LEGAL
Privacy PolicyTerms of ServiceAcceptable Use PolicyAI PolicySecurity PolicyReseller Terms

Security at Reveo

Effective Date: April 10, 2026

Protecting your data is fundamental to our business. This page describes the security measures we implement to safeguard your information.

Q: Where is my data stored?

Your data is stored on Amazon Web Services (AWS) infrastructure in the United States. AWS maintains industry-leading security certifications including SOC 1/2/3, ISO 27001, PCI DSS Level 1, and HIPAA compliance.

Q: Is my data encrypted?

Yes. All data in transit is encrypted using TLS/SSL (minimum TLS 1.2). Database connections are encrypted. Passwords are hashed using bcrypt with random salts.

Q: Does Reveo store my credit card information?

No. Payment processing is handled by our PCI-compliant payment processor. We never store full credit card numbers, CVVs, or sensitive payment data on our servers.

Q: How does Reveo protect against unauthorized access?

  • JWT-based authentication with configurable token expiration
  • Role-based access controls (Owner, Admin, Manager, Team Member, Field Tech)
  • Rate limiting on authentication endpoints (5 requests per minute)
  • Input validation on all API endpoints
  • Session management with automatic expiration
  • Webhook signature verification for third-party integrations (Twilio, Mailgun)

Q: Does Reveo sell my data?

No. We do not sell, rent, or trade your personal information or business data to any third parties. We do not use your data for advertising.

Q: How does Reveo use AI with my data?

AI features (review response suggestions, content generation, message classification) only process your data when you actively use an AI feature. We do not share your data with AI providers for training purposes. See our AI Policy for details.

Q: What monitoring and incident response does Reveo have?

  • Application error monitoring via Sentry with real-time alerting
  • Server health monitoring every 5 minutes with Slack notifications
  • Automated database backups daily to encrypted S3 storage with 30-day retention
  • Uptime monitoring on all production and staging servers
  • Structured logging for security-relevant events
  • Connection health checks for all third-party integrations (Google, Facebook) every 2 hours

Q: How does Reveo handle vulnerabilities?

  • Regular dependency auditing using npm audit
  • Input validation on all write endpoints to prevent injection attacks
  • Parameterized database queries to prevent SQL injection
  • CSRF protection via JWT Bearer authentication
  • Rate limiting on sensitive endpoints
  • CI/CD pipeline includes security checks before deployment

Q: Does Reveo support HIPAA compliance?

Reveo can provide a Business Associate Agreement (BAA) for healthcare customers. Contact support@reveo.com to discuss HIPAA compliance requirements.

Q: How are employee accounts managed?

  • Role-based access with principle of least privilege
  • MFA enabled on all infrastructure accounts (AWS, Bitbucket)
  • SSH key-based authentication for server access (password authentication disabled)
  • Separate credentials for production and staging environments

Q: What happens to my data if I cancel?

Your data is retained for 90 days after account closure to allow for reactivation. After 90 days, your data is permanently deleted from our systems. Backups containing your data are purged according to our 30-day backup retention policy. You may request immediate deletion by contacting us.

Q: How can I report a security concern?

Contact us immediately at security@reveo.com with details of the concern. We take all security reports seriously and will respond within 24 hours.

Related Policies