How we keep your data and payments safe
Security is not an afterthought — it’s built into every layer of how PixelQuick handles customer accounts, creative output, and payments. Here’s a plain-language summary of what we do and don’t do.
PCI-DSS compliant payments
All card data is collected, tokenised, and stored by Stripe — a PCI-DSS Level 1 certified payment processor. PixelQuick never sees, stores, or has access to your full card number, CVC, or expiry.
TLS encryption everywhere
Every request to pixelquick.org is served over TLS 1.3 with modern cipher suites. HTTP traffic is automatically redirected. HSTS is enforced with preload eligibility.
Hardened infrastructure
The application runs on managed infrastructure with DDoS protection, automatic patching, and isolated per-environment credentials. Production secrets are never committed to source control.
Minimal data collection
We collect only what's needed to run your account and process payments. Billing addresses and card metadata are held by Stripe, not us. We don't sell or share your personal information.
Strong authentication
Passwords are hashed with bcrypt before storage. Session tokens are HTTP-only, SameSite=Lax, and rotated on sensitive actions. Optional 2FA is available for high-value accounts.
Responsible disclosure
We welcome security reports from researchers. Email security findings to support@pixelquick.org with as much detail as you can share. We aim to acknowledge within 48 hours.
How PixelQuick appears on your statement
When you buy credits, your card statement will show a charge labelled:
Depending on your card issuer, the descriptor may also include a package suffix (e.g. PIXELQUICK.ORG* DESIGN-MD) indicating which credit bundle was purchased. If you see a PixelQuick charge you don’t recognise, please email admin@pixelquick.org before disputing — most cases are resolved within a few hours.