How Revity protects your data

Data handling

• Data minimization: we store only what we need to deliver revenue protection and recovery workflows.
• Tenant isolation for each connected Stripe account; no cross-tenant access.
• Role-based access for internal staff with least-privilege permissions.

Encryption

• TLS 1.2+ for all app, API, and webhook traffic.
• Cloud-provider encryption at rest for databases, backups, and logs.
• Secrets stored in the hosting platform's encrypted secret store.

Application & infrastructure

• Scoped Stripe OAuth tokens; signature-verified webhooks; idempotent handlers.
• Routine dependency updates, CI lint/build checks, and service health monitoring.
• Backups with point-in-time recovery per database provider capabilities.

Incident response

• Logging for authentication, webhook processing, and revenue protection jobs.
• For security inquiries, please contact us.
• We notify affected customers without undue delay if a breach is confirmed.

Vendors & subprocessors

Core vendors include our cloud hosting provider, MongoDB (database), email provider, and analytics. We review vendor security posture and limit shared data to operational necessity. See the DPA for the current list.