Security & Trust at Revmo

Enterprise-grade security for voice AI. SOC 2 Type II and PCI DSS certified.

SOC 2 Type II
PCI DSS
Request Compliance Documents

Security Overview

Revmo is built with security at every layer. Here's how we protect your data.

Infrastructure Security

  • Cloud-native architecture hosted entirely on AWS
  • Multi-AZ deployment for high availability
  • CloudFront CDN + AWS WAF traffic protection
  • ECS Fargate serverless containers — no OS-level attack surface
  • All data encrypted in transit (TLS 1.2+) and at rest (AWS KMS)
  • VPC isolation with private subnets for application and data tiers

Threat Detection & Monitoring

  • AWS GuardDuty for continuous threat detection
  • Amazon Inspector for vulnerability scanning of containers
  • AWS Security Hub for centralized security posture
  • AWS WAF for real-time web traffic filtering
  • Application-level monitoring and alerting
  • 24/7 automated alerting with defined escalation procedures

Access Controls

  • MFA mandatory for all production system access
  • SSO via corporate identity provider
  • VPN / AWS PrivateLink for network-level access
  • Just-in-time (JIT) access provisioning
  • Role-based access control (RBAC) with least privilege
  • All access logged and monitored

Vulnerability Management

  • Continuous automated vulnerability scanning (weekly)
  • Annual third-party penetration testing
  • Ongoing dependency monitoring (Dependabot/Snyk)
  • Remediation SLAs: Critical 24–48h, High 7 days

Business Continuity & DR

  • Multi-AZ failover: RTO < 2 min, RPO 0
  • Cross-region warm failover: RTO < 4h, RPO < 1h
  • Twilio geographic redundancy for telephony
  • DR tested annually (full drill) and quarterly (component)
  • Daily database snapshots, 35-day retention, point-in-time recovery
  • S3 versioning with cross-region replication

Data Privacy

We take data privacy seriously. Here's how Revmo handles and protects your information.

Data Processing

Revmo processes call audio and associated metadata on behalf of its customers. All sensitive data (PCI data, PII) is transmitted via POST requests only — never in URL parameters or logs.

Data Retention

Data retention policies are aligned with customer contracts and regulatory requirements. Data subject rights (access, deletion, correction) are supported per applicable privacy laws.

Data Residency

No customer data is stored at Revmo office locations. All data resides in AWS infrastructure within US-based data centers.

Call Recording Security

Call recordings are encrypted at rest and in transit. PCI cardholder data is handled in full compliance with PCI DSS requirements.

Healthcare Support

Revmo supports PHI handling capabilities for healthcare customers with appropriate controls and safeguards.

Tenant Isolation

Multi-tenant architecture with logical tenant isolation ensures complete data segregation between customers.

View full Privacy Policy →

Subprocessors

Third-party vendors that may access or process customer data on Revmo's behalf.

Subprocessor Purpose Data Processed Compliance
  • All subprocessors are bound by data processing agreements
  • All maintain SOC 2 certification (or equivalent)
  • Subprocessor list reviewed annually
  • Customers will be notified of material changes to subprocessors

Compliance Documents

Access our compliance documentation by agreeing to our mutual NDA. Documents are available for immediate download.

Frequently Asked Questions

Contact & Resources

Security Inquiries

For security-related questions, compliance document requests, or vulnerability disclosures:

security@revmo.ai

Responsible Disclosure

If you've discovered a security vulnerability, please report it responsibly. We appreciate your help in keeping Revmo secure.

Report a Vulnerability

System Status

Check the current operational status of Revmo's platform and services.

View Status Page