Revoke is evolving. Whilst we transition, please note that some pages and information may be outdated.

Revoke’s Security Policy 

0.7 Last Updated: 31st May 2023 

1 Security Policy 

This security policy relates to the Revoke service (the “Service”) operated by Revoke Limited (“Revoke”, “us”, “we”, or “our”). Revoke Limited is a company registered with the Jersey Financial Services Commission, Registration Number 124314. 

At Revoke, we care deeply about privacy and security. 

This policy outlines the steps we have taken to ensure that any data we store or transmit is secure and protected appropriately. 

2 Personal Data 

No personal data is stored by Revoke when using our web services at https://revoke.com or our Android and iOS mobile apps. 

Revoke only stores personal data if you choose to give it to us when contacting customer support services. 

Vulnerability Disclosure 

Revoke is committed to maintaining the security of our systems and protecting sensitive information from unauthorised disclosure. 

We will not take legal action against security researchers acting in good faith in relation to the discovery and reporting of a potential security vulnerability. This is provided that all such potential security vulnerabilities are discovered and reported strictly in accordance with this Responsible disclosure statement. 

The following types of research are strictly prohibited: 

  • Any attempt to modify or destroy any data 
  • Executing or attempting to execute a denial of service (DoS) attack 
  • Sending or attempting to send unsolicited or unauthorised email, spam or any other form of unsolicited messages 
  • Conducting social engineering (including phishing) of Revoke employees, contractors or customers or any other party 
  • Accessing or attempting to access accounts or data that does not belong to you 
  • Testing third party websites, applications or services that integrate with our services or products 
  • Posting, transmitting, uploading, linking to, sending or storing malware, viruses or similar harmful software that could impact our services, products or customers or any other party 
  • Exfiltrating any data under any circumstances 
  • Any activity that violates any law. 

Should you discover any personal, financial or proprietary information please do not proceed any further and contact us immediately. 

When reporting a vulnerability, you are encouraged to provide: 

  • An explanation of the potential security vulnerability, including details of any exploit with enough information to enable the security team to reproduce it 
  • A list of products and services that may be affected 
  • Proof-of-concept code, scripts and screenshots 
  • Your contact details for further communication. 

We will do the following: 

  • Contact you within three working days 
  • Notify you when the matter has been addressed 
  • Keep reports confidential (subject to any regulatory and legal requirements) 
  • Keep your identity confidential unless you choose otherwise. 

Please email security@revoke.com to disclose potential security vulnerabilities.