Security fortified

We're dedicated to safeguarding your business's data and operations, ensuring you can focus on what matters most— your growth and success . Rest assured that revenulab prioritises your security every step of the way.

Security at revenu Lab

At revenulab, we take the security of your data and information seriously. Our commitment is to provide a robust and safe environment for your business operations. Here's how we ensure your data and interactions with our platform are secure.

Data encryption

We employ state-of-the-art encryption to protect your data both in transit and at rest. This means that when data is transferred between you and our platform or stored on our servers, it's always shielded from prying eyes.

Access control

Your data's integrity is upheld through rigorous access control measures. We use role-based access control (RBAC) to grant permissions, ensuring that only authorised users can access specific features and data.

Multi-factor authentication (MFA)

We prioritise your security by implementing strong multi-factor authentication methods. This extra layer of protection goes beyond passwords, adding an additional barrier against unauthorised access.

Regular security audits

We conduct frequent security audits and penetration tests to identify and address vulnerabilities. By proactively seeking potential risks, we bolster our platform's defences.

Timely updates

We keep our systems up-to-date with the latest security patches and updates. This proactive approach safeguards against known security threats.

Secure backups

Your data's continuity is crucial. We maintain regular and secure backups to ensure your information can be restored in case of unforeseen data loss or security incidents.

Continuous monitoring

Our vigilant monitoring system keeps an eye out for any unusual activities. We're equipped to respond promptly to security breaches and incidents through our well-defined incident response plan.

Compliance

We adhere to industry-specific and regional data protection regulations. This commitment ensures we meet legal requirements related to data privacy and security, providing you with peace of mind.

User education

Your security is a collaborative effort. We provide resources and guidance to educate our users on best security practices. These include maintaining strong passwords and recognising potential phishing attempts.

Security and Compliance Overview


At Revenu Lab, our mission is to help businesses exceed their success benchmarks. We focus on enhancing automation, improving communication, and increasing scalability in a user-friendly manner, continuously providing future-focused updates that reflect these priorities.

Since our inception, Revenu Lab has experienced strong growth, making a substantial impact on the tech community and the SaaS industry. We measure our success by the successes of our customers and strive to optimise our offerings to meet their evolving needs.

Our AI-powered, all-in-one sales, marketing, and customer relationship management (CRM) platform offers numerous features essential to businesses. This comprehensive software solution empowers our customers to set ambitious sales goals and achieve them, all while receiving expert support from our team. We also offer the flexibility for customers to rebrand our platform as their own, providing everything needed to scale their businesses and exceed expectations.

Security and Risk Focus

Revenu Lab’s primary focus is the security of our customers’ data. We have invested in the appropriate controls to protect and service our customers, including dedicated corporate, product, and infrastructure security programs. Our Legal Team, in collaboration with other departments, oversees the implementation of these programs.

Our Security and Compliance Objectives

We have developed our security framework using best practices for the SaaS industry. Our key objectives include:

Customer Trust and Protection

Deliver superior products and services while protecting the privacy and confidentiality of data.


Availability and Continuity of Service

Ensure service availability and minimise risks to service continuity.


Information and Service Integrity

Ensure that customer information is never corrupted or altered inappropriately.


Compliance with Standards

Strive to comply with or exceed industry standard best practices.

Security Controls

To protect the data entrusted to us, Revenu Lab utilises layers of administrative, technical, and physical security controls throughout our organisation. The following sections detail some of our key security measures.

Infrastructure Security

Cloud Hosting Providers

Revenu Lab does not host any product systems or data within physical offices. We utilise leading cloud infrastructure providers, such as Google Cloud Platform Services and Amazon Web Services, for our product infrastructure, which is located in the United States. We rely on Google’s and AWS’s audited security and compliance programs to ensure the efficacy of their physical, environmental, and infrastructure security controls.

Google guarantees a monthly uptime percentage of at least 99.5%. More information about Google’s controls, processes, and compliance measures can be found on their publicly available Compliance Resource Center.

AWS offers service reliability between 99.95% and 100%, ensuring redundancy in all power, network, and HVAC services. The business continuity and disaster recovery plans for AWS services have been independently validated as part of their SOC 2 Type 2 report and ISO 27001 certification. AWS compliance documentation and audit reports are publicly available at the AWS Cloud Compliance Page and the AWS Artifacts Portal.

Network and Perimeter Security

Revenu Lab’s product infrastructure employs multiple layers of filtering and inspection on all connections across our web application, logical firewalls, and security groups. Network-level access control lists prevent unauthorised access to our internal infrastructure and resources. Firewalls are configured by default to deny network connections that are not explicitly authorised. Changes to our network and perimeter systems are controlled by standard change control processes, and firewall rulesets are periodically reviewed to ensure only necessary connections are configured.

