Security & trust

Security & Data Protection

Gnomeo is designed around minimal-retention security: raw uploads are temporary, reports and analytical memory may persist, and customer data stays private by default.

Workspace setup See plans Download PDF

Security & data protection

Gnomeo is designed around minimal-retention security. We aim to protect uploaded ad data, reports, and workspace context without turning the product into a raw-data warehouse.

HTTPS / encrypted transport Server-side secrets only Private-by-default storage Workspace isolation

What we protect

Uploaded Google Ads and Meta Ads CSV exports.
Generated reports and analytical memory.
Workspace preferences, trend summaries, and recommendation history.
Private file access via signed URLs where applicable.

Private by default

Customer data is not intended for public indexing or public file exposure. Private storage buckets and restricted admin access should be used for customer materials.

Minimal retention

Raw uploads should be temporary. Gnomeo retains analytical memory, reports, and summaries so recurring reviews remain useful without keeping raw exports indefinitely.

GDPR-aware operations

We aim to support deletion requests, data minimization, and clear retention rules. No SOC2 claim is made here, and no military-grade phrasing is used.

Operational notes

Admin routes must be protected before public production use.
Service-role access stays server-side only.
Raw CSV contents should not appear in logs.
Signed URLs should be used for private file access when needed.

Download PDF