Data Handling
How RevKeen stores, processes, and protects personal and financial data
RevKeen processes personal and financial data on behalf of merchants. This page explains where your data lives, how it is protected, and what controls you have over it.
Data Storage Locations
RevKeen stores data in the European Union to meet GDPR requirements and minimize latency for EU-based operations.
| Data Type | Location | Provider |
|---|---|---|
| Primary database (merchants, customers, invoices, transactions) | Frankfurt, Germany (eu-central-1) | AWS RDS PostgreSQL |
| Application services and API | Frankfurt, Germany (eu-central-1) | AWS Fargate |
| Background job execution | EU region | Trigger.dev Cloud |
| Platform secrets | EU region | Infisical |
| Per-merchant credentials | Frankfurt, Germany (eu-central-1) | AWS RDS with KMS envelope encryption |
| Static assets and checkout pages | Global edge (origin EU) | Vercel / Cloudflare |
| Observability and logs | EU region | Grafana Cloud |
No primary data is stored outside the EU. Edge caching of static assets (CSS, JavaScript, images) uses global CDN nodes but does not cache personal or financial data.
Encryption
At Rest
All data stored by RevKeen is encrypted at rest:
- Database -- AWS RDS uses AES-256 encryption for all PostgreSQL data and backups.
- Object storage -- Files stored in S3 use server-side encryption (SSE-S3 with AES-256).
- Platform secrets -- Infisical encrypts platform-level secrets (API keys, service tokens) using envelope encryption.
- Per-merchant credentials -- Gateway security keys and merchant-specific secrets are stored in PostgreSQL with AES-256-GCM envelope encryption backed by AWS KMS. Each credential has its own data encryption key.
In Transit
All data in transit is encrypted:
- Browser to RevKeen -- TLS 1.2 or higher on all public endpoints. HSTS headers enforce HTTPS.
- Service to service -- Internal communication between RevKeen services uses TLS.
- RevKeen to gateway -- API calls to payment gateways use TLS with certificate validation.
- Database connections -- All connections to AWS RDS require SSL.
GDPR Compliance
RevKeen operates as a data processor on behalf of merchants (data controllers). Our GDPR commitments:
| Principle | How RevKeen Complies |
|---|---|
| Lawful basis | RevKeen processes data based on the merchant's contractual relationship with their customers. Merchants are responsible for establishing lawful basis. |
| Data minimization | RevKeen collects only the data necessary to process payments, generate invoices, and provide the platform's features. |
| Purpose limitation | Customer data is used only for the merchant's billing and payment operations. RevKeen does not sell or share data with third parties for marketing. |
| Storage limitation | Data is retained according to configurable retention policies (see below). |
| Right of access | Merchants can export all customer data through the dashboard or API. |
| Right to erasure | Merchants can request deletion of customer data, subject to legal retention requirements for financial records. |
| Data portability | All data is exportable in standard formats via the API. |
| Breach notification | RevKeen will notify affected merchants within 72 hours of confirming a personal data breach. |
A Data Processing Agreement (DPA) is available upon request. Contact privacy@revkeen.com.
Data Retention Policies
RevKeen retains data according to the following defaults. Merchants may have additional obligations under local financial regulations.
| Data Category | Default Retention | Reason |
|---|---|---|
| Transaction records | 7 years | Financial record-keeping and tax compliance |
| Invoice data | 7 years | Legal requirement for financial documents |
| Customer personal data | Duration of merchant account + 90 days | Active use, then cleanup window |
| Payment tokens | Until customer or merchant deletes | Required for recurring payments |
| Audit logs | 2 years | Security and compliance investigations |
| Session data | 30 days | Operational use |
| Analytics events | 1 year | Product analytics and checkout optimization |
After the retention period, data is permanently deleted. Deletion is irreversible.
Data Export and Deletion
Export
Merchants can export their data at any time:
- Dashboard -- Export invoices, transactions, and customer records as CSV from the dashboard.
- API -- Use the RevKeen API to programmatically retrieve all data associated with your merchant account.
Exports include all data RevKeen stores for your account, including customer details, transaction history, invoice records, and subscription data.
Deletion
To request data deletion:
- Individual customer data -- Delete a customer record through the dashboard or API. Associated personal data is removed, while anonymized transaction records are retained for financial compliance.
- Full account deletion -- Contact support@revkeen.com to request complete deletion of your merchant account and all associated data. This is processed within 30 days.
Certain data cannot be deleted before the legally mandated retention period (for example, transaction records required for tax compliance).
Third-Party Data Processors
RevKeen uses the following third-party services that may process your data:
| Processor | Purpose | Data Shared | Location |
|---|---|---|---|
| AWS | Database hosting, application hosting, storage, KMS encryption | All merchant and customer data, application data, logs | Frankfurt, EU |
| NMI (or merchant's gateway) | Payment processing | Transaction amounts, tokenized card references | Varies by gateway |
| Quaderno | Tax calculation and invoicing | Customer address, transaction amounts | EU |
| Novu | In-app notifications | Notification content, subscriber IDs | EU |
| Trigger.dev | Background job processing | Job payloads (merchant IDs, task parameters) | EU |
| Grafana Cloud | Observability and monitoring | Application logs and metrics (no PII in normal operation) | EU |
| Infisical | Platform secrets management | Encrypted platform API keys and service tokens | EU |
RevKeen maintains data processing agreements with all sub-processors. We evaluate each processor's security practices before integration and monitor them on an ongoing basis.
Secrets Management
RevKeen uses a two-tier model for secrets:
Platform secrets (API keys, service tokens, signing keys) are managed through Infisical:
- Encrypted at rest and in transit.
- Access scoped by environment (production, staging, development).
- All access is logged for audit purposes.
- Injected into services at runtime -- never written to disk or committed to source control.
- Rotation supported without service downtime.
Per-merchant credentials (gateway security keys, webhook secrets) are stored in the primary database with AES-256-GCM envelope encryption backed by AWS KMS:
- Each credential is encrypted with its own unique data encryption key (DEK).
- DEKs are encrypted by an AWS KMS customer master key (CMK) that never leaves the HSM.
- KMS CMK rotates automatically every year with zero re-encryption needed.
- All KMS operations (encrypt, decrypt) are logged in AWS CloudTrail.
If you need to rotate your gateway credentials, you can do so through the RevKeen dashboard. The change takes effect immediately.