Security & Trust – quiXzoom

🔐

TLS 1.3 in transit

All data transferred between clients and quiXzoom servers is encrypted with TLS 1.3. Older protocol versions are not accepted.

🗄️

AES-256 at rest

All stored data — including images, metadata, and personal data — is encrypted at rest using AES-256.

🖼️

Encrypted image storage

Submission images are stored in encrypted S3 buckets with strict access controls. Pre-signed URLs with short expiry are used for delivery.

🔑

API authentication

OAuth 2.0 for user authentication. HMAC-SHA256 signatures on all webhook payloads — verify them on your side before processing.

🚫

No third-party data sharing

We do not sell or share your data with third parties without explicit consent. Sub-processors are listed in our DPA.

🪪

Zoomer identity verification

All Zoomers complete KYC via Stripe Identity before they can accept missions or receive payouts. Government ID + liveness check required.

💳

PCI DSS Level 1 payment processing

All payments processed via Stripe Connect. We never store, process, or transmit payment card data on our own servers.

🏦

Payout infrastructure

Zoomer payouts via Stripe Connect. SEPA for EU Zoomers, SWIFT for international. Bank details are stored and managed by Stripe — not by quiXzoom.

Data protection details

Topic	Detail
Data controller	quiXzoom / LandveX AB, Sweden
Legal basis (Zoomers)	Contract performance — processing necessary to fulfil the Zoomer service agreement
Legal basis (Organisations)	Legitimate interest — providing the data collection service requested
Data retention	Active account data kept while account is active + 7 years (EU accounting obligations)
Right to erasure	Submit requests to privacy@quixzoom.com — processed within 30 days. Some financial records retained for legal obligations.
DPA	Data Processing Agreement available for enterprise customers — contact legal@quixzoom.com
International transfers	Data processed within the EU/EEA. Where sub-processors are outside EEA, Standard Contractual Clauses (SCCs) apply.

🇪🇺

GDPR (EU 2016/679)

General Data Protection Regulation — governing collection, storage, and processing of personal data of EU residents.

📋

DAC7

EU directive on platform economy tax reporting. quiXzoom reports Zoomer earnings to relevant tax authorities as required under DAC7.

🔍

AML / KYC

Anti-money laundering and Know Your Customer requirements fulfilled via Stripe Identity and Stripe Connect's compliance infrastructure.

Found a security issue?

We take security reports seriously. Please email security@quixzoom.com with a description of the issue, steps to reproduce, and your contact details.

⏱️

48-hour response

We commit to acknowledging all good-faith security reports within 48 hours.

🤝

No legal action

We do not pursue legal action against researchers acting in good faith. We ask that you do not access, modify, or expose user data beyond what is needed to demonstrate the issue.

💰

Bug bounty

No formal bug bounty program yet. Launching August 2026