pubads.io
Security & compliance

Your accounts and data, protected by design

pubads is built so that connecting Google never means giving up control. Read-only access, strong encryption, and active account-health protection — the default, not an upgrade.

Apply nowRead our principles
OAuth scope
0%
Read-only, revocable
Encryption at rest
AES-0
GCM authenticated
TLS
Auto
On every property
Credentials exposed
0
Never to the browser
How we protect you

Four layers, always on

From the moment you connect Google to the moment a request serves.

Authorize

Read-only OAuth — scoped, revocable, no credentials in the browser.

Encrypt

Tokens sealed with AES-256-GCM; everything in transit over TLS.

Screen

Each ad request scored for invalid traffic before it serves.

Alert

Anomalies flagged with reason codes before strikes happen.

Security controls

What we put in place

Read-only Google OAuth

You authorize pubads with read-only scopes on AdSense and Ad Manager. We can read your reporting — we can never change your account, payouts, or settings. Revoke access from your Google account at any time.

Encryption at rest

OAuth tokens and sensitive records are encrypted with AES-256-GCM. Keys are managed separately from the data they protect.

Encryption in transit

Every connection is TLS-encrypted, including the branded properties we provision for you — certificates are issued and renewed automatically.

Minimal data handling

We store the reporting data needed to surface your revenue and the operational records needed to pay you. We don't sell your data and we don't collect what we don't need.

Invalid-traffic protection

Every request is scored before it serves — bots, automation, proxies, and suspicious velocity are filtered to keep your Google account in good standing.

Account-health safeguards

Anomaly detection surfaces risk early with reason codes, so you can act before it becomes a policy strike.

Responsible disclosure

Found something? Tell us.

We welcome reports from security researchers. If you believe you've found a vulnerability, email us with the details and steps to reproduce. We'll acknowledge your report, keep you updated as we investigate, and won't pursue action against good-faith research that respects user privacy and avoids data destruction.

Report a vulnerability
security@pubads.io

Please include affected URLs, a description of the issue, and reproduction steps. Avoid accessing or modifying data that isn't yours while testing.

Security you don't have to think about

Connect Google with read-only access and let pubads handle the encryption, screening, and safeguards.

Become a publisherTrust & quality