Bashy AI Security & Data Protection

Last updated: April 27, 2026

Overview

Bashy AI is designed with a security-first architecture to ensure that customer data is protected, access is controlled, and sensitive credentials are never exposed. We follow industry best practices including:

  • Least-privilege access
  • Data minimization
  • Secure OAuth-based integrations
  • Logical data isolation

Authentication & Third-Party Access

Bashy AI integrates with platforms such as Google, Meta, and TikTok using OAuth 2.0.

  • Users authenticate directly with the platform
  • Bashy AI never sees or stores usernames or passwords
  • Access is granted via secure OAuth tokens only

Token Management via Nango

We use Nango to securely manage OAuth connections.

  • Stores access tokens and refresh tokens only
  • Does not store user credentials
  • Handles token refresh securely
  • Tokens can be revoked at any time by the user

Data Access & Scope Control

Bashy AI only accesses data that you explicitly authorize. Typical data includes:

  • Analytics metrics (sessions, conversions, traffic sources)
  • Advertising performance (impressions, clicks, spend)
  • Campaign metadata (campaign names, IDs)

We do not access:

  • Passwords or login credentials
  • Private messages or inbox data
  • Unrelated personal account data

Data Minimization & PII Handling

We are intentionally designed to work with aggregated marketing data.

  • Bashy AI does not intentionally collect personally identifiable information (PII)
  • Reports are generated from aggregated datasets
  • Systems are designed to reduce the likelihood of sensitive data exposure

If PII is present in source platform data, it is:

  • Not enriched or expanded by Bashy
  • Not used for profiling individuals
  • Processed only as required to generate analytics outputs

Data Storage & Isolation

  • Customer data is logically isolated by account
  • Access is controlled via role-based permissions
  • Only required metadata is stored:
    • Account IDs
    • Connection IDs
    • Reporting configurations

We do not replicate full third-party datasets unnecessarily.

Infrastructure & Security Controls

We implement industry-standard safeguards including:

  • Encryption in transit (HTTPS/TLS)
  • Secure API access patterns
  • Controlled service-to-service communication
  • Restricted internal access to production systems

Report Generation Safeguards

Reports generated by Bashy AI:

  • Are based on aggregated analytics data
  • Avoid unnecessary inclusion of sensitive fields
  • Are fully controlled by the customer before sharing

Customers are responsible for reviewing reports prior to external distribution.

Access Revocation & Control

You can revoke access at any time:

  • Disconnect integrations within Bashy AI
  • Or revoke access directly in the relevant 3rd party digital marketing data source (e.g. Google, Meta)

Once revoked:

  • No new data can be accessed
  • Existing data is handled per retention policies

Compliance & Governance

Bashy AI aligns with:

  • Canadian privacy standards (PIPEDA)
  • Industry best practices for SaaS data protection

We continuously improve our security posture as we scale.


All rights reserved.© 2025