Security
XRAYED uses safeguards designed to protect public and private product data, but no online service can be guaranteed perfectly secure.
Last updated May 27, 2026
Security Approach
XRAYED applies technical, organizational, and operational safeguards appropriate to the nature of the service and the information processed. Those safeguards are designed to limit unauthorized access, reduce abuse, protect private content, and maintain service reliability.
XRAYED also relies on contracted service providers to help operate the service. Those providers maintain their own security programs and may be subject to contractual, legal, and operational obligations.
Reasonable Safeguards
- Access controls for account and owner-only information.
- Private handling for content that is not intentionally published.
- Limited public data exposure for public pages and share surfaces.
- Abuse-prevention and reliability measures for high-risk or high-volume activity.
- Operational monitoring, logging, and incident-review practices.
- Deletion, retention, and backup practices designed to support product, legal, and security needs.
- Vendor-review and confidentiality expectations for service providers.
No Absolute Guarantee
Security incidents can still happen. Unauthorized access, credential compromise, software vulnerabilities, configuration mistakes, provider incidents, data loss, service abuse, device compromise, network interception, and third-party platform incidents are possible despite safeguards.
XRAYED does not guarantee that data, content, accounts, providers, systems, or transmissions will always be secure, available, error-free, or recoverable.
Provider Incidents
XRAYED may use service providers to help provide, protect, maintain, and improve the service. A provider breach, outage, configuration issue, or policy change may affect XRAYED data or service availability.
When a provider notifies XRAYED of an incident, XRAYED will assess the affected data, service impact, contractual notice obligations, legal notice obligations, available mitigations, and any user-facing action needed.
Incident Response
If XRAYED detects or is notified of a security incident, XRAYED may take steps such as investigating the issue, limiting affected functionality, securing access, restoring service, contacting providers, preserving relevant records, notifying affected users, notifying regulators, notifying law enforcement, and publishing service updates where appropriate.
XRAYED will provide breach notifications when required by applicable law or contractual commitments. Notification timing and content depend on the incident, affected data, affected jurisdictions, law-enforcement needs, provider findings, and whether notice is legally required.
User Responsibilities
- Use a secure email account and protect your authentication method.
- Do not share account access, sign-in links, verification codes, or other access credentials.
- Use caution before uploading images that reveal sensitive information, precise location, other people, private spaces, documents, minors, or identifying details.
- Only upload or publish images and content you have the right to use.
- Report suspicious account activity, leaked private media, impersonation, or rights concerns to XRAYED promptly.
Vulnerability Reports
If you believe you found a security vulnerability, contact support@xrayed.co with a clear description, affected URL or endpoint, reproduction steps, and impact. Do not access, copy, alter, publish, delete, or exfiltrate data that does not belong to you.
XRAYED does not currently operate a public bug bounty program. Reports are appreciated, but payment is not promised unless XRAYED signs a separate written agreement.
Security Contact
Contact XRAYED at support@xrayed.co. XRAYED is operated by VONDOU SRL, Rue Baron de Castro 37, 1040 Brussels, Belgium. Enterprise / VAT number: BE 0758.768.048.