Bashy AI Security & Data Protection

‍

Last updated: April 27, 2026

‍

Overview

‍

Bashy AI is designed with a security-first architecture to ensure that customer data is protected, access is controlled, and sensitive credentials are never exposed. We follow industry best practices including:

• Least-privilege access
• Data minimization
• Secure OAuth-based integrations
• Logical data isolation

‍

Authentication & Third-Party Access

‍

Bashy AI integrates with platforms such as Google, Meta, and TikTok using OAuth 2.0.

• Users authenticate directly with the platform
• Bashy AI never sees or stores usernames or passwords
• Access is granted via secure OAuth tokens only

‍

Token Management via Nango

‍

We use Nango to securely manage OAuth connections.

• Stores access tokens and refresh tokens only
• Does not store user credentials
• Handles token refresh securely
• Tokens can be revoked at any time by the user

Data Access & Scope Control

‍

Bashy AI only accesses data that you explicitly authorize. Typical data includes:

• Analytics metrics (sessions, conversions, traffic sources)
• Advertising performance (impressions, clicks, spend)
• Campaign metadata (campaign names, IDs)

We do not access:

• Passwords or login credentials
• Private messages or inbox data
• Unrelated personal account data

‍

Data Minimization & PII Handling

‍

We are intentionally designed to work with aggregated marketing data.

• Bashy AI does not intentionally collect personally identifiable information (PII)
• Reports are generated from aggregated datasets
• Systems are designed to reduce the likelihood of sensitive data exposure

‍

If PII is present in source platform data, it is:

• Not enriched or expanded by Bashy
• Not used for profiling individuals
• Processed only as required to generate analytics outputs

‍

Data Storage & Isolation

• Customer data is logically isolated by account
• Access is controlled via role-based permissions
• Only required metadata is stored:
  • Account IDs
  • Connection IDs
  • Reporting configurations

We do not replicate full third-party datasets unnecessarily.

‍

Infrastructure & Security Controls

‍

We implement industry-standard safeguards including:

• Encryption in transit (HTTPS/TLS)
• Secure API access patterns
• Controlled service-to-service communication
• Restricted internal access to production systems

‍

Report Generation Safeguards

‍

Reports generated by Bashy AI:

• Are based on aggregated analytics data
• Avoid unnecessary inclusion of sensitive fields
• Are fully controlled by the customer before sharing

Customers are responsible for reviewing reports prior to external distribution.

‍

Access Revocation & Control

‍

You can revoke access at any time:

• Disconnect integrations within Bashy AI
• Or revoke access directly in the relevant 3rd party digital marketing data source (e.g. Google, Meta)

Once revoked:

• No new data can be accessed
• Existing data is handled per retention policies

Compliance & Governance

‍

Bashy AI aligns with:

• Canadian privacy standards (PIPEDA)
• Industry best practices for SaaS data protection

We continuously improve our security posture as we scale.

‍

‍
‍

‍

‍

‍