Configuration Management

Automation is key to Revenu Lab’s ability to scale with customer needs, and rigorous configuration management is embedded in our infrastructure processes. Our highly automated environment expands capacity as needed, with all server configurations embedded in images and configuration files used when provisioning new containers. Each container includes its own hardened configuration, and changes are managed through a controlled change pipeline.


Server instances are tightly controlled from provisioning through deprovisioning, ensuring deviations from configuration baselines are detected and corrected promptly. If a production server deviates from the baseline configuration, it is reverted to the baseline within 30 minutes. Patch management is handled using automated tools or by removing non-compliant server instances.

Logging

Actions and events within the Revenu Lab application are consistently and comprehensively logged. These logs are indexed and stored in a central logging solution hosted in Revenu Lab’s cloud environment. Security-relevant logs are also retained and indexed to facilitate investigation and response activities. The retention period of logs varies based on the nature of the data logged. Write access to the storage service where logs are stored is tightly controlled and limited to a select group of engineers.

Alerting and Monitoring

Revenu Lab invests in automated monitoring, alerting, and response capabilities to continuously address potential issues. Our infrastructure is instrumented to alert engineers and administrators when anomalies occur, such as error rates, abuse scenarios, application attacks, and other irregularities. Automatic responses or alerts are triggered to the appropriate teams for investigation and correction. For example, traffic throttling and process termination are triggered at predefined thresholds.

Application Security

Web Application Defences

Customer content hosted on our platform is protected by firewalls and application security. Monitoring tools actively oversee the application layer, alerting on malicious behaviour based on behaviour type and session rate. Rules used to detect and block malicious traffic align with best practice guidelines documented by the Open Web Application Security Project (OWASP), specifically the OWASP Top 10. Protections against Distributed Denial of Service (DDoS) attacks are also incorporated to ensure continuous availability of customer websites and other parts of the Revenu Lab products.

Development and Release Management

Revenu Lab optimises our products through a modern continuous delivery approach to software development. New code is regularly deployed following thorough code reviews, testing, and merge approvals. Static code analysis is routinely performed against code repositories to block known misconfigurations. Approved code is automatically submitted to Revenu Lab’s continuous integration environment for compilation, packaging, and unit testing.


Dynamic testing for security vulnerabilities is periodically conducted against our applications. Newly developed code is first deployed to a dedicated QA environment for final testing before being promoted to production. Network-level and project-level segmentation prevents unauthorised access between QA and production environments. Code deployments are automated and can be reverted in case of failures. The deploying team manages notifications regarding application health, and rollback processes are engaged immediately if necessary. We use extensive software gating and traffic management to control features based on customer preferences (private beta, public beta, full launch).


Revenu Lab features seamless updates and, as a SaaS application, there is no downtime associated with releases. Major feature changes are communicated through in-app messages and product update posts.

Vulnerability Management

Revenu Lab employs a multi-layered approach to vulnerability management, utilising a variety of industry-recognised tools and threat feeds to ensure comprehensive coverage of our technology stack. Vulnerability scans are configured to regularly identify vulnerabilities, using adaptive scanning inclusion lists for asset discovery and the latest detection signatures. Annual penetration tests are conducted against our applications and infrastructures to identify potential security risks. Relevant findings are assessed, and mitigations are prioritised accordingly.

Customer Data Protection

Data Classification

Per Revenu Lab’s Terms of Service, our customers are responsible for ensuring they capture appropriate information to support their marketing, sales, services, content management, and operations processes. The Revenu Lab products should not be used to collect or store sensitive information, such as credit or debit card numbers, financial account information, Social Security numbers, passport numbers, financial or health information, except as otherwise permitted.

Tenant Separation

Revenu Lab provides a multi-tenant SaaS solution where customer data is logically separated using unique IDs to associate data and objects to specific customers. Authorisation rules are incorporated into the design architecture and continuously validated. We also log application authentication and associated changes, application availability, and user access and changes.

Encryption

All data is encrypted in transit using TLS version 1.2 or 1.3 with 2,048 bit keys or better. Transport Layer Security (TLS) is also a default for customers hosting their websites on the Revenu Lab platform. Revenu Lab uses several technologies to ensure stored data is encrypted at rest, including AES-256 encryption for platform data. User passwords are hashed following industry best practices and encrypted at rest.

Key Management

Encryption keys for both in-transit and at-rest encryption are securely managed by the Revenu Lab platform. TLS private keys for in-transit encryption are managed through our content delivery partner. Volume and field-level encryption keys for at-rest encryption are stored in a hardened Key Management System (KMS). Keys are rotated at varying frequencies, depending on the sensitivity of the data they govern. TLS certificates are generally renewed annually. Revenu Lab currently does not support customer-supplied encryption keys.

