Skip to main content

Your Customer Data Is Safe With Us

Enterprise-grade security practices, built for small businesses. We protect your data like it's our own — because your reputation depends on it.

256-bit Encryption
SOC 2 (Planned)
TCPA Compliant
GDPR Ready

Security Isn't an Afterthought. It's the Foundation.

When you connect Suparev to your business systems, you're trusting us with your customer relationships. We take that seriously. We've built Suparev with the same security standards used by banks and enterprise software companies.

Our commitment:

We will never sell your data
We will never access your data without a legitimate business reason
We will always encrypt your data in transit and at rest
We will always be transparent about what we collect and why

How We Protect Your Information

Multiple layers of security keep your data safe at every step.

Encryption at Rest

All data stored in our databases is encrypted using AES-256 encryption — the same standard used by financial institutions. Even if someone gained access to our servers, your data would be unreadable.

Encryption in Transit

Every connection to Suparev uses TLS 1.3 encryption. Data moving between your browser, our servers, and third-party integrations is always protected.

Access Controls

Our team operates on a strict need-to-know basis. Access to customer data requires multi-factor authentication and is logged for audit purposes.

Secure Integrations

We use OAuth 2.0 for all integrations (Jobber, Stripe). This means we never see or store your passwords. You can revoke our access at any time.

Data Redundancy

Your data is stored with built-in redundancy across multiple availability zones. Our infrastructure providers maintain robust disaster recovery capabilities.

Infrastructure Security

Suparev runs on Vercel and Supabase infrastructure — industry-leading platforms with robust security certifications including SOC 2 Type II and ISO 27001.

Built for Compliance From Day One

We help you meet regulatory requirements without extra work.

TCPA Compliance

The Telephone Consumer Protection Act governs SMS marketing. We help you stay compliant.

  • Automatic STOP/unsubscribe handling
  • Consent tracking for every contact
  • Message frequency controls
  • Required disclosures in automated messages

CAN-SPAM Compliance

Every email sent through Suparev includes required elements.

  • Clear sender identification
  • Valid physical mailing address
  • Prominent unsubscribe link
  • Honest subject lines

CCPA Ready

For California residents, we support privacy rights.

  • Data access requests
  • Data deletion requests
  • Clear privacy disclosures
  • No selling of personal information

GDPR Ready

For contacts in the EU/UK, we provide full compliance.

  • Lawful basis documentation
  • Data portability exports
  • Right to erasure
  • Privacy by design

While we provide tools to help you stay compliant, you are ultimately responsible for your own compliance with applicable laws. We recommend consulting with a legal professional.

Your Payment Data Never Touches Our Servers

All payments through Suparev are processed by Stripe, the world's most trusted payment infrastructure. When your customers enter their payment information, that data goes directly to Stripe — we never see, process, or store credit card numbers.

PCI DSS Level 1 compliance through Stripe
Fraud detection and prevention built-in
Secure tokenization for stored payment methods
Instant deposits available
Verified Stripe Connect Partner

You Control Your Data

Your data belongs to you. Here's what you can do with it.

Access Your Data

Request a complete export of all data we hold about your business and your contacts at any time.

Delete Your Data

Request deletion of your account and all associated data. We'll process your request within 30 days.

Revoke Access

Disconnect integrations (Jobber, Stripe) at any time. We'll stop syncing immediately.

Opt-Out Contacts

Your contacts can unsubscribe from any communication, and we'll automatically suppress them.

Have a privacy request? Contact us at privacy@suparev.com →

Prepared for the Unexpected

We hope we'll never need to use our incident response plan — but we have one.

1. Detection

Automated monitoring alerts our team to unusual activity 24/7

2. Containment

We immediately isolate affected systems to prevent spread

3. Assessment

We determine the scope and impact of the incident

4. Notification

We notify affected customers within 72 hours as required

5. Remediation

We fix the root cause and implement additional safeguards

6. Review

We conduct a post-incident review and share learnings

Our commitment: If your data is ever compromised, we'll tell you promptly, clearly, and with specific guidance on protecting yourself.

Third-Party Verified Security

Current Status

SOC 2 Type IIPlanned 2026

We're actively working toward SOC 2 Type II certification through independent audit.

Infrastructure Certifications

Our infrastructure providers maintain: SOC 2 Type II, ISO 27001, HIPAA, PCI DSS Level 1

Roadmap

Q2 2026Internal security audit
Q3 2026SOC 2 Type I certification
Q4 2026SOC 2 Type II certification

Help Us Keep Your Account Secure

A few simple steps to protect your account.

Use strong, unique passwords — at least 12 characters
Enable two-factor authentication when prompted
Review connected apps in Jobber and Stripe regularly
Keep your contact info current for security notifications
Report suspicious activity immediately to security@suparev.com

Security FAQs

Security Questions? We Have Answers.

Our team is happy to discuss security requirements, provide documentation, or address specific concerns for your business.

Contact Security TeamPrivacy Policy