00/Legal
The third-party services that receive or process data on behalf of RevCore Pro customers. Last updated: April 7, 2026.
Last updated
April 7, 2026
4 sections
To deliver the RevCore Pro platform, we engage the following sub-processors. We have reviewed each service and confirmed what data it receives through direct code review of our codebase. We will provide at least 30 days notice via email before adding or materially changing a subprocessor. If you require contractual notice, include this in your DPA request.
| Service | Category | Data Received | Auth Method |
|---|---|---|---|
| Supabase | Database, Auth, Storage | All application data (all tables), user sessions, uploaded files, backup JSON exports. | Anon key (client), service role key (server) |
| Stripe | Payment processing, billing | Stripe customer IDs, subscription IDs, Connect account IDs, invoice amounts, payment metadata. No raw card data transmitted. | Platform secret key, Connect webhook secrets |
| Resend | Transactional email | Recipient email addresses, display names, email subjects, rendered HTML bodies (may contain PII), delivery and engagement events. | API key |
| Upstash Redis | Rate limiting | IP addresses (from x-forwarded-for), authenticated user IDs, rate limit counters. Does not receive PII beyond IDs. | REST URL and token |
| OpenAI | AI generation | User-authored slide generation prompts (free-text field). No structured PII sent by default, but content is user-controlled. | API key |
| Anthropic (Claude API) | AI features | User-submitted content sent to AI-powered features within the platform. Content is determined by what the user submits and may include free-text fields. No structured PII is sent by default. API inputs are not used for model training. Inputs and outputs are deleted from Anthropic's systems within 30 days. | API key |
| Google APIs | Calendar integration | Calendar event titles, timestamps, attendees. OAuth access tokens and refresh tokens stored in database. | OAuth2 client credentials |
| GoHighLevel | CRM integration | Contact names, emails, phone numbers, addresses, conversation message bodies, and opportunity data — all forwarded from the connected GHL account. | User-supplied GHL API key (proxied server-side) |
| Sentry | Error monitoring | JavaScript error stack traces and server-side exception details. Session Replay on error only, with all text inputs masked and PII fields scrubbed before transmission. | DSN |
| Vercel | Hosting, CDN, Cron | All HTTP request and response traffic, server logs, environment variables, and function execution metadata. | Platform deployment credentials |
We will notify customers at least 30 days before adding a new subprocessor or making a material change to an existing one. Notifications are sent to the email address on file for your account and posted on this page. If you object to a new subprocessor, you may terminate your subscription within 30 days of receiving the notification.
If your use of RevCore Pro requires a signed Data Processing Agreement — for example, for GDPR compliance — you can download and countersign our standard DPA.
For general security questions, visit our security page.
Still have questions
Email security@revcorepro.com for SOC 2, DPA, and subprocessor questions. Or open the trial to see how data flows in the product before signing anything.
14-day free trial · No credit card · Cancel anytime
Also ask about RevCore on