Data Backup and Disaster Recovery

System Reliability and Recovery

Revenu Lab is committed to minimising system downtime. All Revenu Lab product services are built with redundancy. Server infrastructure is strategically distributed across multiple distinct availability zones and virtual private cloud networks within our infrastructure providers, ensuring point-in-time recovery for all web, application, and database components.

Backup Strategy

Systems are backed up regularly according to established schedules. Seven days’ worth of backups are maintained for any database to ensure easy restoration. Backups are monitored for successful execution, and alerts are generated in the event of exceptions. Failure alerts are escalated, investigated, and resolved. Data is backed up daily to the local region, with monitoring and alerting in place for replication failures.

Physical Backup Storage

As we leverage public cloud services for hosting, backup, and recovery, Revenu Lab does not implement physical infrastructure or physical storage media within its products. We do not produce or use hard copy media (e.g., paper, tape) for making our products available to customers.

Backup Protections

All backups are protected through access control restrictions and write once read many (WORM) protections on Revenu Lab product infrastructure networks, with access control lists on the file systems storing the backup files.

Customer Data Backup Restoration

Revenu Lab customers do not have direct access to the product infrastructure to trigger a failover event. Disaster recovery and resiliency operations are managed by Revenu Lab’s product engineering teams. In some cases, customers can use the recycle bin to directly recover and restore contacts, opportunities, custom fields, custom values, tags, notes, and tasks up to 30 days after deletion. Changes to web pages, blog posts, or emails can be restored to previous versions using version history. For additional data backup, the Revenu Lab platform offers export options and a library of public APIs for synchronising data with other systems.

Data Backup and Disaster Recovery

Product User Management

Revenu Lab products allow for granular authorisation rules. Customers can create and manage users in their portals, assign appropriate privileges, and limit access as needed.

Product Login Protections

Users can log into their Revenu Lab accounts using the native Revenu Lab login, which enforces a uniform password policy requiring a minimum of 8 characters, including upper and lower case letters, special characters, and numbers. Customers using the built-in login are protected by two-factor authentication (2FA). Portal administrators can require all users to enable 2FA.

Revenu Lab Employee Access to Customer Data

Access to Production Infrastructure

Access to internal data stores and production infrastructure is strictly controlled using a role-based access control (RBAC) model. Day-to-day access is limited to engineering team members, with persistent administrative access restricted. Engineers must authenticate through a bastion host or “jump box” or have an assigned IAM role before accessing server environments.

Access to Customer Portals

By default, customer support, services, and other engagement staff can obtain limited access to parts of a customer’s Revenu Lab account to provide assistance. Access is granted through a Just-in-Time Access (JITA) model, where each request is logged and limited to a specific customer’s portal for a maximum of 24 hours. High-risk actions, such as changing domain settings or exporting users, are restricted.


User logins, Revenu Lab employee access, security activities, and content activities are logged.

Organisational and Corporate Security

Vendor Management

Revenu Lab leverages third-party service providers to support product development and internal operations, ensuring appropriate security and privacy controls through contractual agreements. A list of subprocessors is maintained within our Data Processing Agreement.

Compliance

Sensitive Data Processing and Storing

As outlined in our Terms of Service and Privacy Policy, Revenu Lab does not store, process, or collect credit card information submitted by customers. Payment transactions are handled by PCI-compliant payment processors.

Privacy

Revenu Lab does not sell personal data to third parties. Our security measures are designed to ensure data privacy and integrity. More information is available in our Privacy Policy.

Data Retention and Data Deletion

Customer data is retained as long as the customer remains active. Written requests for data deletion are fulfilled in accordance with privacy rules and regulations. Certain data, such as logs, may be retained for security, compliance, or statutory purposes. Custom data retention policies are not currently offered.

Privacy Program Management

Revenu Lab’s Legal Team collaborates with engineering and product development teams to implement an effective privacy program, detailed in our Privacy Policy and Data Processing Agreement.

Breach Response

Revenu Lab will notify customers as required by law if a data breach impacting personal data occurs.

GDPR

Revenu Lab provides features to help customers achieve and maintain GDPR compliance. While using the Revenu Lab product aids in GDPR compliance, it does not guarantee full compliance.

Document Scope and Use

This document is intended as a resource for our customers. It does not create binding or contractual obligations between Revenu Lab and any parties, nor does it amend any existing agreements. Revenu Lab continuously improves its protections, so procedures may change.

Contact Us

Questions about this document? We want to hear from you! Reach us at [email protected]

Grow with AI-Driven Marketing and Sales Automation. Scale your brand’s voice with personalised, efficient communication.

Socials

Copyright 2024. All Right are Reserved. revenulab