Every vendor that touches your data.
Revvye runs on a focused set of vendors. Each one touches a narrow slice of data. This list is the canonical record and matches the sub-processor section of our Privacy Policy.
Last updated: June 30, 2026
- SupabaseActive
Primary database, authentication, and file storage
Account record, scan inputs and results, paid-unlock records, uploaded artifacts, and first-party product-usage events. US region by default.
Vendor privacy policy → - StripeActive
Payment processing for paid reports and services
Customer records, payment methods, charges, and refund history. PCI compliance is handled by Stripe; we never receive full card data.
Vendor privacy policy → - CloudflareActive
Application hosting, DNS, edge CDN, and the scan-worker compute container
Request metadata (IP, user agent, request path) used for delivery and protection. The scan worker runs public-page analysis in an isolated browser container.
Vendor privacy policy → - Google Analytics 4 (Google LLC)Active
Website analytics using Google Consent Mode v2
Consent-state and cookieless measurement pings may be sent while analytics storage is denied. Analytics cookies and custom client events require acceptance.
Vendor privacy policy → - BrevoActive
Transactional email delivery
Recipient email address and the message content needed to send each email (order confirmations, report delivery, account and alert emails).
Vendor privacy policy →
No scan data is shared with third parties outside this list. Revvye does not use an external error-monitoring or product-analytics SDK; product-usage events are written to our own database.
If your website was scanned by a Revvye user and you would like to request the scan record or its deletion, contact privacy@revvye.com.