Security
Last updated: June 29, 2026
UTM Drift Guard, operated by Peakure LLC, processes marketing parameter data. The controls below describe how we protect it. This page reflects controls currently implemented, not a formal third-party certification.
Data handling
CSV uploads are processed server-side to produce your audit, and we do not retain the raw marketing data after analysis. Audit results are tied to your account only.
Tenant isolation
Customer data is stored in Supabase with row-level security (RLS) enabled on tenant tables, so each account can only read and write its own rows. Storage buckets are scoped per tenant.
Encryption & transport
All traffic is served over HTTPS/TLS. The application enforces a strict, nonce-based Content-Security-Policy to mitigate cross-site scripting.
Authentication
Sign-in is handled by Supabase Auth with magic-link and Google OAuth. We never see or store your Google password.
Payments
Billing is handled by Stripe. Card details are entered directly with Stripe and are never stored on our servers. Billing webhooks are signature-verified.
AI safety
The AI audit uses the Anthropic Claude API for semantic clustering. Clustering is bounded and reviewable — it never writes back to your GA4 or ad platforms autonomously. We run a prompt-injection evaluation suite against the audit prompt, and validate AI output before it is used.
Report a vulnerability
Found a security issue? Email support@utmdriftguard.com and we will respond promptly. Please do not publicly disclose until we have had a chance to fix it.