Your data is secure.

Reversion processes sensitive commercial real estate documents. We take the security of your data seriously. Here is how we protect it.

Encryption

  • All data is encrypted in transit using TLS 1.2+
  • All data is encrypted at rest in our database and file storage
  • Passwords are hashed using Argon2, a memory-hard algorithm resistant to GPU attacks

Access Control

  • Authentication uses secure JWT tokens delivered via httpOnly, Secure cookies
  • All document and data access is scoped to your organization — other users cannot see your files
  • There are no public URLs to your documents. Every API request requires authentication
  • Admin access is restricted to designated administrators only

AI and Your Documents

Your documents are processed through two AI services:

  • Reducto converts your PDFs and spreadsheets into structured text for analysis
  • Anthropic's Claude extracts lease terms, rent schedules, and expense data from the structured text

Your documents are not stored by these AI providers beyond the duration of each API call. Anthropic's API usage policy explicitly states that API inputs and outputs are not used to train their models. Document content is sent for extraction only and is not retained, logged, or used for any other purpose by the AI provider.

Employee Access

No Reversion employee accesses your documents without your explicit permission. All file access is logged with user ID and timestamp for audit purposes. Production database access is restricted and monitored.

Infrastructure

  • Hosted on Railway, a SOC 2 Type II certified infrastructure provider
  • PostgreSQL database with encrypted connections and automated backups
  • Redis for job queue and session management, not for document storage
  • All services deployed in isolated containers with no shared tenancy

Data Deletion

You can delete individual documents, deals, or your entire account at any time. Upon account deletion, all your data — documents, reports, assumptions, and account information — is permanently deleted within 30 days. You may also request immediate deletion by contacting us.

Compliance Roadmap

SOC 2 Type II certification is on our post-launch roadmap. We are building Reversion with SOC 2 controls in mind from day one — including access logging, encryption standards, and organizational data isolation.

Questions?

If you have questions about how we handle your data, contact us at hello@getreversion.com.