No AI writes without governance .
AdUp is built around a single rule: an AI can read freely, but it can never change a live account without passing your controls. Here's how that holds up.
Every write is intercepted — no exceptions, no bypass.
The interception happens at the gateway, between your AI and every upstream platform. It applies whether the write runs through an official MCP server, a bridge connector, or a custom server you added yourself.
Layered governance, on by default.
Approval before execute
No write touches a live account until it clears your rules or a person. The AI proposes; AdUp holds the action until approval.
Role-based permissions
Five roles, each scoped to specific clients. People can only see and act on what they're assigned — enforced at the gateway.
Per-tool write limits
Set policy on every write tool individually: allow, require approval, or block. Cap auto-approval to safe thresholds.
Full audit trail
Every proposal, approval and execution is recorded immutably — who, what, when — and exportable for review.
Credentials stay out of prompts
OAuth tokens are injected per request at the gateway. Your team never copies a key and tokens never live in a conversation.
Reads scoped, writes intercepted
Read tools are scoped to each user's clients. Write tools are always intercepted, regardless of which MCP server runs them.
Answer 'who changed this' in seconds.
Every action — a proposal, an approval, an auto-approval by a KPI rule, even a read — is captured with the actor, the target and the outcome.
The log is immutable and exportable. When a client or an auditor asks what happened to an account, the record is already there.
Audit log
immutable · exportableSam K. (analyst) proposed budget +10%
Retargeting — Prospects
KPI rule auto-approved budget +6%
Brand — Search
Priya M. (manager) denied audience swap
Prospecting — Lookalike
ChatGPT read campaign insights
Northwind Coffee Co.
Decide what AI can touch, tool by tool.
Not every write carries the same risk. A budget nudge is different from creating a campaign or changing an audience.
The Control Center lets you treat each write tool on its own terms — auto-allow the low-risk ones, require approval on the rest, and block anything you never want an AI to do.
Control Center
meta-ads-mcp · 5 tools introspected
get_campaignsget_insightsupdate_campaign_budgetpause_ad_setcreate_campaignPeople see only what they should.
Role and client scoping are enforced server-side. An analyst on two accounts cannot read or propose on a third.
| Role | Sees | Propose writes | Approve writes | Manage team |
|---|---|---|---|---|
| Owner | Everything | All changes | ||
| Team lead | Their group | Within group | ||
| Manager | Assigned clients | Up to a threshold | ||
| Analyst | Assigned clients | No — always pending | ||
| Read-only | Assigned clients | No |
Owner
- Sees
- Everything
- Propose
- Approve
- All changes
- Manage team
Team lead
- Sees
- Their group
- Propose
- Approve
- Within group
- Manage team
Manager
- Sees
- Assigned clients
- Propose
- Approve
- Up to a threshold
- Manage team
Analyst
- Sees
- Assigned clients
- Propose
- Approve
- No — always pending
- Manage team
Read-only
- Sees
- Assigned clients
- Propose
- Approve
- No
- Manage team
Put the guardrails in before you scale the AI.
Talk to us about your governance and compliance requirements.