This page summarises the controls we currently have in place. It is maintained by immoQ and describes practices — not an independent certification.
Encryption in transit
All traffic to immoQ is served over HTTPS (TLS). Data between our web layer and our database backend is encrypted in transit.
Row-level security
Every database table storing user data uses Row-Level Security policies. Users can only read and modify rows they own, or rows explicitly shared with them.
Authenticated access
Sign-in supports email/password and Google. Passwords are checked against known breached-password lists to block reuse of leaked credentials.
Two-factor authentication
You can enable a TOTP authenticator (Google Authenticator, 1Password, etc.) from Settings once available for your account.
Identity verification (itsme®)
Belgian residents can verify their identity with itsme®. Verified profiles get a trust badge, and landlords can require verified applicants only.
Payments (PCI-DSS)
Subscriptions and one-off purchases are handled by Paddle.com as Merchant of Record. Card data never touches immoQ servers. Paddle is PCI-DSS certified.
GDPR self-service
You can download every record we hold about you as JSON, request permanent account deletion, and view your consent history any time from Settings → Privacy.
Cookie consent
Non-essential cookies (analytics, marketing) are off by default. You can adjust preferences from the cookie banner at any time.
Content moderation
Any listing, message or profile can be reported. Reports are reviewed by our moderation team and actioned within 72 hours.
AI disclaimer
AI features (matching, search, legal chat, descriptions) are informational only, may contain mistakes, and do not replace professional advice.
Report a security issue
Please email security@immoq.app with details. We respond within one business day.