RevfoldSign In

Security at Revfold

How we protect your revenue data

Hosted on Vercel

SOC 2 Type II

Powered by Supabase

SOC 2 Type II

Row-Level Security

105 RLS policies

Encrypted

AES-256 + TLS 1.2+

Data Isolation

Every customer's data is isolated at the database level using Supabase Row-Level Security. All 44 tables enforce organization-scoped access policies — your data is never visible to other customers, even in shared infrastructure.

105 RLS policies across 44 tables
Entity-scoped access for multi-entity organizations
Role-based permissions: admin, viewer, API-only

Encryption

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). SSP credentials are stored in encrypted database fields behind row-level security policies.

HTTPS enforced on all endpoints
Database encryption at rest via AWS infrastructure
Credential masking in all API responses

Authentication

User authentication is handled by Supabase Auth with industry-standard OAuth 2.0 / JWT tokens. Sessions expire automatically and refresh tokens are rotated.

OAuth 2.0 authentication
JWT session tokens with automatic expiry
Password hashing via bcrypt (Supabase default)
API keys use HMAC-SHA256 hashing with per-key rate limiting (1,000 req/hr)

Audit Trail

All significant user actions are logged with timestamps, IP addresses, and user identification. Audit logs are available to organization administrators.

Login events, data exports, configuration changes
Immutable audit log table — no policies allow deletion or modification
Viewable and exportable from the admin dashboard

Infrastructure

Revfold is hosted on Vercel (frontend) and Supabase (database), both of which maintain SOC 2 Type II certifications. Our infrastructure providers handle physical security, network isolation, and disaster recovery.

Vercel: SOC 2 Type II certified
Supabase: SOC 2 Type II certified
AWS us-east-1 region
Automatic daily database backups

Security Roadmap

We are actively working toward:

SOC 2 Type II certification for Revfold itself
GDPR data processing agreements
Application-layer credential encryption
Automated data retention policies
Annual third-party penetration testing

Security Inquiries

For security inquiries, vulnerability reports, or to request our security questionnaire, contact us at:

security@revfold.com