Security
Last updated: June 30, 2026
Authentication
Ventana uses Google sign-in for workspace access and stores sessions using secure cookies in production.
Access model
Saved ads are associated with the signed-in user. MCP access, when enabled, should respect workspace and user scope.
Data sources
The app ingests configured public ad library URLs on a staged schedule to reduce failures and avoid bursty source requests.
Secrets
Database and OAuth credentials should be stored as deployment environment variables and never committed to the repository.
Reporting issues
Report suspected security issues to the workspace administrator or deployment owner with enough detail to reproduce the concern.