Skip to content
Security & governance

No AI writes without governance .

AdUp is built around a single rule: an AI can read freely, but it can never change a live account without passing your controls. Here's how that holds up.

Every write is intercepted — no exceptions, no bypass.

The interception happens at the gateway, between your AI and every upstream platform. It applies whether the write runs through an official MCP server, a bridge connector, or a custom server you added yourself.

The controls

Layered governance, on by default.

Approval before execute

No write touches a live account until it clears your rules or a person. The AI proposes; AdUp holds the action until approval.

Role-based permissions

Five roles, each scoped to specific clients. People can only see and act on what they're assigned — enforced at the gateway.

Per-tool write limits

Set policy on every write tool individually: allow, require approval, or block. Cap auto-approval to safe thresholds.

Full audit trail

Every proposal, approval and execution is recorded immutably — who, what, when — and exportable for review.

Credentials stay out of prompts

OAuth tokens are injected per request at the gateway. Your team never copies a key and tokens never live in a conversation.

Reads scoped, writes intercepted

Read tools are scoped to each user's clients. Write tools are always intercepted, regardless of which MCP server runs them.

Audit trail

Answer 'who changed this' in seconds.

Every action — a proposal, an approval, an auto-approval by a KPI rule, even a read — is captured with the actor, the target and the outcome.

The log is immutable and exportable. When a client or an auditor asks what happened to an account, the record is already there.

Audit log

immutable · exportable

Sam K. (analyst) proposed budget +10%

Retargeting — Prospects

10:42

KPI rule auto-approved budget +6%

Brand — Search

09:18

Priya M. (manager) denied audience swap

Prospecting — Lookalike

Yesterday

ChatGPT read campaign insights

Northwind Coffee Co.

Yesterday
Per-tool write limits

Decide what AI can touch, tool by tool.

Not every write carries the same risk. A budget nudge is different from creating a campaign or changing an audience.

The Control Center lets you treat each write tool on its own terms — auto-allow the low-risk ones, require approval on the rest, and block anything you never want an AI to do.

Control Center

meta-ads-mcp · 5 tools introspected

Readget_campaigns
always allowed
Readget_insights
always allowed
Writeupdate_campaign_budget
Writepause_ad_set
Writecreate_campaign
Reads run freely. Each write is allow, approve, or block.
Access control

People see only what they should.

Role and client scoping are enforced server-side. An analyst on two accounts cannot read or propose on a third.

Owner

Sees
Everything
Propose
Approve
All changes
Manage team

Team lead

Sees
Their group
Propose
Approve
Within group
Manage team

Manager

Sees
Assigned clients
Propose
Approve
Up to a threshold
Manage team

Analyst

Sees
Assigned clients
Propose
Approve
No — always pending
Manage team

Read-only

Sees
Assigned clients
Propose
Approve
No
Manage team
Governed by default

Put the guardrails in before you scale the AI.

Talk to us about your governance and compliance requirements.