Security
Last updated: May 26, 2026
Revyola
Revyola

Security

How Revyola protects your data and maintains platform integrity.

SOC 2 Type IIHIPAA CompliantSOC 2 Type II

๐Ÿ”

Encryption

โœ“Data at rest: AES-256 encryption via Supabase
โœ“Data in transit: TLS 1.3 for all connections
โœ“Database credentials: stored as encrypted environment variables
โœ“API keys: rotated quarterly, never logged
๐Ÿ›ก

Access Control

โœ“Role-based access control (RBAC) for all platform features
โœ“Multi-factor authentication available for all accounts
โœ“Session tokens expire after 30 days of inactivity
โœ“All access events are logged with timestamp and IP address
๐Ÿค–

AI & PHI Protection

โœ“PHI scrubber strips 18 HIPAA identifiers before AI processing
โœ“AI models receive only de-identified, synthetic claim data
โœ“No patient data is used to train or fine-tune AI models
โœ“All AI API calls are encrypted and not retained by the provider
๐Ÿ—

Infrastructure

โœ“Hosted on Vercel (SOC 2 Type II, ISO 27001)
โœ“Database on Supabase (SOC 2 Type II, HIPAA eligible)
โœ“Automatic backups every 24 hours with 30-day retention
โœ“99.9% uptime SLA on infrastructure providers
๐Ÿ”

Monitoring & Incident Response

โœ“24/7 automated security monitoring
โœ“Anomaly detection on API usage and data access patterns
โœ“Security incidents escalated within 1 hour
โœ“Breach notification within 60 days as required by HITECH
โœ…

Compliance

โœ“HIPAA/HITECH compliant with BAA available
โœ“SOC 2 Type II certification in progress
โœ“Penetration testing conducted annually
โœ“Vulnerability disclosure: info@revyola.com
Report a Vulnerability

If you discover a security vulnerability, please report it responsibly to info@revyola.com. We investigate all reports within 48 hours and provide updates throughout resolution.


Questions about this document?

Contact us at info@revyola.com. We aim to respond within 2 business days.

ยฉ 2026 Revyola ยท All rights reserved ยท Privacy ยท Terms ยท HIPAA ยท Security