# Security & Governance | Synter AI Media Agent > Source: https://syntermedia.ai/security-governance > Cached: 2026-05-14T08:46:17.192Z > Words: 660 --- Security & Compliance # Security & Governance for AI Media Agents Autonomous media buying requires guardrails. Synter provides role-based access control, approval workflows, budget caps, audit logs, rollback capabilities, brand safety filters, and PII handling to ensure responsible AI operation. ## Role-Based Access Control & Approvals **User Roles:** Admin, Editor, Viewer. Admins can approve launches and set guardrails. Editors can create briefs and review agent recommendations. Viewers have read-only access to campaigns and metrics. **Platform-Level Permissions:** Control who can approve changes per platform (e.g., only CMO approves LinkedIn campaigns; marketing managers approve Google Ads). **Approval Workflows:** Auto-pilot mode (agent executes autonomously within guardrails) or review-required mode (human approval before launch/edit). Configurable per workspace and per-campaign. **SSO & MFA:** Enterprise customers can use SAML/OIDC single sign-on and enforce multi-factor authentication for all users. ## Budget Caps & Limits ### Hard Caps Set maximum daily and campaign-level spend. The agent will never exceed these limits, even if models recommend higher budgets. Hard caps are enforced before API calls to platforms. ### Soft Limits Trigger alerts when spend approaches threshold (e.g., 80% of monthly budget). Synter notifies stakeholders via Slack/email but doesn't pause campaigns. ### Per-Platform Budgets Allocate budgets by platform (e.g., $10k/mo Google Ads, $5k/mo LinkedIn). The agent respects these allocations when reallocating budgets across campaigns. ## Change Journal & Audit Log Every action taken by the AI agent (or human users) is logged with: - **Timestamp:** When the change occurred (UTC) - **Actor:** Agent ID or user email - **Entity:** Campaign, ad group, ad, keyword, audience - **Field:** What changed (budget, bid, status, targeting) - **Old/New Values:** Before and after snapshots - **Rationale:** Why the agent made this change (from model reasoning) - **Metrics Delta:** Expected impact on CAC, ROAS, conversions Audit logs are immutable and retained for 2 years. Export logs as CSV or JSON for compliance reviews. ## One-Click Rollback If an agent action doesn't perform as expected (or you want to revert for any reason), click **Rollback** to restore the previous state. Rollback restores: - Campaign/ad group/ad status (active → paused, etc.) - Budget and bid values - Targeting settings (keywords, audiences, negatives) - Creative versions (if replaced) Rollback is available for the last 10 changes per entity. Older changes require manual restoration from audit logs. ## Brand Safety **Blocked Topics:** Define topics or keywords the agent must avoid (e.g., political, adult, gambling). The agent will not create ads or target audiences related to these topics. **Placement Exclusions:** Block specific websites, apps, or subreddits where you don't want ads to appear. Synter applies these filters across platforms. **URL Filters:** Automatically exclude placements with specific URL patterns (e.g., parked domains, low-quality sites). **Platform Policy Checks:** Before launching, Synter checks ad copy and creative against platform policies (Google Ads, Meta, LinkedIn). Flagged content requires human review. ## PII Handling & Data Privacy **Automatic Redaction:** Before sending data to frontier models, Synter redacts emails, phone numbers, credit cards, and API keys. Models receive anonymized or hashed versions. **Data Residency:** Choose US or EU processing regions to comply with GDPR, CCPA, and other privacy regulations. Model inference happens in the selected region. **Warehouse-Centric:** First-party conversion data stays in your warehouse (Snowflake, BigQuery, Databricks). Only minimal fields (aggregated metrics, anonymized IDs) are sent to models. **Zero Retention:** By default, model providers do not retain your data for training. Synter uses zero-retention flags (e.g., OpenAI's API policies) where supported. **Configurable Logs:** Choose log retention period (0, 30, or 90 days) for API request/response logs. Shorter retention minimizes data exposure. ## Compliance & Certifications **SOC 2 Type II:** In progress (expected Q1 2026). Synter follows SOC 2 controls for security, availability, and confidentiality. **GDPR Compliance:** Data processing agreements (DPA) available for EU customers. Data residency options and right-to-erasure supported. **CCPA Compliance:** California residents can request data deletion. Synter does not sell personal data. ## Questions about security or compliance? Contact our team for custom data processing agreements, SSO setup, or audit access. [Contact Security Team](mailto:security@synterai.com) --- *This is a cached, LLM-optimized version of [https://syntermedia.ai/security-governance](https://syntermedia.ai/security-governance).* *Generated by [Synter LLM Cache](https://llm.syntermedia.ai).*