Advertising Studio Renewal Ending? 10 Questions to Ask Before Choosing a Replacement

Salesforce stops selling and renewing Advertising Studio on August 15, 2026. Existing contracts run to expiry, so depending on your renewal date, the clock may already be ticking. Before you commit to a replacement, you need to ask the right questions — not softballs pulled from a vendor's own FAQ, but the kind that expose architectural choices that will haunt you later.

This post is deliberately vendor-neutral. Every question here applies equally to Data Cloud Ad Audiences, Cezium Ads, a custom-built integration, or whatever else you're evaluating. Use it as your evaluation checklist.

1. Where does my customer data physically go, and is anything stored outside my Salesforce instance?

Why it matters. Audience activation means sending customer identifiers — emails, phone numbers, mobile IDs — toward ad platforms. Every hop outside your controlled environment is a data residency and compliance risk. Some vendors pull data into their own cloud infrastructure to process it, which creates a third-party data store you may not have accounted for in your privacy program.

What a good answer looks like. Hashing and preparation happen inside your own Marketing Cloud instance. The vendor's system generates an automation that runs in your environment; identifiers are hashed before they ever leave your MC org. Nothing is stored on the vendor's side.

2. How is hashing performed, and where?

Why it matters. Ad platforms like Meta and Google require that personally identifiable information be SHA-256 hashed before transmission. The question isn't whether hashing happens — every legitimate vendor will say yes. The question is where in the data flow it occurs. If hashing happens on the vendor's servers, unhashed PII has already crossed the boundary.

What a good answer looks like. The hash is computed inside the customer's own MC instance, not on the vendor's infrastructure. You should be able to inspect the automation or process that does it. "We hash everything" is not the same as "we hash everything before it leaves your environment."

3. How do opt-outs and deletions propagate, and how fast?

Why it matters. This is one of the most operationally dangerous gaps in DIY CSV-upload programs. A customer unsubscribes, but the suppression doesn't reach the ad platform for 24–72 hours — or never does, because someone forgot to re-export the file. That's not a hypothetical; it's how consent-related enforcement actions start.

What a good answer looks like. Opt-outs and deletions propagate on every sync cycle automatically, without manual intervention. There should be an audit trail showing when the removal was processed and confirmed by the platform.

4. Does it support Journey Builder as a native activity?

Why it matters. Advertising Studio alternatives range from bolt-on tools to fully native SFMC integrations. If audience sync is just a scheduled batch job, it's decoupled from your customer journeys — you can't use journey context (entered a re-engagement path, purchased yesterday, churned last week) to drive real-time audience membership. That's a significant capability regression.

What a good answer looks like. Journey Builder is a first-class source. You can add an audience-sync activity directly inside a journey canvas, alongside sends and wait steps, so audience membership reflects journey state.

5. How are ad-account connections authenticated, and who controls them?

Why it matters. Connecting to Meta, Google, or TikTok requires ad-account credentials. Some integrations ask for long-lived tokens or API keys stored in an opaque configuration. If the vendor controls those credentials and you have a falling-out or want to offboard, you may not be able to revoke access cleanly.

What a good answer looks like. OAuth 2.0 connections, authorized by your team through the standard ad platform authorization flows. IT owns the connection and can revoke it independently of the vendor at any time. The vendor should never hold credentials on your behalf in a form you can't audit or rotate.

6. What happens when a destination API changes — who owns that migration?

Why it matters. This is the question most teams skip, and it's arguably the most important one for long-term viability. Ad platform APIs change constantly, and sometimes they break. Google is currently deprecating Customer Match in the Google Ads API in favor of the Data Manager API — the migration details are worth reading separately — but the pattern is universal. APIs that power audience sync today will not all exist in the same form in two years.

If you build your own integration or work with a vendor who doesn't keep pace, you inherit the migration cost every time a platform makes a breaking change. With a single platform that might be tolerable. Across Meta, Google, TikTok, X, Snapchat, Pinterest, and whatever comes next, it becomes a continuous engineering tax.

What a good answer looks like. The vendor owns API migrations as part of the subscription. When Google sunsets the Customer Match API, when Meta changes its hashing requirements, when TikTok bumps an API version — those updates ship to you without a professional services engagement. Ask them specifically: "Who paid for the Google Data Manager API migration, and what was the timeline?" If the answer is vague, that's a risk.

