Skip to main content
Skip table of contents

Cloud Security Statement

Last updated


Revyz cloud services (Revyz Cloud) are hosted and delivered by Amazon Web Services (AWS). Amazon is responsible for the security of its actual data centers and the AWS cloud. Revyz is responsible for monitoring, managing and securing the Revyz Cloud.


AWS manages the data centers that host the Revyz Cloud. For more information about security at those data centers, see here.

Revyz Cloud data is hosted in the United States.


Amazon Web Services manages the security of the cloud. AWS has been certified by third-party organizations, and manages many compliance programs to comply with laws and regulations. A list of such certifications and compliance statements can be found here.

AWS has a public SOC 3 report on Security, Availability & Confidentiality (pdf)

Revyz is certified as a Cloud Security Compliant vendor with Atlassian, see here. You can learn more about Atlassian’s Marketplace Apps Trust programs here.

People and Access

Within Revyz, only a few trusted members of our Cloud Team have access to the production environment for the purposes of maintaining our cloud services and assisting our customers. Additionally, we monitor all access to Revyz Cloud.

Customers are responsible for maintaining the security of their own login information.

Data Storage

In the Revyz Cloud, data at rest is encrypted following industry standards. Additionally, all communications with the Revyz Cloud are protected with HTTPS using TLS and within the Cloud with VPN network connections.

Data Retention

Revyz maintains customer data on a rolling basis for a period of six months while you are our customer. In case you leave our service, one month later your data is removed from our production database. 


Customer data is backed up three times per day, and is encrypted following industry standards. Backup lifetime is one month.

Disaster Recovery

Revyz’s Cloud team has a disaster recovery process in place and it is tested on a regular basis.

Security Incident Policy

Every care is taken by Revyz to protect customer data from incidents (either accidentally or deliberately) to avoid a data protection breach that could compromise security. For more information, please see our Security Incident Policy.

Bug Fix Policy

Bug Severity - Critical

SLA - Within 10 business days of being reported

Example - Direct access to application or database servers

Bug Severity - High

SLA - Within 3 weeks of being reported

Example - Leakage of sensitive data through bugs / exploits in the application

Bug Severity - Medium

SLA - Within 6 weeks of being reported

Example - Leakage of non-sensitive data

For more information, please see our Change Control & Release Management.



Revyz understands the importance of ensuring the privacy of your personally identifiable information and being legally compliant to privacy laws and regulations. For more information, please see our Privacy Policy.

Change Log

  1. 6/28/23 - Added missing link in certification section and more about Atlassian marketplace app's trust programs

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.