The OXIAE trust center: trust, made demonstrable
You run your lead operation under your own brand on OXIAE, so you need to be able to demonstrate that the foundation is solid. This page brings together everything related to security and reliability in one place: the status of our systems, how security and privacy are set up, where your data lives, which sub-processors we work with and how to report a vulnerability. No loose promises, just explainable choices you can in turn share with your publishers and buyers.
All systems operational
Real-time status of the platform and the underlying infrastructure that runs your lead operation.
We are honest about what this means: 99.9% is an uptime target (on an annual basis) that we structurally strive for, not a contractual commitment on this page. We announce planned maintenance in advance and keep it as short as possible, so your platform keeps running.
Secure at every level
At OXIAE, security is not a separate component but woven into every layer of the platform: from encrypted transport and storage to strict access control and a complete audit trail. You run your brand on top of it, so the personal data of people who submit a request through your operation deserves protection at the level you would expect from financial and legal infrastructure.
View security & encryption- Encrypted transport Every connection runs over TLS, from intake to routing to your buyers.
- Encrypted storage Data at rest is protected with strong encryption.
- Least-privilege access Permissions per role, limited to what is strictly necessary, with MFA.
- Audit logging Every processing step and access is traceable and exportable, for you and for your customers.
Privacy & compliance
GDPR compliance sits at the core of the platform, not bolted on as an afterthought. Consent and provenance are recorded per request, and a full audit trail makes every processing step demonstrable, so you, in turn, can show your operation is in order to publishers, buyers and regulators alike. Our privacy policy sets out exactly which data we process, for what purpose and for how long.
Processing & sub-processors
For the data you process via the platform in your own lead operation, OXIAE typically acts as processor: you remain the data controller towards your publishers and buyers. We capture that division of roles in a data processing agreement and are transparent about the sub-processors we engage, so it is always clear who is responsible for what.
Your data stays in the European Union
Personal data and requests that flow through your platform are stored and processed within data centers in the European Union, with the Netherlands as the primary region. We deliberately choose EU data residency, so you don't have to rely on constructs for transfers to countries outside the EEA under the GDPR. Backups also stay within European data centers.
- Storage in the EU: primary region the Netherlands, no default storage outside the EEA.
- Data residency: processing and backups stay within European data centers.
- Recognized infra providers: hosted with European parties with demonstrable security certification.
Helped us find a flaw? We'd love to hear from you
No system is perfect. If you discover a vulnerability in the platform, report it to us through coordinated disclosure. Together we fix it before it can be exploited, which benefits you and every lead generator running on OXIAE.
The principles of coordinated disclosure
Report privately
Send your finding directly to security@oxiae.com and don't make it public before we have reached a solution together. This prevents a vulnerability from being exploited before it is fixed.
Give us reasonable time
We confirm your report as quickly as possible and keep you informed of progress. Please give us a reasonable period to investigate and resolve the issue before communicating further about it.
No abuse, no exfiltration
Limit yourself to what is strictly necessary to demonstrate the vulnerability. Do not delete, modify, or copy data belonging to you or your customers, and do not extract data from the platform. Did you accidentally access personal data? Then stop and report it immediately.
Our commitment to you
We genuinely appreciate it when you point out a vulnerability to us responsibly. Report it in good faith and abide by the principles above, and we will not take legal action against you. We confirm your report, keep you informed and are happy to give you recognition for your contribution once the issue is resolved.
Last updated on June 26, 2026.
Frequently asked questions about the trust center
The questions lead generators, partners and security researchers ask us most often about the security and reliability of the platform.
What does the 99.9% uptime target mean?
It is the availability level we structurally strive for on an annual basis for the platform running your lead operation. On this page we present it honestly as a target, not as a hard contractual guarantee. Need availability arrangements for your situation? Discuss it with us at ricardo@oxiae.com.
Where exactly is our data stored?
In data centers within the European Union, with the Netherlands as the primary region. We deliberately choose EU data residency, so there is no default transfer to countries outside the EEA. Backups also stay within European data centers.
How do I report a vulnerability?
Send your finding directly and privately to security@oxiae.com, or consult /.well-known/security.txt for the current contact details. Abide by the principles of coordinated disclosure: report privately, give us reasonable time to resolve it, and do not abuse or exfiltrate data.
Do vulnerability reporters face legal risk?
No. Report in good faith and abide by our responsible disclosure guidelines, and we will not take legal action against you. We appreciate responsible reporting and, on request, give you recognition for your contribution once the issue is resolved.
Who is the processor and who is the controller?
For the data you process via the platform in your own lead operation, OXIAE typically acts as processor on behalf of you as the controller. We capture that division of roles in a data processing agreement and are transparent about the sub-processors we engage.
Can I get documentation for due diligence?
Yes. For a tender or due diligence we make additional documentation available on request, such as information about security measures and sub-processors, handy for when you in turn need to account to your buyers. Request it at ricardo@oxiae.com.
Further reading on security and compliance
- Security & complianceHow GDPR compliance, provenance tracking and audit trail are woven into the platform.
- Security & encryptionEncrypted transport and storage, least-privilege access and audit logging.
- Data processing agreementThe division of roles between you and OXIAE and the sub-processors we engage.
Questions about security or compliance?
Book a demo or get in touch: we're happy to show you how trust in the platform is demonstrated, not just promised.