QuickLead Home
Security Overview

Security

This page describes how QuickLead protects your data across the browser extension, portfolio, AI assistant, and backend services.

Operator
CryptoChrist It's Alive!, Unipessoal Lda.
Effective
June 24, 2026
Contact
support@quicklead.tools
We take security seriously and apply practical safeguards to protect your data. No service can guarantee perfect security, but we continuously work to improve our protections.

1. Encryption in transit

All communication between your browser, the extension, and our servers uses HTTPS (TLS encryption). This includes listing captures, AI chat messages, billing operations, and account management.

2. Account separation

Each user account has its own isolated portfolio. Your captured listings, notes, buyer profile, and chat history are only accessible to you and family members you explicitly invite (Plus plan). Other users cannot see your data.

Account authentication uses secure session tokens with automatic expiry. Family members authenticate independently with their own credentials.

3. AI data handling

When you use the Decision Assistant, listing data and conversation context are sent to Alibaba Cloud Model Studio (Qwen) via their API. Alibaba Cloud has confirmed that data submitted through their API is not used for model training. The connection uses HTTPS and API key authentication.

4. Payment security

All payments are processed by Stripe. We never store, see, or have access to your credit card number. Stripe is PCI DSS Level 1 certified — the highest level of payment security.

5. Rate limits and abuse prevention

We enforce rate limits on account creation, captures, and chat messages to prevent abuse and protect service availability. Accounts creating excessive requests may be temporarily throttled. We also limit account creation per device and IP address.

6. Secret management

Service credentials, API keys, and encryption secrets are stored in managed environment variables and are never exposed in application logs or client-side code.

7. Logging and monitoring

We maintain operational logs for reliability, incident response, and abuse detection. Logs contain request metadata (timestamps, response codes, latency) but do not store raw personal data, passwords, or payment details.

8. Data minimisation

We aim to collect and retain only the data needed to provide the service. Security logs are retained for up to 90 days. Portfolio data is kept while your account is active and deleted within 30 days of account deletion. See our Privacy Policy for full retention details.

9. Reporting security issues

If you discover a security vulnerability or have a concern, please report it to support@quicklead.tools. We take all reports seriously and will respond as quickly as possible.