Back to Home

Data Security & Privacy

How we protect your marketing infrastructure.

Architecture Philosophy

We build in your environment, not ours.

Unlike SaaS tools that ingest your data into their black boxes, TagSpecialist designs and deploys data infrastructure directly inside your Google Cloud Platform (GCP) organization. This ensures:

  • You retain 100% ownership of your data at all times.
  • You control the encryption keys and access logs.
  • There is no "vendor lock-in" regarding data storage.

Access Control & IAM

We strictly adhere to the Principle of Least Privilege (PoLP).

  • Service Accounts: Automations run via dedicated Service Accounts with restricted scopes (e.g., `BigQuery Data Editor` only).
  • Consultant Access: Our team's access is granted via specific IAM roles, never basic roles like "Owner" or "Editor" unless absolutely necessary for setup.
  • Off-boarding: Scripts are provided to instantly revoke all external access upon project completion.

Data Handling Standards

Encryption

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256) within Google Cloud's infrastructure.

PII Handling

We implement hashing (SHA-256) for PII (emails, phones) before it enters BigQuery for marketing matches, ensuring GDPR/CCPA compliance.

Compliance

Our pipelines are designed to be compliant with:

  • GDPR (General Data Protection Regulation)
  • CCPA (California Consumer Privacy Act)
  • SOC 2 Type II (via Google Cloud inheritance)

For security audits or vendor questionnaires, please contact [email protected].