ISMS Policy

This policy applies to every NeedleAds employee, contractor, and processor that handles client information, including ad platform credentials, product feeds, financial reporting, and creative assets.

• Preserve the confidentiality, integrity, and availability of client data.
• Comply with contractual, regulatory, and platform requirements (Google, Meta, Amazon, Flipkart, Quick Commerce).
• Detect, contain, and remediate security incidents quickly.
• Continually improve controls through audits and risk reviews.

Access to client systems is granted on a least-privilege basis. We use SSO, multi-factor authentication, and role-based permissions. Credentials are revoked immediately upon role changes or contract termination.

Client revenue data, margins, and operational metrics are classified as confidential. Data in transit is encrypted using TLS 1.2+ and data at rest is encrypted with industry-standard ciphers. We do not export or share client data with third parties except as instructed by the client or required by law.

All vendors handling client information are reviewed for security posture, sign confidentiality agreements, and are reassessed annually.

We maintain a documented incident response plan. Verified security incidents impacting a client are disclosed within 72 hours alongside containment, root cause, and remediation details.

All NeedleAds team members complete information security and phishing-awareness training during onboarding and annually thereafter.

The ISMS is reviewed at least annually—or after any material change in services, infrastructure, or threat landscape—to ensure controls remain effective.

Security questions, audits, or incident reports: contact@theneedleads.com.