Security


When you log in to Revela, we confirm your browser is running TLS 1.2 or higher, which secures the communication from your browser to Revela. Our data resides on servers that are protected both physically and electronically. Our platform edge is equipped with strong cipher suites controlled by Transport Layer Security (TLS). We offer two-factor authentication, an optional feature that helps safeguard your account at login. Our platform follows a responsible disclosure process to support and manage concerns reported by the community.

Our applications are hosted with Heroku, whose physical infrastructure is hosted and managed within Amazon’s secure data centers and utilize the Amazon Web Service (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:

  • ISO 27001
  • SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
  • PCI Level 1
  • FISMA Moderate
  • Sarbanes-Oxley (SOX)
For more information, visit the Heroku Security page.

We also employ the following security requirements and practices:

  • Salted password storage with BCrypt cost 11
  • Password choice requirements
  • Stripping sensitive information from application logs
  • OWASP Top 10 Protection

We also use various static security analysis tools such as Brakeman to prevent common vulnerabilities from being deployed.