Data Security
Infrastructure
Revenew’s infrastructure is hosted in Microsoft Azure. We use virtual networks to segregate and manage access between components of our ecosystem and the public internet. Where managed infrastructure is used, we exclusively use private endpoints. Internal access control is governed entirely by Microsoft Entra (previously known as Active Directory). External access control for customer facing applications is managed using Auth0. External access through the public internet is via a central reverse-proxy, and is protected with HTTPS.
Customer data is stored in a multi-tenant environment and is encrypted in transit and at rest. We use separate environments for development and production, each sitting in their own private VNet. The internal private VNets are accessed via VPN when needed. VPN access control is also governed entirely by Microsoft Entra.
Data Retention
In order to offer historical insights about our customers' payments, payments and connected account data is retained for the lifetime of the customer account. Raw data received in the form of webhooks from PSPs is purged automatically after seven days.
Access to Stripe
Access to our customers’ Stripe data is achieved via the Revenew Stripe App through which a Stripe account holder must explicitly grant us access to a granular set of predominantly read-only permissions we require in order for our products to function as intended.
As a result of this connection, we receive Stripe webhooks on behalf of your account which is the primary mechanism for us receiving, processing and surfacing payment activity within our products.
Due to some limitations in the Stripe App Ecosystem, in the future, we may require an API Key integration to access certain Stripe resources on behalf of our customers. This will be opt-in with a finite set of permissions configured on the API Key.
Stripe App Permissions
The purpose of the permissions required by the Stripe App are as follows:
| Permission | Description |
|---|---|
| User Emails | This is the email address of the Stripe user rather than your customer (e.g. you) and it provides us with a way to validate the email you use for Stripe against the one you register in Revenew. |
| Accounts | This permission allows us to expand the account object on a payment. It’s essentially the only way we can tell you who the connected accounts are on a payment. We only use this to get the business name and type of the account. |
| Report Runs | In order to ingest your IC++ fees we need to run transaction level reports on your behalf via Stripe Reports API. |
| Files | The way the reporting API works is that it dumps the data to a location at Stripe which is then available via their Files API. To process IC++ fees we need access to both the Reports and Files API. |
| External Access | Lists the webhook URLs we use to consume real-time payment data from Stripe. It’s the main mechanism for how we populate our web app. |
Personal Identifiable Information (PII)
We take every measure to avoid processing or storing information that is not required to provide our services to our customers.
Currently we handle PII of direct users of Revenew services only (our customers).
We do not store or process information of payment users (the customers of our customers) though as a result of Stripe’s API resource model, this is accessible.
To give platforms insights into their Connected Accounts we process the Account object attached to a payment in order to retrieve the Account Name. Depending on the type of Stripe Connect user, this may contain PII.
As per Stripe’s recommendation, PII should not be stored in arbitrary fields (description or metadata) as these will not be treated as PII by Stripe or Revenew.
Certifications
We are currently evaluating the SOC-2 certification process. If this is a requirement of your security team in order for you to use Revenew please contact support or speak to your account executive.