Security & compliance

Your guests trust you. You can trust us.

Venues run their whole operation — customers, waivers, payments — through Revyn Engine. We treat that responsibility as a core feature, not a checkbox.

Encryption everywhere

All traffic is encrypted in transit with TLS 1.2+, and all data — bookings, waivers, customer records — is encrypted at rest on Cloudflare’s infrastructure.

Strong authentication

Magic-link login, multi-factor authentication, and role-based access control so staff only see what their job requires.

Tenant isolation

Every query is scoped to your venue. Multi-location organizations choose unified access or strict isolation — enforced by policy at the API layer, not convention.

Audit logging

Administrative and security-relevant actions are logged with actor, action and timestamp, giving you an answer to “who changed this?”

Modern edge infrastructure

Revyn Engine runs on Cloudflare’s global network — DDoS protection, isolated execution and no servers of ours to patch or lose.

Framework alignment

Our controls are aligned to the CSA Cloud Controls Matrix (CCM) v4, with documented policies for data retention, incident response and vendor management.

Privacy, by design

  • GDPR & CCPA data-rights support: access, export and deletion requests honored for you and your guests
  • Consent management built into booking and marketing flows, with region-aware consent banners
  • Documented data map and retention schedules — data is kept only as long as it’s needed
  • Waivers and minor data handled with dedicated, purpose-limited flows
  • Payment card data never touches our systems — it goes directly to Stripe (PCI DSS Level 1)

Read the full Privacy Policy and Terms of Service.

Found a vulnerability?

We welcome responsible disclosure. Report security issues to security@revynengine.com and we'll respond promptly.

Enterprise customers: security questionnaires, DPAs and control documentation are available on request.

Request security documentation