R
    RevenuePage

    Security

    How RevenuePage protects your data with encryption, secure authentication, and privacy-first practices.

    API Key Encryption

    Your payment processor API keys are encrypted at rest using industry-standard AES-256-GCM encryption. Once encrypted, keys cannot be decrypted by anyone—including us. Keys are only used server-side by automated sync processes and are never exposed to the client.

    Data Processing

    We request read-only restricted API keys from payment providers like Stripe. Our background jobs pull subscription and invoice data server-side to compute MRR and revenue metrics. We never store customer PII or sensitive financial information—only aggregated revenue metrics needed for your public or private revenue page.

    Secure Authentication

    RevenuePage uses passwordless magic link authentication via Supabase Auth. No passwords means no password breaches. Session tokens are stored securely and expire automatically. You can revoke access anytime from your dashboard.

    Data Storage

    All data is stored in SOC 2 compliant Supabase infrastructure with automated backups and redundancy. Database access is restricted via Row Level Security (RLS) policies ensuring users can only access their own data. All connections are encrypted via SSL/TLS.

    Privacy Controls

    You control what data is public. Revenue pages can be private, public, or password-protected. You can remove your page from the startup directory anytime. API keys can be regenerated or deleted instantly from your dashboard with zero downtime.

    Reporting Vulnerabilities

    If you discover a security vulnerability, please report it immediately to hello@revenuepage.com. We take all security reports seriously and respond within 24 hours.