Security

Introduction

Outbrain is operating under the Teads brand, following the merger of Teads and Outbrain in February 2025. Although Outbrain has recently renamed itself to Teads, the ads you are seeing may still be powered by legacy Outbrain technology which continues to be utilised on media partners and advertiser partner pages and/or you may still be contracting with an Outbrain legacy entity. You will know you are interacting with legacy Outbrain technology if you click on the AdChoices logo on ads served by Teads and you are directed to this User Privacy Policy and/or the Interest Profile which allows you to exercise your privacy rights. If you interact with ads powered by Teads technology (you will know this if you click on the AdChoices logo and it directs you to the Teads User Policy), you can find out more about how Teads uses your data on the Teads User Privacy Policy. You can also opt out of personalised ads served by Teads via the Teads opt out page.

Our security philosophy

• Understanding the importance of security, we are dedicated to maintaining the integrity and protection of our services. We tailor our security controls to safeguard the data you trust us with, dynamically adapting to the varying degrees of sensitivity and the ever-evolving landscape of technological innovation.
• We recognize the paramountcy of trust and security for you and your enterprise. We are wholeheartedly committed to upholding and defending these values.
• Consistent with our security ethos, robust controls, practices, and procedures are entrenched throughout our organization, underpinning our infrastructure and our service offerings.
• The Information Security team is composed of seasoned professionals, each bringing extensive and pertinent expertise in various domains of cybersecurity, which includes—but is not limited to—security architecture, secure coding, privacy standards, and compliance with regulations. Our team's credentials boast of certifications such as CISSP, CISA, CRISC, C|CISO, and CCSK.

Principles of Secure Development

• We pride ourselves on being an agile entity, constructing a software development methodology that responds nimbly to competitive market demands and changes.
• All new recruits are equipped with training in Secure Software Development Life Cycle (SSDLC) to ensure that security is embedded from the ground up.
• In our pursuit of innovation, each new product journey begins with a meticulous review to embed Security by Design (SbD) and Privacy by Design (PbD) principles during the design phase itself.
• Our systems are rigorously assessed to identify and fortify against known vulnerabilities, such as those outlined by the OWASP top 10.
• Regular security audits are run across our core systems and infrastructure, utilizing both automated tools and, where necessary, exploratory examinations by third-party experts.
• Contributions from the security research community are invaluable. We operate a Security 'Bug Bounty' Program, welcoming vulnerability reports through our bug bounty portal.

Encryption Standards

• In our handling of information, encryption is a cornerstone, assisting us in compliance with legal and contractual requirements.
• Our deployment of cryptographic solutions adheres strictly to industry best practices, under the auspices of our security team.
• We champion secure browsing with HTTPS and ensures the encryption of metadata related to the our technology (e.g., links, clicks).

Access Control

• Entrance to our production environment is stringently controlled, limited solely to personnel with express authorization.
• Such authorized staff must authenticate through a unique user ID, password, and a two-factor authentication mechanism, prior to establishing a secure VPN connection.
• To augment security across various information systems, our employees utilize a Single-Sign-On (SSO) service.

Service Availability and Continuity

• Our commitment to delivering a service that is both consistently available and dependable is unwavering.
• Our infrastructure is designed for resilience, capable of withstanding individual component failures or even entire data center emergencies.
• Proactive disaster recovery protocols are in place, backed by a team ready to address and resolve unexpected incidents at a moment’s notice.
• With advanced monitoring systems in place, we aim to anticipate and preemptively address potential service disruptions, ensuring seamless operations.
• We focus on operational excellence with our multiple 'Tier-3, SOC 2' compliant data centers, strategically located for optimal performance and safety, with perpetual data replication.

Continuous Monitoring and Adherence to Best Practices

Our philosophy of proactive security is driven by continuous monitoring and adherence to esteemed industry benchmarks and frameworks. We leverage Continuous Integration (CI) systems, MITRE ATT&CK framework, and other relevant guidelines to ensure a vigilant security posture designed to detect and respond to threats in real-time.

ISO/IEC 27001 Certification

Legacy Outbrain technology and infrastructure has received the following ISO/IEC certifications.

• The ISO 27000 series presents a blueprint for organizations to ensure information asset security.
• ISO/IEC 27001, a pivotal standard within this series, guides the creation and maintenance of an Information Security Management System (ISMS). Outbrain’s commitment to ISO/IEC 27001 enables us to:
• Rigorously protect our assets, including financial records, intellectual property, and personal information entrusted by third parties;
• Instill greater confidence in our risk management and information control strategies among customers and stakeholders;
• Harmonize with broader standards and regulatory frameworks; and
• Uphold our legal responsibilities towards our customers, especially concerning privacy.
• ISO/IEC 27001 certification is a testament to Outbrain’s unwavering dedication to security, heightened product quality, and the deep trust we aim to foster with our clients.