Security.

RevAI builds pipeline infrastructure for commercial teams, which means we are entrusted with valuable customer information. Security is a first-class concern in how we build, deploy, and operate the platform. We follow the principle of least privilege, encrypt data in transit and at rest, and minimise the data we collect and retain.

Customer data is stored with reputable cloud providers within the United Kingdom or the European Economic Area wherever possible. All data is encrypted in transit using TLS 1.2 or later, and at rest using industry-standard encryption provided by our infrastructure partners.

Access to production systems and customer data is restricted to a small number of authorised RevAI personnel and is granted on a need-to-know basis. Personnel access is protected by strong, unique credentials and multi-factor authentication.

We log access to production systems and review logs as part of our normal operating practices.

Where we rely on sub-processors to deliver the service, we choose vendors with strong security track records and appropriate certifications. We review our sub-processors periodically and contractually require them to protect customer data to standards consistent with the UK GDPR. A current list of sub-processors is available on request at hello@revai.tech.

In the event of a security incident affecting customer data, we will investigate promptly, take steps to contain and remediate the issue, and notify affected customers without undue delay. Where required by law, we will also notify the Information Commissioner's Office.

If you believe you have found a security vulnerability in the RevAI website or platform, please email hello@revai.tech with details. We appreciate responsible disclosure and will acknowledge your report and work with you on next steps.

We may update this statement as our practices evolve. The "Last updated" date at the top of this page reflects the most recent revision.