
Duration of engagement
Output
Reports and records delivered to client
Per client agreement
Deletion
Cryptographic erasure, verified purge
30 days post-termination

Infrastructure

  • Production infrastructure hosted on SOC 2 certified cloud providers
  • Data residency options available (US, EU) per client requirement
  • Automated vulnerability scanning and penetration testing
  • Incident response plan with defined SLAs and notification procedures
  • Regular backup and disaster recovery testing

Subprocessors

We maintain a list of subprocessors that handle Client Data. Clients are notified of any changes to subprocessors with reasonable advance notice. Current subprocessor list available upon request.

Requesting Information

To request our SOC 2 report, subprocessor list, or to discuss specific data governance requirements, contact us at security@precise.net.