Skip to content
RevivalOps Book Audit Call
Security

Security overview

Last updated: February 2026. For procurement and security reviewers.

Access model

Access to customer data is limited to the operator and any named subcontractor under the DPA, only to deliver the engagement. No shared generic accounts. Access is removed when it is no longer needed.

Data handling

  • Scope: We process only what you provide for the audit (CRM exports, contact lists) and what is needed to deliver the pack (Scorecard, Top‑50, Message Kit, Booking Kit).
  • Location: Processing and storage follow our subprocessors’ locations. We prefer EU where the service supports it. See Subprocessors.
  • No resale or marketing use: Your data is used only for your engagement. We do not sell it or use it for our own marketing.

Data transfer: use your approved sharing method (for example your own Drive link with access controls and expiry). If you send an encrypted archive, share the password out-of-band. We do not require you to adopt a new tool to start the audit.

Retention

Default windows (unless your DPA says otherwise): raw CRM exports are deleted or returned within 30 days after pack delivery; pack artifacts retained up to 90 days for support, then deleted. Earlier deletion available on request. Details: Privacy — Data retention.

Subprocessors

Third-party services we use to deliver our services (hosting, scheduling, invoicing, and business email) are listed with purpose and location on our Subprocessors page. We keep the list updated and will notify you of material changes where the DPA requires it.

Incident communication

If we become aware of a personal data breach that affects your data, we will notify you without undue delay and provide information required under applicable law (e.g. GDPR Art. 33/34). Contact for security or privacy incidents: hello@revivalops.com.

Encryption

Data in transit is protected with TLS (HTTPS). Data at rest is handled by our subprocessors; we use providers that encrypt storage (e.g. Vercel, Stripe, Cal.com, Microsoft 365). We do not claim “military-grade” or unspecified encryption. If you need a specific posture for procurement, ask and we will state what we use.

Audits and certifications

We do not currently hold third-party security certifications (e.g. ISO 27001, SOC 2). We can provide evidence of the controls described on this page on request for procurement (e.g. access model, subprocessor list, DPA, incident process).

Operator and contact

RevivalOps (operated by MN Ventures — Sweden). For security or procurement questions: hello@revivalops.com.