Sign In

Security at Revfold

How we protect your revenue data

Hosted on Vercel

SOC 2 Type II

Powered by Supabase

SOC 2 Type II

Row-Level Security

105 RLS policies

Encrypted

AES-256 + TLS 1.2+

Data Isolation

Every customer's data is isolated at the database level using Supabase Row-Level Security. All 44 tables enforce organization-scoped access policies — your data is never visible to other customers, even in shared infrastructure.

105 RLS policies across 44 tables

Entity-scoped access for multi-entity organizations

Role-based permissions: admin, viewer, API-only

Encryption

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). SSP credentials are stored in encrypted database fields behind row-level security policies.

HTTPS enforced on all endpoints

Database encryption at rest via AWS infrastructure

Credential masking in all API responses

Authentication

User authentication is handled by Supabase Auth with industry-standard OAuth 2.0 / JWT tokens. Sessions expire automatically and refresh tokens are rotated.

OAuth 2.0 authentication

JWT session tokens with automatic expiry

Password hashing via bcrypt (Supabase default)

API keys use HMAC-SHA256 hashing with per-key rate limiting (1,000 req/hr)

Audit Trail

All significant user actions are logged with timestamps, IP addresses, and user identification. Audit logs are available to organization administrators.

Login events, data exports, configuration changes

Immutable audit log table — no policies allow deletion or modification

Viewable and exportable from the admin dashboard

Infrastructure

Revfold is hosted on Vercel (frontend) and Supabase (database), both of which maintain SOC 2 Type II certifications. Our infrastructure providers handle physical security, network isolation, and disaster recovery.

Vercel: SOC 2 Type II certified

Supabase: SOC 2 Type II certified

AWS us-east-1 region

Automatic daily database backups

Security Roadmap

We are actively working toward:

SOC 2 Type II certification for Revfold itself

GDPR data processing agreements

Application-layer credential encryption

Automated data retention policies

Annual third-party penetration testing

Security Inquiries

For security inquiries, vulnerability reports, or to request our security questionnaire, contact us at:

security@revfold.com
Hosted on Vercel
Powered by Supabase
Row-Level Security
Encrypted