RevSure.AI Inc Trust Center

Compliance

SOC2 TYPE II

ISO 27001:2022

GDPR

Resource

No resource present!

Controls

Product Security

Audit Logging
Integrations
Security Contact

Reports

Pen Test Report
Architecture Diagram
Certifications

Data Security

Access Monitoring
Backups
Encryption

App Security

Code Analysis
Secure Development Practices
Web Application Firewall

Access Control

Data Access
Logging
Password Security

Infrastructure

Anti DDoS
Business Continuity and Disaster Recovery
Infrastructure Security

Endpoint Security

Disk Encryption
MDM
Threat Detection

Network Security

Real time security and events management
Zero Trust

Corporate Security

Email protection
Employee Training
Incident Response

Security Grades

CryptCheck
HSTS Preload List
Qualys SSL Labs

Product Security

Audit Logging

Comprehensive logging practices ensure visibility into actions taken within our applications.

Integrations

All integrations undergo security assessments to ensure compliance with our standards.

Security Contact

A designated security contact is established for inquiries and incident reporting.

Multi Factor Authentication

MFA is enforced for all user access to enhance security measures.

Role Based Access Control

Access control is based on defined roles to restrict data access effectively.

SSO support

Single Sign-On (SSO) capabilities are implemented to streamline secure access to applications.

Reports

Pen Test Report

Outcomes of penetration tests are documented and used to inform security improvements.

Architecture Diagram

Up-to-date architecture diagrams reflect the security posture of our systems.

Certifications

We maintain relevant certifications that demonstrate our commitment to security best practices.

Data Security

Access Monitoring

We employ continuous access monitoring to ensure compliance with access control policies and detect unauthorized access promptly.

Backups

Regular backups are performed and securely stored to ensure that critical data can be recovered in the event of any incident.

Encryption

All sensitive data both at rest and in transit is encrypted using recognized standards (e.g., AES-256) to prevent unauthorized access.

Physical Security

Physical security measures, such as biometric controls and surveillance systems, are in place to protect our facilities and access points.

App Security

Code Analysis

We perform static code analysis throughout the development lifecycle to identify vulnerabilities early and ensure adherence to secure coding practices.

Secure Development Practices

Our development process mandates secure coding standards, peer reviews, and rigorous test cycles to safeguard applications against vulnerabilities.

Web Application Firewall

We have implemented a Web Application Firewall (WAF) to filter and monitor HTTP traffic to and from our applications, ensuring protection against common web exploits.

Our privacy policy outlines our commitment to data protection in compliance with GDPR and other regulations, detailing how we collect, use, and safeguard personal data.

The terms of service lay out user expectations and responsibilities, including compliance with our security protocols.

Subprocessors

We conduct thorough due diligence and ensure compliance agreements with subprocessors that handle personal data.

Data Processing Agreement

Agreements with subprocessors include data processing terms that align with our data protection commitments.

Access Control

Data Access

Access is granted based on a principle of least privilege, ensuring users only have access to data necessary for their roles.

Logging

Comprehensive logging of user access and actions is maintained to support auditing and incident response.

Password Security

Password policies enforce the use of strong, unique passwords and regular updates to ensure account protection.

Infrastructure

Anti DDoS

DDoS protection mechanisms are in place to defend against distributed denial of service attacks.

Business Continuity and Disaster Recovery

Comprehensive plans are in place to ensure business continuity and recovery from incidents.

Infrastructure Security

Regular assessments and reviews ensure the security and integrity of our infrastructure.

Cloud Infrastructure Provider

We utilize reputable cloud service providers that comply with industry standards and security certifications.

Separation between Production and non-production

Strict segregation is maintained between production and non-production environments to mitigate risks.

Endpoint Security

Disk Encryption

All company-issued devices utilize disk encryption to protect sensitive data from unauthorized access.

MDM

Mobile Device Management (MDM) solutions are deployed to secure and manage mobile devices that access company resources.

Threat Detection

Advanced threat detection systems monitor our environment for anomalies and respond to potential threats in real-time.

Network Security

Real time security and events management

We employ Security Information and Event Management (SIEM) systems for real-time monitoring and alerting on network security events.

Zero Trust

Our network security strategy adopts a Zero Trust model, ensuring verification for every request regardless of the source.

Corporate Security

Email protection

Anti-phishing and spam filters are in place to protect against email threats.

Employee Training

Regular security awareness and training sessions are conducted to empower employees to recognize and respond to security threats.

Incident Response

A documented incident response plan outlines the steps for effectively managing and reporting security incidents.

Internal Assessments

Periodic internal assessments evaluate our security posture and compliance with policies.

User Account Protection

Multi-Factor Authentication (MFA) is mandated for all user accounts to enhance security.

Penetration Testing

Regular penetration testing is performed to identify and remediate vulnerabilities in our systems.

Security Grades

CryptCheck

https://cryptcheck.fr/https/security.revsure.ai

HSTS Preload List

https://hstspreload.org/?domain=security.revsure.ai

Qualys SSL Labs

https://www.ssllabs.com/ssltest/analyze.html?d=security.revsure.ai

Security Headers

https://securityheaders.com/?q=security.revsure.ai&followRedirects=on

Policy

VULNERABILITY SUMMARY

Report Title

Product/Website Concerned

CVSS(4.0) Score

None

CVSS:4.0/AC:L/AT:N/AV:N/PR:N/SA:N/SC:N/SI:N/UI:N/VA:N/VC:N/VI:N

Exploitability Metrics

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact

Confidentiality (VC)

Integrity (VI)

Availability (VA)

Subsequent System Impact

Confidentiality (SC)

Integrity (SI)

Availability (SA)

REPORTER INFORMATION

Your Name

Your Mail

Your PGP public key

TECHNICAL DETAILS

Endpoint

Vulnerable Part

Part Name

Payload

Technical Environment

Technical Details

Upload Files

I agree with

By submitting a report, security researcher warrants that the report and any attachments do not violate the intellectual property rights of any third party and the security researcher assigns free of charge to the receiving company who accepts all intellectual property rights.