Last updated: July 11, 2026
Security is fundamental to an over-the-air update platform. Revopush is designed to protect customer accounts, application data, and the update delivery path through layered infrastructure controls, trusted service providers, controlled access, and continuous vulnerability management.
This statement provides a public overview of the security practices and technology providers used to operate Revopush. It is intended for customers, prospects, auditors, and other external stakeholders and is available without authentication.
Revopush runs its core cloud infrastructure on Microsoft Azure. We use Azure services to host and operate the platform, while access to production systems is restricted to authorized personnel and limited according to operational need.
Cloudflare provides an additional edge layer in front of Revopush services. It helps us deliver traffic reliably and protect public endpoints from common internet-based threats. Connections to Revopush web services are protected in transit using HTTPS.
Revopush delivers JavaScript bundles and related assets to mobile applications over secure network connections. Access to applications, deployments, and releases is controlled through authenticated accounts and API credentials.
Customers remain in control of which releases they publish and which deployments receive them. API keys and other credentials should be treated as secrets and stored only in appropriate secret-management systems, including the protected secret stores provided by CI/CD platforms.
Revopush supports single sign-on through trusted identity providers:
Authentication is delegated to the selected identity provider. Revopush does not collect or store the user's password for these providers. Customers should enable multi-factor authentication and follow the security guidance offered by their identity provider.
Access to internal systems and third-party services is granted according to role and operational need. We review and remove access when it is no longer required.
Revopush uses GitHub to host its source code. Both private and public Revopush repositories are covered by automated vulnerability scanning. This gives the team continuous visibility into known vulnerabilities in application code and dependencies so findings can be reviewed and remediated.
Changes to the platform are tracked through version control and reviewed as part of the development workflow before they reach production. Dependencies and vulnerability findings are reviewed as part of normal engineering work, and remediation is prioritized according to risk.
Revopush does not require access to a customer's source-code repository to deliver an OTA release. Customers can build a release in their own environment or CI/CD system and upload the resulting bundle and assets using Revopush tooling.
We limit the data collected and processed to what is needed to provide, secure, support, and improve the service. Access to customer and operational data is limited to authorized personnel and services.
Encryption in transit. Network traffic between customers, applications, and Revopush web services is encrypted in transit using HTTPS/TLS.
Encryption at rest. Customer data stored within Revopush's Microsoft Azure environment is encrypted at rest using Azure-provided encryption controls. Payment card data is handled by Stripe and is not stored in Revopush systems.
Our cloud and edge providers maintain their own physical, operational, and infrastructure security controls.
For more information about the personal data we collect, how it is used, and customer rights, see the Revopush Privacy Policy.
We monitor the availability and operation of Revopush services and investigate events that may affect the confidentiality, integrity, or availability of the platform. Service availability information is published on the Revopush status page.
Our incident response process covers identification, investigation, containment, remediation, recovery, and follow-up. Security events are triaged according to their potential impact and escalated to the appropriate technical owner.
If a confirmed security incident affects customer data or use of the service, we will communicate with affected customers in accordance with applicable legal and contractual requirements.
Automated vulnerability scanning runs across all Revopush-owned private and public repositories. Findings are assessed based on severity, exploitability, and potential impact, then prioritized for remediation.
We also keep platform components and dependencies under review so security updates can be evaluated and applied as part of our normal engineering process.
Revopush relies on established providers for specific parts of the service:
Each provider is responsible for the security of the services it operates. We limit integrations and permissions to the access needed for their intended purpose.
Revopush uses Stripe to process subscription payments. Payment card details are submitted to and processed by Stripe; Revopush does not store full payment card numbers or card security codes on its systems.
Stripe's own security and compliance information is available from the Stripe Trust Center.
Revopush secures the cloud service and the systems used to deliver it. Customers are responsible for protecting their identity-provider accounts, API keys, CI/CD credentials, signing keys, and access to their applications and deployments.
We recommend using multi-factor authentication, applying least-privilege access, rotating credentials when team membership changes, and never placing secrets directly in source code or build logs.
The Revopush Engineering team owns this security statement and is responsible for keeping it aligned with current infrastructure, security practices, audits, and policies. The statement is reviewed at least annually and whenever a material change affects our security or compliance posture. The latest review date is shown at the top of this page.
If you believe you have found a vulnerability or security incident involving Revopush, please email [email protected]. Include enough detail for us to reproduce and investigate the issue, but do not include sensitive customer data or publicly disclose the issue before we have had an opportunity to respond.
For general questions about this statement or Revopush security practices, contact [email protected].