Security

Your Data Security Is Our Priority

Revu is built with security at every layer. From encryption to access controls to infrastructure, we protect your business data and your customers’ information.

Encryption

  • All data encrypted in transit using TLS 1.2+
  • Data encrypted at rest using AES-256
  • Database connections secured with SSL
  • OAuth tokens and API keys encrypted before storage

Authentication & Access

  • Secure password hashing with bcrypt
  • Google OAuth 2.0 support
  • Session tokens with automatic expiration
  • Role-based access controls for team accounts

Infrastructure

  • Hosted on Digital Ocean with SOC 2 compliance
  • Database hosted on Supabase with automated backups
  • Network-level firewalls and DDoS protection
  • Regular security patches and dependency updates

Data Privacy

  • We never sell your data to third parties
  • AI processing via Anthropic — no model training on your data
  • Minimal data collection — only what is needed to operate
  • Data deletion within 30 days of account closure

Monitoring & Incident Response

  • Real-time application monitoring and alerting
  • Automated anomaly detection for suspicious activity
  • Defined incident response procedures
  • Prompt notification in the event of a data breach

Development Practices

  • Code review required for all changes
  • Dependency vulnerability scanning
  • Environment-separated staging and production
  • Secrets managed through environment variables, never committed to code

Responsible Disclosure

We value the security community’s efforts to help keep Revu and our users safe. If you discover a security vulnerability, please report it to us responsibly at [email protected]. We ask that you:

  • Provide sufficient detail to reproduce the vulnerability
  • Allow reasonable time for us to address the issue before public disclosure
  • Do not access, modify, or delete other users’ data during your research

We commit to acknowledging your report within 48 hours and providing regular updates on our progress toward a fix.

Third-Party Service Providers

We carefully vet all third-party services used in the operation of Revu:

  • Supabase: Database and authentication — SOC 2 Type II compliant
  • Digital Ocean: Application hosting — SOC 2 Type II, ISO 27001 certified
  • Anthropic: AI processing — does not train on customer data
  • Resend: Email delivery — encrypted transmission
  • Twilio / ClickSend: SMS delivery — SOC 2 compliant

Questions

If you have questions about our security practices or want to report a concern, contact us at [email protected].