Skip to content
Sub-processors

Every vendor that touches your data.

Revvye runs on a focused set of vendors. Each one touches a narrow slice of data. This list is the canonical record and matches the sub-processor section of our Privacy Policy.

Last updated: June 30, 2026

  • SupabaseActive

    Primary database, authentication, and file storage

    Account record, scan inputs and results, paid-unlock records, uploaded artifacts, and first-party product-usage events. US region by default.

    Vendor privacy policy →
  • StripeActive

    Payment processing for paid reports and services

    Customer records, payment methods, charges, and refund history. PCI compliance is handled by Stripe; we never receive full card data.

    Vendor privacy policy →
  • CloudflareActive

    Application hosting, DNS, edge CDN, and the scan-worker compute container

    Request metadata (IP, user agent, request path) used for delivery and protection. The scan worker runs public-page analysis in an isolated browser container.

    Vendor privacy policy →
  • Google Analytics 4 (Google LLC)Active

    Website analytics using Google Consent Mode v2

    Consent-state and cookieless measurement pings may be sent while analytics storage is denied. Analytics cookies and custom client events require acceptance.

    Vendor privacy policy →
  • BrevoActive

    Transactional email delivery

    Recipient email address and the message content needed to send each email (order confirmations, report delivery, account and alert emails).

    Vendor privacy policy →

No scan data is shared with third parties outside this list. Revvye does not use an external error-monitoring or product-analytics SDK; product-usage events are written to our own database.

If your website was scanned by a Revvye user and you would like to request the scan record or its deletion, contact privacy@revvye.com.