7. Is it an AppExchange-listed app that passed the Salesforce security review, or a custom build?

Why it matters. A custom integration built by a SI or internal team carries no external security validation. The Salesforce AppExchange security review is not trivial — it covers data handling, authentication, code practices, and infrastructure. Passing it doesn't guarantee perfection, but it does mean a third party has scrutinized the application against Salesforce's security standards.

What a good answer looks like. Listed on AppExchange, security review passed, installable via a standard one-click package install. No custom development required in your org, no infrastructure to provision.

8. What does pricing scale on — audiences, profiles, volume, or seats?

Why it matters. This question determines how predictable your costs are as your paid media program grows. Consumption-based models (per profile, per record sent) can look cheap at small scale and get very expensive fast. Per-seat pricing penalizes team growth. Per-audience pricing is more predictable: you know roughly how many active audience segments you run at any given time, and that number doesn't spike unpredictably.

What a good answer looks like. Per active audience, with volume discounts as the number of audiences grows. You should be able to build out a cost model before you sign anything. Also ask: what counts as "active"? Does a paused audience still count? What happens if you need to temporarily double your audience count during a campaign period?

Also worth comparing: Advertising Studio vs. Data Cloud Ad Audiences on cost. Data Cloud Ad Audiences is a legitimate path if you're already building on Data Cloud, but it involves a separate license, an ingestion project, and 3–5 year terms. That context matters for the pricing conversation.

9. What's the implementation timeline, and what does my team need to do?

Why it matters. Your contract with Advertising Studio has an end date. If a replacement takes six months to implement, that timeline is not academic. Some solutions require infrastructure setup, data pipeline work, IT involvement across multiple systems, or lengthy SI engagements.

What a good answer looks like. Be specific: not "a few weeks" but an actual breakdown of what happens in each phase and what you're responsible for. A well-packaged AppExchange solution with standard OAuth connections and no infrastructure requirements can realistically go live in about a week. A Data Cloud-based approach requires an ingestion project that takes longer. Neither answer is wrong — but you need the real number, not the optimistic one.

10. What's the lock-in — term length, and what happens if I eventually move to Data Cloud or a warehouse?

Why it matters. The audience activation layer is separate from your data strategy. Today your authoritative customer data lives in SFMC Data Extensions. In two or three years it might live in Data Cloud, Snowflake, or BigQuery. If your activation vendor only reads from Data Extensions, you'll face a forced migration of both your data infrastructure and your activation tooling at the same time.

What a good answer looks like. Annual terms rather than multi-year lock-in. And on the roadmap: support for Data Cloud as a source, then data warehouse sources (Snowflake, Databricks, BigQuery). That way the activation layer grows with your data architecture instead of constraining it.

How Cezium Ads answers these questions

I built Cezium Ads specifically for SFMC teams in this situation, so it's fair to put our own answers on the record.

Data residency and hashing. On audience creation, Cezium Ads generates an automation inside your Marketing Cloud instance. SHA-256 hashing runs there, before anything is transmitted. We store no customer data on our side.

Opt-outs and deletions. They propagate on every sync. There is a full audit trail.

Journey Builder. Supported as a native source alongside Data Extensions.

Authentication. OAuth 2.0, ad-account connections controlled and revocable by your IT team.

API maintenance. We own destination API migrations. The Google Data Manager API transition is an example we navigated on behalf of customers — not something they had to manage themselves.

AppExchange. Listed on AppExchange, security review passed, one-click install, no infrastructure, go-live approximately one week.

Pricing. Per active audience, starting at five audiences. Volume pricing decreases from there. Annual contracts. Teams replacing Ad Studio typically land at least 40% below their previous Salesforce fees.

Destinations live today. Meta, Google, TikTok, X, Snapchat, Pinterest, LINE. Roadmap includes LinkedIn, DV360, Microsoft Ads, Spotify, and retail media networks. On the source side: Data Cloud next, then Snowflake, Databricks, and BigQuery.

Compliance posture. We do not claim SOC 2 today — SOC 2 Type I is on the roadmap, followed by Type II. What we can offer: no customer data stored on our infrastructure, hashing inside your own SFMC instance, and a documented data-flow architecture.

If you want to run through these questions in a live session — including a technical walkthrough of the data flow and the security architecture documentation — that's available on request. No sales deck required.

Reach out at mounir.nejjai@cezium.fr or through cezium.store.