Adinsightia

Last Updated: April 14, 2026

We built AdInsightia on a simple idea: agents should be useful without being risky. That means the platform is designed from the ground up to handle your credentials, your connected accounts, and your data carefully — and to be transparent about exactly what we do.

This page explains how. If you have questions that aren’t answered here, email security@estaitgroup.com.

Our data principles

1. We don’t store your content.

When you connect Gmail, Drive, HubSpot, QuickBooks, or any other platform to AdInsightia, our agents read from and write to your account in real time. The content they process — emails, documents, CRM records, transactions — is handled in memory, used to complete the task you asked for, and then discarded.

What we keep:
OAuth and JWT tokens so agents can stay connected to the services you authorized
Account identifiers (usernames, organization IDs) for login, permissioning, and access control
Operational logs for security monitoring, debugging, and auditing what agents did

2. We don’t train AI models on your data.

AdInsightia uses foundation models hosted on AWS Bedrock to power agent reasoning. Under AWS’s published terms, data submitted to Bedrock is not used to train or improve any foundation model — including models from Anthropic, Meta, Mistral, Cohere, AI21, Amazon, or any other provider. Your inputs and outputs are not shared with model providers.

3. You stay in control.

  • You authorize every integration explicitly through OAuth.
  • You choose which scopes to grant.
  • You can disconnect any integration at any time through the AdInsightia portal. You can also revoke access directly in the third-party service’s security settings.
  • You see what agents have done via activity logs.

Infrastructure

Hosting

AdInsightia runs on Amazon Web Services (AWS) in US regions. We use AWS-managed services including Lambda, DynamoDB, EventBridge, S3, Cognito, and Bedrock.

Encryption

  • In transit: TLS 1.2 or higher for all client-server and service-to-service communication.
  • At rest: AWS-managed encryption for all stored tokens, identifiers, logs, and account information. Encryption keys are managed by AWS KMS.

Tenant isolation

AdInsightia is multi-tenant. We enforce strict logical isolation between customer accounts using row-level filters, per-tenant identity scopes, and access controls at the agent execution layer. One customer’s agents cannot see or access another customer’s credentials, data, or identifiers.

Access control

Production system access is limited to authorized Estait personnel. Access requires multi-factor authentication, is scoped to the minimum necessary, and is logged and reviewed.

Integration security

Every integration AdInsightia offers uses OAuth 2.0 (or, where applicable, OAuth-like authorization flows published by the platform). We never ask for or store passwords for third-party services.

When you authorize an integration:

  1. You’re redirected to the third-party provider (Google, Meta, Intuit, HubSpot, etc.).
  2. You see exactly which permissions AdInsightia is requesting.
  3. You grant or deny each scope.
  4. The provider issues us a token scoped to what you granted.
  5. We store that token encrypted, and use it only for the workflows you’ve configured.

Tokens can be revoked at any time — from within AdInsightia or directly from the provider’s account security page.

Platform review and verification

AdInsightia is reviewed and verified by the platforms we integrate with, each of which has its own security and policy review process:

  • Google — OAuth app verified for the scopes we use; compliant with the Google API Services User Data Policy including Limited Use requirements
  • Meta — App Review completed for the Facebook and Instagram permissions we use
  • Intuit (QuickBooks) — Connected app review
  • HubSpot — App marketplace review where applicable
  • Stripe — Merchant onboarding and compliance review

AI processing

Agent reasoning and content generation is performed by foundation models hosted on AWS Bedrock. Specific models used may include those from Anthropic, Meta, Mistral, Cohere, AI21 Labs, and Amazon. All inference happens inside AWS under AWS’s data processing terms.

Key guarantees:

  • No data you submit is used to train any foundation model.
  • No data is shared with third-party model providers.
  • All data processed by Bedrock is encrypted in transit and within AWS infrastructure.
  • We do not retain model inputs or outputs beyond the operational logs needed for security and debugging.

Incident response

If we detect or are notified of a security incident affecting customer data, we will:

  • Investigate and contain the incident promptly
  • Notify affected customers as soon as reasonably practical, and in any event within timeframes required by applicable law
  • Cooperate with you to understand and remediate impact
  • Publish a post-mortem for material incidents

Report suspected vulnerabilities or incidents to security@estaitgroup.com.

Sub-processors

We use a small number of vendors that process customer data on our behalf. The current list is maintained at adinsightia.com/subprocessors. Before adding a new sub-processor, we provide at least 30 days’ notice.

Compliance posture

AdInsightia is committed to meeting the security and privacy expectations of modern SaaS. Our current posture:

  • SOC 2 — preparing for Type I audit; roadmap available on request
  • GDPR — our data handling practices align with GDPR principles where applicable; we’re happy to sign a DPA on request
  • CCPA / CPRA — we comply with California consumer privacy requirements; we do not sell or share personal information as defined under the CCPA
  • HIPAA — AdInsightia is not a HIPAA-covered service. Do not connect systems containing protected health information.

Data export and deletion

You can request a copy of your AdInsightia account data at any time by emailing privacy@estaitgroup.com. On account termination, we delete or anonymize your data within a reasonable period, subject to any legal retention requirements.

Because we don’t store the content of your connected services, we have nothing to delete on that front — your email, CRM records, and transactions remain where they always were: in your own accounts.

Contact

Security questions: security@estaitgroup.com
Privacy questions: privacy@estaitgroup.com
Vulnerability reports: security@estaitgroup.com
General: support@adinsightia.com

Estait Group LLC
Huntington Bay, New York, USA