Trust & Security

RevokeTrail is designed for operations teams managing keys, cards, badges, remotes, and access-code references. This page describes the product's current security and privacy posture.

Security and privacy posture

RevokeTrail is designed around a simple principle: reduce exposure by keeping the most sensitive access details out of the system and keeping operational responsibility traceable.

No real access secrets stored

RevokeTrail does not store actual door codes, PINs, alarm codes, lockbox codes, gate codes, or digital credential secrets. Code-type assets are tracked as references only.

Anonymous labels and QR codes

Labels and QR codes are intended for internal asset identification. Labels must not expose customer name, customer address, site address, driver/worker name, partner name, or access code. QR/barcode values identify the asset internally only.

Tenant isolation

RevokeTrail is built as a multi-tenant SaaS product. Tenant data is scoped so each company works with its own operational records.

Role-based access and audited workflows

Access to operational areas is controlled by roles. Assignment, transfer, return, incident, label print, report export, and role-change activity are intended to be captured in audit history where supported by the product.

B2C / residential privacy handling

B2C/residential customers receive stricter privacy handling in the product design. Residential/customer-identifying information should not appear on labels. B2C address visibility/export behavior is restricted according to product rules.

Data export and anonymization support

RevokeTrail supports operational data export and customer anonymization/deletion workflows as product capabilities.

Subprocessors

See the current draft inventory of service providers and categories on the subprocessors page.

Incident contact

For security or privacy concerns, reach the RevokeTrail support team:

help at revoketrail dot com

Disclaimer

RevokeTrail does not currently claim SOC 2 certification, ISO 27001 certification, GDPR certification, EU data residency, DPA availability, penetration testing completion, MFA support, encryption guarantees, backup guarantees, or any legal-compliance guarantee. This page describes current product design posture only and is not legal advice.

Operating company

RevokeTrail is operated by Baltic Vendor Management OÜ, an Estonian private limited company (registry code 14157774, VAT EE102226148, D-U-N-S 521910092), based in Estonia, European Union. Learn more about RevokeTrail.