Skip to content
Trust center

The OXIAE trust center: trust, made demonstrable

You run your lead operation under your own brand on OXIAE, so you need to be able to demonstrate that the foundation is solid. This page brings together everything related to security and reliability in one place: the status of our systems, how security and privacy are set up, where your data lives, which sub-processors we work with and how to report a vulnerability. No loose promises, just explainable choices you can in turn share with your publishers and buyers.

GDPR-compliant EU data residency Full audit trail

All systems operational

Real-time status of the platform and the underlying infrastructure that runs your lead operation.

No incidents
99.9%
Annual uptime target
TLS
Encrypted transport on every connection
EU
Data location within the European Union

We are honest about what this means: 99.9% is an uptime target (on an annual basis) that we structurally strive for, not a contractual commitment on this page. We announce planned maintenance in advance and keep it as short as possible, so your platform keeps running.

Security

Secure at every level

At OXIAE, security is not a separate component but woven into every layer of the platform: from encrypted transport and storage to strict access control and a complete audit trail. You run your brand on top of it, so the personal data of people who submit a request through your operation deserves protection at the level you would expect from financial and legal infrastructure.

View security & encryption
  • Encrypted transport Every connection runs over TLS, from intake to routing to your buyers.
  • Encrypted storage Data at rest is protected with strong encryption.
  • Least-privilege access Permissions per role, limited to what is strictly necessary, with MFA.
  • Audit logging Every processing step and access is traceable and exportable, for you and for your customers.

Privacy & compliance

GDPR compliance sits at the core of the platform, not bolted on as an afterthought. Consent and provenance are recorded per request, and a full audit trail makes every processing step demonstrable, so you, in turn, can show your operation is in order to publishers, buyers and regulators alike. Our privacy policy sets out exactly which data we process, for what purpose and for how long.

Processing & sub-processors

For the data you process via the platform in your own lead operation, OXIAE typically acts as processor: you remain the data controller towards your publishers and buyers. We capture that division of roles in a data processing agreement and are transparent about the sub-processors we engage, so it is always clear who is responsible for what.

Data location

Your data stays in the European Union

Personal data and requests that flow through your platform are stored and processed within data centers in the European Union, with the Netherlands as the primary region. We deliberately choose EU data residency, so you don't have to rely on constructs for transfers to countries outside the EEA under the GDPR. Backups also stay within European data centers.

  • Storage in the EU: primary region the Netherlands, no default storage outside the EEA.
  • Data residency: processing and backups stay within European data centers.
  • Recognized infra providers: hosted with European parties with demonstrable security certification.
Responsible disclosure

Helped us find a flaw? We'd love to hear from you

No system is perfect. If you discover a vulnerability in the platform, report it to us through coordinated disclosure. Together we fix it before it can be exploited, which benefits you and every lead generator running on OXIAE.

The principles of coordinated disclosure

Report privately

Send your finding directly to security@oxiae.com and don't make it public before we have reached a solution together. This prevents a vulnerability from being exploited before it is fixed.

Give us reasonable time

We confirm your report as quickly as possible and keep you informed of progress. Please give us a reasonable period to investigate and resolve the issue before communicating further about it.

No abuse, no exfiltration

Limit yourself to what is strictly necessary to demonstrate the vulnerability. Do not delete, modify, or copy data belonging to you or your customers, and do not extract data from the platform. Did you accidentally access personal data? Then stop and report it immediately.

Our commitment to you

We genuinely appreciate it when you point out a vulnerability to us responsibly. Report it in good faith and abide by the principles above, and we will not take legal action against you. We confirm your report, keep you informed and are happy to give you recognition for your contribution once the issue is resolved.

Last updated on June 26, 2026.

Frequently asked questions about the trust center

The questions lead generators, partners and security researchers ask us most often about the security and reliability of the platform.

What does the 99.9% uptime target mean?

It is the availability level we structurally strive for on an annual basis for the platform running your lead operation. On this page we present it honestly as a target, not as a hard contractual guarantee. Need availability arrangements for your situation? Discuss it with us at ricardo@oxiae.com.

Where exactly is our data stored?

In data centers within the European Union, with the Netherlands as the primary region. We deliberately choose EU data residency, so there is no default transfer to countries outside the EEA. Backups also stay within European data centers.

How do I report a vulnerability?

Send your finding directly and privately to security@oxiae.com, or consult /.well-known/security.txt for the current contact details. Abide by the principles of coordinated disclosure: report privately, give us reasonable time to resolve it, and do not abuse or exfiltrate data.

Do vulnerability reporters face legal risk?

No. Report in good faith and abide by our responsible disclosure guidelines, and we will not take legal action against you. We appreciate responsible reporting and, on request, give you recognition for your contribution once the issue is resolved.

Who is the processor and who is the controller?

For the data you process via the platform in your own lead operation, OXIAE typically acts as processor on behalf of you as the controller. We capture that division of roles in a data processing agreement and are transparent about the sub-processors we engage.

Can I get documentation for due diligence?

Yes. For a tender or due diligence we make additional documentation available on request, such as information about security measures and sub-processors, handy for when you in turn need to account to your buyers. Request it at ricardo@oxiae.com.

Questions about security or compliance?

Book a demo or get in touch: we're happy to show you how trust in the platform is demonstrated, not just promised.