Security practices.

Jarvan stores the selected advertiser customer ID and an encrypted Google refresh token. Campaigns are created only on the advertiser account selected by the user.

Campaign monitoring can propose actions for manual review or apply eligible changes automatically when auto-apply is enabled on that campaign.

Authentication and database storage are handled through Supabase. Billing is handled through Stripe. AI inference is routed through OpenAI for campaign planning and chat workflows.

Security issues should be reported to [email protected] with reproducible steps and impact. Jarvan does not offer a public bug bounty program at this stage.