Security

ReviewByte is built with a security-first approach. We use HTTPS/TLS for all transport, store tokens encrypted at rest, and apply the principle of least privilege for API scopes.

Infrastructure

• Backend hosted on Render behind HTTPS, isolated environment variables.
• Databases require authentication and network rules; access is limited to services.

Token handling

• OAuth tokens (Google, Facebook, Instagram) are encrypted at rest.
• We request only the minimum scopes necessary to fetch reviews/comments and post owner-approved replies.
• Tokens are rotated when possible; users can revoke at any time from the platform provider.

Data retention

We retain only the data required to deliver alerts and AI replies. For deletion, see our Data Deletion page.

Responsible disclosure

Found an issue? Please contact security@thereviewbyte.com.