Security You Can Trust
Your review data, platform credentials, and business information are protected with industry-standard encryption, authentication, and access controls.
Data Security
AES-256-CBC Encryption at Rest
All sensitive data β API tokens, credentials, and platform access keys β are encrypted with AES-256-CBC before storage. Your business data is protected at every layer.
TLS 1.3 in Transit
Every data transfer uses TLS 1.3 encryption. All API calls, webhook deliveries, and platform connections are end-to-end encrypted.
OAuth 2.0 Platform Connections
No passwords stored for connected platforms. Secure token-based access for Google, Facebook, Instagram, and LinkedIn integrations. Tokens are revocable at any time.
JWT HS256 Authentication
Access and refresh token architecture with HS256-signed JWT tokens. Short-lived access tokens with automatic rotation and secure refresh token management.
Role-Based Access Control
Granular RBAC with organization owner, admin, and member roles. Control who can view, respond to, and manage reviews at each location.
Two-Factor Authentication (2FA)
Optional TOTP-based 2FA via any standard authenticator app (Google Authenticator, Authy, etc.) for an additional layer of account protection.
Privacy & Compliance
GDPR Compliant
Full compliance with EU General Data Protection Regulation. Data export, right to erasure, consent management, and data processing agreements available.
CCPA Ready
California Consumer Privacy Act compliance. We do not sell personal data, and we honor all access and deletion requests.
Data Minimization
We only collect data necessary to provide the service. No tracking beyond what is needed for your review management.
Account Soft-Delete
30-day grace period when you delete your account. After that, all data is permanently and irreversibly erased from our systems.
Data Export
Export all your data at any time in standard formats. Your data belongs to you.
No Data Selling
We never sell, share, or monetize your data. Your reviews, responses, and analytics stay yours alone.
Infrastructure Protection
Nginx Security Headers
Content Security Policy (CSP), HTTP Strict Transport Security (HSTS), Permissions-Policy, X-Frame-Options, and X-Content-Type-Options configured server-side.
Rate Limiting
100 requests/min global rate limit, 10 requests/min for AI endpoints. Protects against abuse and ensures fair usage.
HMAC SHA-256 Webhooks
All outgoing webhook payloads are signed with HMAC SHA-256, allowing you to verify the authenticity of every notification.
Automated Backups
PostgreSQL database with regular automated backups. Redis persistence for real-time data with health monitoring.
Transparency Note
RevioReputation follows security best practices but does not hold formal SOC 2, ISO 27001, or HIPAA certifications. We are committed to continuously improving our security posture and will pursue formal certifications as the platform grows. If you have specific compliance requirements, please contact security@revioreputation.com.
Security FAQ
Is my review data encrypted?
Yes. All sensitive data including platform tokens and credentials are encrypted with AES-256-CBC at rest. Data in transit is protected with TLS 1.3.
Do you store my Google/Facebook passwords?
Never. We use OAuth 2.0 for all platform connections. We only store encrypted access tokens, which you can revoke at any time from your integrations settings.
Can I delete all my data?
Yes. You can delete your account from Settings. There is a 30-day grace period during which data can be recovered, after which all data is permanently erased. You can also request immediate deletion by emailing support@revioreputation.com.
Do you sell customer data?
Never. Your data is yours. We never sell, share, or monetize customer data. We only access your review data to provide the service.
Questions About Security?
Our team is happy to discuss your specific security requirements.