Trust & Security
RevokeTrail is designed for operations teams managing keys, cards, badges, remotes, and access-code references. This page describes the product's current security and privacy posture.
Security and privacy posture
RevokeTrail is designed around a simple principle: reduce exposure by keeping the most sensitive access details out of the system and keeping operational responsibility traceable.
No real access secrets stored
RevokeTrail does not store actual door codes, PINs, alarm codes, lockbox codes, gate codes, or digital credential secrets. Code-type assets are tracked as references only.
Anonymous labels and QR codes
Labels and QR codes are intended for internal asset identification. Labels must not expose customer name, customer address, site address, driver/worker name, partner name, or access code. QR/barcode values identify the asset internally only.
Tenant isolation
RevokeTrail is built as a multi-tenant SaaS product. Tenant data is scoped so each company works with its own operational records.
Role-based access and audited workflows
Access to operational areas is controlled by roles. Assignment, transfer, return, incident, label print, report export, and role-change activity are intended to be captured in audit history where supported by the product.
B2C / residential privacy handling
B2C/residential customers receive stricter privacy handling in the product design. Residential/customer-identifying information should not appear on labels. B2C address visibility/export behavior is restricted according to product rules.
Data export and anonymization support
RevokeTrail supports operational data export and customer anonymization/deletion workflows as product capabilities.
Subprocessors
See the current draft inventory of service providers and categories on the subprocessors page.
Incident contact
For security or privacy concerns, reach the RevokeTrail support team:
Disclaimer
RevokeTrail does not currently claim SOC 2 certification, ISO 27001 certification, GDPR certification, EU data residency, DPA availability, penetration testing completion, MFA support, encryption guarantees, backup guarantees, or any legal-compliance guarantee. This page describes current product design posture only and is not legal advice.
Operating company
RevokeTrail is operated by Baltic Vendor Management OĆ, an Estonian private limited company (registry code 14157774, VAT EE102226148, D-U-N-S 521910092), based in Estonia, European Union. Learn more about RevokeTrail.