Security

Your call data is the asset. We treat it that way.

Most of what's on this page isn't policy — it's architecture. These guarantees hold because of how the system is built, not because of what a document promises.

tenant.isolation = row_level_security

Isolation the database enforces

Every table carries row-level security policies, enforced by PostgreSQL itself. The application connects as a restricted role that physically cannot read another tenant's rows — even a bug in our application code can't cross the wall, because the wall isn't in the application. Schema migrations run under a separate privileged role that the running product never uses.

rev.data_path = read_only

Rev cannot change your data

Rev's access to your call and CRM data is read-only, enforced at the tool layer — not by a system prompt asking it nicely. It can analyze every call you've ever made; it cannot edit, delete, or write back a single record. Actions Rev takes elsewhere (posting a recap to Slack, drafting a training doc) never touch the data store.

raw_events = immutable

Raw data lands first, immutably

Every payload you send is preserved before any processing touches it. Extraction, scoring, and enrichment all derive from the immutable record, which means our pipeline can be re-run — and improved — without ever asking you to re-upload anything. It also means there is always a ground truth to audit against.

transport = tls / storage = encrypted

Encryption in transit and at rest

All traffic — browser to app, app to API, webhook ingestion — runs over TLS. Data at rest is stored on encrypted volumes with our infrastructure providers. Credentials and API keys are held in our hosting providers' secret managers, never in code or configuration files.

ai.training = never

Your calls don't train anyone's models

We use foundation-model providers to read transcripts and extract structure. Under our API agreements, those providers do not train their models on your data. Your call history makes your Rev smarter — it is never pooled, resold, or used to improve anyone else's product.

tenant.deletion = complete

Leaving means leaving

Your raw events, extractions, and derived data belong to you. If you close your workspace, we delete the tenant's data — including the immutable raw store — on request. Email security@revenuerep.ai and we'll confirm when it's done.

Subprocessors

We keep the list short on purpose. Each processes data only for the purpose listed:

Anthropic	Transcript extraction and Rev's reasoning
OpenAI	Vector embeddings for search
Render	API, workers, and PostgreSQL hosting
Vercel	Web application hosting
Resend	Transactional email (verification, resets)

Found something?

If you believe you've found a vulnerability, email security@revenuerep.ai. We read every report, we respond quickly, and we won't pursue good-faith researchers.