Security and Privacy

Adjust gives you complete visibility and control over your data.

Our dedicated full-time security team takes care of the confidentiality, availability, and integrity of the data processed and stored by Adjust.

Adjust’s information security management system is regularly audited by a reputable certificate authority TUV Nord, and accredited with ISO/IEC 27001 certification since 2020.

ISO/IEC 27001

The International Organization for Standardization (ISO) 27001:2013 is the international security standard establishing the requirements of a credible and effective information security management system. We are proud to maintain industry best practices providing continued confidentiality, integrity and availability of information as well as legal compliance to our customers.

Download our certificate here

ePrivacy

We’ve been ePrivacy certified since 2015 and have renewed the certificate in 2021. The certification covers the requirements of the General Data Protection Regulation (GDPR) for digital products.

Download our certificate here

GDPR & CCPA

Since the very beginning, we are committed to ensure  that our customers can use our products in compliance with all of the privacy laws. Adjust was GDPR compliant even before the existence of GDPR. We’re proud to say that we’re fully compliant with both GDPR and CCPA.

Adjust and GDPR Adjust and CCPA Adjust's general terms and conditions

Privacy Policy

We strongly believe that app users have the rights to transparency, data privacy and information security. That’s why Adjust has published a Privacy Policy that clearly defines what data is collected and how it is used.
Go to Privacy Policy

  • Adjust’s security posture leverages the security strategies of security by design and defense-in-depth, with the aim to reduce the attack surface. One such example is our infrastructure.

  • We improve reliability by operating a geographically distributed infrastructure in partnership with our IAAS provider. Each of our three data centers has been designed with layered security controls and hardware components completely redundant to eliminate single points of failure.

  • More significantly, the absence of traditional cloud platforms and virtualization technologies in our production environment allows us to avoid the exposure to many serious security risks from the very beginning of our asset lifecycle.

  • Our reduced exposure to security risks also explains our concise security accreditation. The more risks you are facing, the more security controls and certifications are needed to guarantee an adequate level of security.

  • Because of that, Adjust doesn’t need a plethora of certifications because our exposure to risks is much more restricted. That’s why ISO/IEC 27001 is enough to undertake effective risk management, tailored to our own business objectives and risk appetite.

Data Security

Adjust is the sole processor of the data it collects for its clients and nobody else has access to it. In other words, all the data Adjust collects on behalf of its clients is processed and stored exclusively on the servers which are in our full control.

Data in transit

Adjust is committed to ensure only the best industry standard encryption schemes and protocols are supported by its servers. The confidentiality and the integrity of data in transmission is protected with HTTPS via TLS and Perfect Forward Secrecy (PFS).

Data at rest

Critical customer data is encrypted using AES256. Access to any of the databases is strictly controlled in accordance with the principles of least privilege and separation of duties.

Backups

Adjust has redundant servers and application deployments geographically distributed across its data centers. Backups are taken per region and continuously.

Retention

All customer data is deleted from our database after 30 days from the contract termination date.

Security Overview

Adjust is not the typical global SaaS company hosted by public cloud providers.
We instead opted in favor of hosting our infrastructure on bare metal servers in a single tenant environment. This gives us complete transparency in the administration of our systems and an increased capacity for tailoring them to our needs.

Access Control

We have established and well documented processes for access control, based on the least privilege, need to know, and segregation of duty principles. Production systems are limited to few key members of the Adjust engineering team and password login is forbidden.

Personnel Security

Before, during and after their employment with Adjust, policies and procedures are in place for employees and contractors to contribute to the security culture of Adjust, based on the belief that security is everybody’s responsibility. Security trainings are performed regularly.

Network Security

Layered controls safeguard the confidentiality, availability and integrity of our customers’ data in transmission. All network traffic exchanged with customers is always protected with HTTPS via TLS 1.2, the most trusted communication protocol of the Internet.

Operations Security

Monitoring is a key aspect of Adjust’s security posture. Whether it is the availability and reliability or the security of our production systems, we react quickly and remedy the issue at hand. If something is out of our target area, we act upon it to make sure it doesn’t repeat in the future.

System Security

Both our servers and workstations are hardened on a regular basis with new security updates and internal security controls. System configurations are maintained consistently and documented using continuous deployment and central management systems.

Application Layer Security

Our development team follows OWASP secure coding practices to minimize application vulnerabilities in our custom-built software. We also physically separate the database instances from application servers to further avoid security risks.

Logging

Logging is a critical component to Adjust infrastructure. We use it extensively for monitoring activities in production as well as investigating security events. Logs are collected in real­-time over secure channels to a centralized logging service.

Penetration Testing

Penetration tests are one of the major components of our vulnerability management process. Our servers, network and our web application are regularly subject to an external assessment to identify and remediate potential vulnerabilities.

Contact our Security Team

Keeping clients’ data private and secure is a top priority and a core value to Adjust. We take security, trust, and privacy seriously, so we appreciate the work of security researchers.
Whether you believe you have found a vulnerability in our systems, or you have any questions, feel free to reach out to our Security team at security@adjust.com