How Revvyn protects payment data and enforces governance.
| Layer | Method | Status |
|---|---|---|
| In transit | TLS 1.3 (HTTPS-only, HSTS) | ✓ |
| At rest | PostgreSQL TDE (Render managed encryption) | ✓ |
| API keys | SHA-256 hashed, raw never stored | ✓ |
| Webhooks | HMAC-SHA256 signed payloads | ✓ |
| Control | Implementation |
|---|---|
| API authentication | SHA-256 hashed API keys via X-API-Key header |
| Multi-tenancy | Tenant-scoped queries + PostgreSQL Row-Level Security |
| RBAC | 4 roles: admin, operator, auditor, readonly (12 permissions) |
| SSO | SAML/OIDC integration stubs (ready for enterprise IdP) |
| Rate limiting | Per-tenant via slowapi with X-RateLimit headers |
| IP allowlisting | Optional CIDR restriction per tenant |
| Control | SOC2 Mapping |
|---|---|
| Immutable audit trail | CC7.2, CC7.3 — PostgreSQL trigger prevents UPDATE/DELETE |
| 7-year retention | P4.2 — server_default retention_until |
| Auth event logging | CC7.2 — every key validation logged |
| Request tracing | CC7.2 — X-Request-ID on every response |
| Admin action audit | CC6.1 — policy changes, key rotations logged |
| Compliance reports | CC7.4 — JSON/CSV export for auditors |
Data sovereignty: All data stored in Frankfurt, Germany (EU). PostgreSQL 16 on Render.
GDPR: Audit data retained under legal obligation (Art. 6(1)(c)). Right to erasure does not apply to legally required retention (Art. 17(3)(b)).
Backup: Automated daily backups with point-in-time recovery. RTO <1 hour, RPO <5 minutes.
| Practice | Implementation |
|---|---|
| Input validation | Pydantic models on all API inputs |
| SQL injection | SQLAlchemy ORM (parameterized queries) |
| XSS | API-only (JSON responses), no server-rendered HTML |
| CSRF | API key auth (not cookie-based) |
| Dependency scanning | safety + Trivy in CI |
| SAST | bandit in CI (zero medium/high findings) |
| Secret scanning | gitleaks in CI |
Platform: Render (SOC2 Type II certified).
Docker: Multi-stage build, non-root user, no debug tools in production.
CI/CD: GitHub Actions — lint, security scan, test, Docker build + Trivy vulnerability scan.