Trust & Security

All personal data, images, and platform data stored on AWS S3 and RDS are encrypted with AES-256. Encryption keys are managed via AWS KMS with regular rotation.

All API communications and web traffic are encrypted via TLS 1.3. Older protocol versions (TLS 1.0, 1.1) are not accepted. Certificate management via AWS ACM.

All quiXzoom infrastructure runs in AWS eu-north-1 (Stockholm, Sweden). No data is processed or stored outside the European Union.

Production services run in isolated VPCs with strict security group rules. Database instances are not publicly accessible. Outbound access is controlled via NAT gateways.

Before a Zoomer receives their first payout, they complete a one-time Know Your Customer identity check. This is required by payment regulation and takes 3–5 minutes. Only identity-verified contributors participate on the platform.

All active Zoomers have completed identity verification. Anonymous participation is not permitted. This prevents fraud, maintains data quality, and satisfies AML regulatory requirements.

Every image and data submission is reviewed by Landvex AI before payout is approved. The review checks location accuracy, image specification compliance, technical quality, and instruction adherence.

Enterprise clients receive only reviewed and approved submissions. Rejected submissions are not delivered and the Zoomer is not paid for them. This maintains the quality guarantee on all delivered intelligence.

We collect only the data required for each specific purpose. Location is only collected during active missions. No background tracking. No data collected for secondary purposes without a distinct legal basis.

Zoomers may request deletion of their account and associated personal data. Requests are processed within 30 days. Statutory retention obligations (e.g. accounting records) may prevent immediate deletion of specific records.

If you discover a security vulnerability, please report it responsibly to security@quixzoom.com. We acknowledge reports within 48 hours and provide remediation updates. We do not pursue legal action against good-faith security researchers.

Real-time platform status and incident history: quixzoom.com/status

Detailed security architecture and technical controls.

Full data processing and retention details.

GDPR, DAC7, and regulatory compliance overview.