Revoke is evolving. Whilst we transition, please note that some pages and information may be outdated.

At Revoke, we take privacy and security very seriously.

When our customers make a request to an organisation, we ensure that all data is encrypted and only the designated recipient of the request (e.g. the Data Protection Officer) is able to view the data.

When organisations respond to requests, data is encrypted in such a way that even we cannot view this data; it is encrypted with the subject’s public key. The private key is stored on the customer’s phone; we have no access to this.

We use advanced levels of data encryption at rest and in transit at the message and transport layer including use of the following:

  • Elliptic Curve cryptography using Ed25519 and Curve25519 Keys
  • Authenticated encryption with associated data (AEAD)
  • Diffie-Hellman key agreement
  • Sealed Boxes
  • DNSSEC
  • HTTPS
  • IPSec
  • AES256 Encryption
  • X509 Certificates
  • BlakeB Hashing

You can read more about our Security Policy here.