CapabilitiesPricing
Talk to us

Security Measures

Last Updated: May 18, 2026

Annex I — Details of Processing

A. List of Parties

Data Exporter (Controller): The Customer identified in the Terms.

Data Importer (Processor): Rever Inc., a Delaware corporation. Contact: support@rever.ai.

B. Description of Processing

Subject matter: Provision of the cloud-hosted Rever Service to Customer.

Duration: The Subscription Term, plus any post-termination retention period described in Section 10.

Nature and purpose: Processing Personal Data as necessary to provide, maintain, and support the Service, including project management, knowledge management, AI-powered features, storage, search, analytics, and customer support.

Categories of Data Subjects: Customer's Authorized Users, employees, contractors, and other individuals whose Personal Data is submitted to the Service.

Types of Personal Data: Names, email addresses, profile information, IP addresses, user-generated content (issues, comments, pages, attachments), and other Personal Data submitted by Customer or Authorized Users.

Sensitive data (if applicable): None, unless Customer has executed a separate written agreement (such as a BAA) that expressly permits the processing of sensitive data.

C. Competent Supervisory Authority

The competent supervisory authority will be determined in accordance with Clause 13 of the SCCs.

Annex II — Technical and Organizational Security Measures

Rever implements the following categories of security measures, as described in detail at rever.ai/security:

Encryption. Personal Data is encrypted in transit using TLS/SSL and encrypted at rest using industry-standard encryption.

Access controls. Role-based access controls limit access to Personal Data to authorized personnel. Multi-factor authentication is enforced for administrative access.

Infrastructure security. The Service is hosted on Amazon Web Services (AWS). Rever leverages AWS security features including network isolation, firewalls, and intrusion detection.

Application security. Regular vulnerability assessments and penetration testing. Secure software development practices. Dependency monitoring and patching.

Organizational measures. Employee background checks (where permitted by law). Security awareness training. Confidentiality agreements. Incident response procedures.

Business continuity. Regular data backups. Disaster recovery procedures. Monitoring and alerting.

Vendor management. Sub-processor due diligence and contractual safeguards. Ongoing monitoring of Sub-processor security posture.