Security

Last updated: January 26, 2026

ReviewByte is built with a security-first approach. We use layered controls to protect customer data and continuously improve our safeguards.

Infrastructure and hosting

• Backend hosted on Render behind HTTPS, isolated environment variables.
• Databases require authentication and network rules; access is limited to services.
• We rely on reputable cloud providers with physical and environmental safeguards for data centers.

Encryption and data protection

• Data in transit is protected with TLS.
• Data is encrypted at rest where supported by our providers.
• API scopes are minimized using least-privilege access.

Access controls

• Production access is limited to authorized personnel.
• Administrative access uses strong authentication and MFA where supported.
• Access is logged and reviewed to support security monitoring.

Monitoring and incident response

• We monitor services for availability and unusual activity.
• We maintain incident response procedures to investigate and remediate issues quickly.

Secure development

• Code changes are reviewed before deployment.
• Environments are separated to reduce risk.

Token handling

• OAuth tokens (Google, Facebook, Instagram) are encrypted at rest.
• We request only the minimum scopes necessary to fetch reviews/comments and post owner-approved replies.
• Tokens are rotated when possible; users can revoke at any time from the platform provider.

Backups and retention

We retain only the data required to deliver alerts and AI replies. Backups are used for recovery and business continuity. For deletion, see our Data Deletion page.

Customer responsibilities

Keep your account credentials secure, enable MFA where available, and restrict access to trusted team members.

Responsible disclosure

Found an issue? Please contact security@thereviewbyte.com.