Qurifix
Product Sample report Pricing Resources Capture guide Workspace Run SKU audit

Trust

Security and Data Handling

Last updated: June 1, 2026

Qurifix is operated by 宁波通变知化科技有限公司. This page summarizes how that operating entity handles account access, product evidence, reports, billing records, and security reports for the Qurifix service.

Authentication

Qurifix uses email and password sign-in. Password hashes and session tokens are stored securely. Signed-in sessions use an HttpOnly cookie with SameSite=Lax, and Secure is used when the request is served over HTTPS.

Access Controls

Account audit history requires a signed-in session. Private report links may use access tokens for controlled report access; newly created report access tokens are stored as hashes. Billing actions require account authentication and Creem signature validation where applicable.

Payment Handling

Qurifix does not directly store card numbers. Checkout, billing portal access, customer IDs, subscription IDs, and billing status are handled through Creem. Webhook events are verified with signatures before billing state is updated.

Audit Data Retention

Audit retention is plan-based: Free Trial is 7 days, Lite is 180 days, Pro is 365 days, and Enterprise is 730 days unless a separate enterprise agreement says otherwise. Security logs, billing records, webhook records, and legal records may be retained longer when needed.

Evidence Handling

Avoid submitting passwords, credentials, private customer data, payment data, or unnecessary personal information in product evidence. Qurifix is designed for product URLs, visible product-page evidence, screenshots submitted by user action, and ecommerce listing information.

Capture privacy is bounded by public product evidence. Qurifix Capture should not collect private admin pages, checkout flows, account pages, orders, customer records, seller-center credentials, or billing screens.

  • No cookies: Qurifix does not need browser cookies to diagnose a public product page.
  • No checkout data: checkout, payment, cart, and billing views are outside the evidence boundary.
  • No customer records: customer names, order histories, addresses, messages, and support records should never be submitted.

Product URL inspection is restricted to public HTTP and HTTPS pages. Qurifix blocks localhost, private network addresses, link-local addresses, and common cloud metadata addresses before fetching or following redirects.

Report Sharing Controls

Report sharing controls are designed for readonly client handoff. Shared report links should summarize SKU readiness, missing evidence, and next action without exposing the private Workspace, account settings, billing details, or unrelated audit history.

Contact Security

Report security concerns to [email protected]. Include the affected URL, steps to reproduce, impact, and your contact information.

Qurifix
Qurifix

Product evidence repair for ecommerce teams competing on AI shopping shelves.

No fake reviews No ranking guarantees Evidence-based repair only
Product Home Product Workspace Capture guide Sample report Plans
Resources Resource hub Help Center AEO Guide Demo case study Integrations
Solutions Ecommerce sellers Brands and growth teams Agency delivery Multi-SKU portfolios
Company Contact Changelog Security Status
Legal Legal Privacy Policy Terms of Service Refund policy AI disclaimer Cookie notice
Contact: [email protected] · X
© 2026 Qurifix. Operated by 宁波通变知化科技有限公司. Not affiliated with Shopify, Amazon, TikTok, or other marketplaces named on this site.