Security at Rev AI
Our compliance standards
Rev is committed to safeguarding our customers' data. To demonstrate this commitment, Rev maintains compliance with a number of both internationally-recognized and industry-specific security and privacy standards.
Our compliance certifications and standards
SOC 2 Type II
Rev engages an independent, third-party auditor to perform an annual SOC2 Type II Attestation.
Rev's SOC2 Type II report includes details on the internal controls at Rev designed to protect the security and maintain the availability of our customer's data.
Rev's SOC2 Type II announcement can be found here.
GDPR
Rev's services were built with privacy in mind, designed to make it easy for customers to comply with privacy obligations like the EU General Data Protection Regulation (GDPR).
More information on how Rev complies with privacy regulations can be found in our
Privacy Policy.
HIPAA
Rev AI's Automatic Speech Recognition (ASR) and associated API enable covered entities and business associates to utilize Rev AI services in a manner that complies with the Health Insurance Portability and Accountability Act (HIPAA).
PCI
Rev maintains Payment Card Industry (PCI) compliance as a merchant for payment processing.
All credit card payments are facilitated through a third party payment processor.
Rev does not store credit card details, only an independent ID associated with the account handled by the payment processor.
Download Rev's Information Security & Privacy Program Overview
Download PDF
We set our security bar high
Storage & Transmission
All customer data is encrypted both in transit and at rest.
Data stored on Rev's platform, as well as communication between Rev servers and our customers,
is encrypted via industry best-practice standards (like TLS).
TLS is also supported for encryption of emails.
Backup & Recovery
Rev backs up critical system data multiple times per day to prevent data loss or corruption.
All Rev and customer data is hosted at Tier IV or III+, SSAE-18, PCI DSS, and/or ISO 27001 compliant facilities.
Availability & Access
Rev maintains redundant infrastructure in the United States in case of emergency, with a goal of 99% uptime.
All customer data is accessible to staff only to the extent necessary to perform the required work.
Our Security Team is on call 24/7 to respond to security alerts and incidents.
Privacy
Employees
Rev employees are trained and restricted to handle only the data required to perform their job.
Employees are trained on the proper use of our systems and best practices for security & privacy.
All employees undergo background checks and have signed confidentiality agreements.
Transcriptionists & Captioners
Revvers (our transcriptionists, captioners, etc.), who complete Rev AI Human Transcription Jobs,
are vetted through a rigorous screening process, including identity verification, and receive training.
All Revvers have signed confidentiality agreements.
While actively working on a file, Revvers are required to use our secure and proprietary tools, only accessible through a web-based portal.
Third Party Marketers
We do not share or sell information we collect to third party marketers.
Within Your Team
Rev is built to work for collaborative and disparate teams.
With multi-user accounts, admins can choose to restrict access with intuitive sharing controls.
Policies
Retention & Disposal
Customers may purge media and transcription data from Rev systems via the Rev Platform or by written request.
For large companies with recurring needs, we also support periodic purging of data on a customer-specified schedule.
Learn how to configure here.
Cookies
Cookies are used to identify users with session data using an unidentifiable string that can be interpreted by the Rev system.
Explicit personal information, such as an email address or name, does not exist in the cookie.